Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPsec tunnels passing no traffic showing green in status DPD

    IPsec
    4
    5
    2201
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      themixer last edited by

      Just wondering if anyone else has come across this problem before. Running Pfsense 2.0.1 on 14 sites.

      Each site is setup with all default values, the only information I have filled in was the hostname and preshared key. Phase 2 is the same only information that is filled in is the network subnet and the IP address to ping (I used the remote sides internal PFsense box ip here). Works fantastic when up.

      So far I have had a few drops in where PFsense has no idea that the tunnel is actually dropped. Status shows green with no mention of any problems in the logs regarding the tunnel or DPD actually doing anything.

      I have DPD setup with all default values 10 seconds, 5 retry. How long does this actually take to detect a problem?

      These sites are connected with pretty reliable internet connections that rarely go down, most are even static sites. Is there better settings that could be used?

      When I reset the IPsec services on the device all seems to be restored. I have been doing this though a public IP port forward for testing. On each side it still shows green minutes after the connection goes down.

      I have done some googling and have come up with switching to main mode vs aggressive, disabling NAT-T and DPD. Has anyone had any luck with these suggestions?

      1 Reply Last reply Reply Quote 0
      • T
        themixer last edited by

        Anyone?

        1 Reply Last reply Reply Quote 0
        • S
          sethfeaganes last edited by

          Have you put Firewall rules in to allow traffic over the IPSec Interface at each site? I had this same issue the first time I set up IPSec tunnels with pfSense and it took a while to realize what needed to be done.

          –
          Seth

          1 Reply Last reply Reply Quote 0
          • D
            dhatz last edited by

            @themixer:

            These sites are connected with pretty reliable internet connections that rarely go down, most are even static sites. Is there better settings that could be used?

            What is your setting of "Prefer older IPsec SAs" (System -> Advanced -> Miscellaneous -> IPsec) ?

            Are you running PPTP server on the same machine ?

            1 Reply Last reply Reply Quote 0
            • C
              chia last edited by

              PFSENSE, NANOBSD, 2.0.1
              I had the same problem, IPSEC tunnel was establised, all green, no traffic goes through.
              When you look at SAD, SAD (Status,Ipsec, SAD)shows me multiple connections.
              I think, the reason are short interrupts, Phase1 does not recognise the break, stays established, but Phase2 opens a new connection.
              But this does not work.
              My solution:
              Change Mode from aggressive to main on both sides. (even with dynamic IPs)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy