Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec tunnels passing no traffic showing green in status DPD

    Scheduled Pinned Locked Moved IPsec
    5 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      themixer
      last edited by

      Just wondering if anyone else has come across this problem before. Running Pfsense 2.0.1 on 14 sites.

      Each site is setup with all default values, the only information I have filled in was the hostname and preshared key. Phase 2 is the same only information that is filled in is the network subnet and the IP address to ping (I used the remote sides internal PFsense box ip here). Works fantastic when up.

      So far I have had a few drops in where PFsense has no idea that the tunnel is actually dropped. Status shows green with no mention of any problems in the logs regarding the tunnel or DPD actually doing anything.

      I have DPD setup with all default values 10 seconds, 5 retry. How long does this actually take to detect a problem?

      These sites are connected with pretty reliable internet connections that rarely go down, most are even static sites. Is there better settings that could be used?

      When I reset the IPsec services on the device all seems to be restored. I have been doing this though a public IP port forward for testing. On each side it still shows green minutes after the connection goes down.

      I have done some googling and have come up with switching to main mode vs aggressive, disabling NAT-T and DPD. Has anyone had any luck with these suggestions?

      1 Reply Last reply Reply Quote 0
      • T
        themixer
        last edited by

        Anyone?

        1 Reply Last reply Reply Quote 0
        • S
          sethfeaganes
          last edited by

          Have you put Firewall rules in to allow traffic over the IPSec Interface at each site? I had this same issue the first time I set up IPSec tunnels with pfSense and it took a while to realize what needed to be done.

          –
          Seth

          1 Reply Last reply Reply Quote 0
          • D
            dhatz
            last edited by

            @themixer:

            These sites are connected with pretty reliable internet connections that rarely go down, most are even static sites. Is there better settings that could be used?

            What is your setting of "Prefer older IPsec SAs" (System -> Advanced -> Miscellaneous -> IPsec) ?

            Are you running PPTP server on the same machine ?

            1 Reply Last reply Reply Quote 0
            • C
              chia
              last edited by

              PFSENSE, NANOBSD, 2.0.1
              I had the same problem, IPSEC tunnel was establised, all green, no traffic goes through.
              When you look at SAD, SAD (Status,Ipsec, SAD)shows me multiple connections.
              I think, the reason are short interrupts, Phase1 does not recognise the break, stays established, but Phase2 opens a new connection.
              But this does not work.
              My solution:
              Change Mode from aggressive to main on both sides. (even with dynamic IPs)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.