Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [repeat post]can't re-create ipsec tunnel automatically after peer side poweroff

    Scheduled Pinned Locked Moved IPsec
    5 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kingzyycn
      last edited by

      Dear all,

      Because I can't reply my own post below, so I post a new one:

      We are using one M0n0wall Box(using M0n0wall ver. 1.22) in city A, and in city B we have one Dlink OFL 300 box create one IPSEC tunnel (as mobile ipsec) to that M0n0wall in City A, the tunnel works well; then after that Dlink box power off for some reason, Dlink box can not create that IPSEC tunnel to City A again automatically, only after releasing SA of that old tunnel on M0n0wall box of City A, Dlink can create one IPSEC tunnel to M0n0wall again. This is the problem.

      I am not sure if it is about Dead peer detection (DPD) of IPSEC. I know Pfsense is very simliar to m0nowall, so I posted my problem here. Could you help to look into this problem?

      My problem is: Could Pfsense fix such problem?

      Any hint, comment or suggestion will be highly appreciated!

      Merry Christmas!

      Jian

      1 Reply Last reply Reply Quote 0
      • J
        jhereg
        last edited by

        I've got a similar issue betwen a Linksys BEFVP41 V2 and my PFSense box.  I had a similar problem when I was running Monowall.  The best solution I have found is to keep traffic in the tunnel so it either doesn't drop.  I have found that something as simple as a ping running from the PFSense end will either keep the tunnel up, or bring it back up if it drops.  The keep alive option doesn't seem to do anything for me so I keep a ping process running from a box on the network.  As long as I have traffic the tunnel stays alive, but if it dies I can only bring it back up from the PFSense end.

        1 Reply Last reply Reply Quote 0
        • S
          sullrich
          last edited by

          1.2 has a option to automatically ping the other end of the tunnel.

          If your not running 1.2 you are highly encouraged to upgrade.  1.0.1 has a lot of known issues.

          1 Reply Last reply Reply Quote 0
          • J
            jhereg
            last edited by

            I know about the option to ping the other end of the tunnel.  It hasn't worked for me through 1.2RC2.  I just upgraded to RC3 today so I'll see if it works now.  Otherwise I just keep a terminal window open w/ ping running.

            1 Reply Last reply Reply Quote 0
            • F
              fastcon68
              last edited by

              I had a similiar problem with a IPSEC VPN tunnel.  I enabled the keep alive on both ends of the tunnel and have not had any trouble at all.  Also I had to make sure that the ICMP port was open so that the ping could pass throught the tunnel.
              RC

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.