IPSEC Tunnel Not Auto Negotiate on Disconnection

alitech52

Respected Pfsense Support

I had configure 2 IPSec VPN Firewall

1. Head office VPN  ( version 2.1.3)
2. Branch Office VPN ( version 2.1.3)

Head Office Configuration

1. 2 interface
   re0 : 192.168.0.0/22 – LAN
   em0 :  116.74.90.67 --- WAN

Services:-

1. Bind (DNS) configured as dynamic dns server on Head office VPN only
2. IPSEC VPN : phase1: ESP,3DES,SHA1
                               phase 2: 3DES,SHA1
                               use old SA : enable
                               DPD: disable
                               NAT-T:disable
   on both vpn server
3. DDNS rfc 2136 on Branch Pfsense
4. WAN Connectivity is 3G modem on Branch Office configure with Dynamic DNS
5. Head  office Remote Tunnel Gateway is DDNS Host name of Brach Pfsense firewall

Tunnel is successfully getting established

Now my problem is when my branch office VPN get rebooted and it get new ip address and it get  success fully register to my HeadOffice VPN Server and

But the tunnel is not getting up automatically

i have to edit the tunnel phase 2 and need to once save it and then need to click connect VPN then only the vpn connection getting established

please give the solution to auto neg both phase1 & phase2

or any script to perform

Regards,

abidkhanhk

In P1 change DPD "disable"  to "enable"

alitech52

Still No success  is their any script to enable and disable phase 2

allaw

Hi
Seem to remember that i had this issue the first time i used Pfsense.
Resolved by changing Phase 1 proposal, Negotiation mode to Main
And Policy Generation to Unique
Enable DPD

I also noticed that you are using 3g connection, in Australia the providers commonly do not provide a routable IP on 3g connections, you must request an additional feature to get a routable IP.
If the IP of the 3g device is not routable i have found the IPsec does not work properly.

Hope this helps.

regards
markl