IPSEC Tunnel Not Auto Negotiate on Disconnection

  • Respected Pfsense Support

    I had configure 2 IPSec VPN Firewall

    1. Head office VPN  ( version 2.1.3)
    2. Branch Office VPN ( version 2.1.3)

    Head Office Configuration

    1. 2 interface
      re0 : – LAN
      em0 : --- WAN


    1. Bind (DNS) configured as dynamic dns server on Head office VPN only
    2. IPSEC VPN : phase1: ESP,3DES,SHA1
                                  phase 2: 3DES,SHA1
                                  use old SA : enable
                                  DPD: disable
      on both vpn server
    3. DDNS rfc 2136 on Branch Pfsense
    4. WAN Connectivity is 3G modem on Branch Office configure with Dynamic DNS
    5. Head  office Remote Tunnel Gateway is DDNS Host name of Brach Pfsense firewall

    Tunnel is successfully getting established

    Now my problem is when my branch office VPN get rebooted and it get new ip address and it get  success fully register to my HeadOffice VPN Server and

    But the tunnel is not getting up automatically

    i have to edit the tunnel phase 2 and need to once save it and then need to click connect VPN then only the vpn connection getting established

    please give the solution to auto neg both phase1 & phase2

    or any script to perform


  • In P1 change DPD "disable"  to "enable"

  • Still No success  is their any script to enable and disable phase 2

  • Hi
    Seem to remember that i had this issue the first time i used Pfsense.
    Resolved by changing Phase 1 proposal, Negotiation mode to Main
    And Policy Generation to Unique
    Enable DPD

    I also noticed that you are using 3g connection, in Australia the providers commonly do not provide a routable IP on 3g connections, you must request an additional feature to get a routable IP.
    If the IP of the 3g device is not routable i have found the IPsec does not work properly.

    Hope this helps.


Log in to reply