IPsec tunnel uptime
miguelgoncalves last edited by
I am about to switch from an all ASA solution between 3 sites to a pfSense solution.
Since my home router is a pfSense box (2.1.5) and the OOB network in our datacenter is protected by a pfSense box (2.1.5) also, I established an IPsec site to site tunnel between these 2 networks for test purposes.
I have 2 quick questions:
My home router has a dynamic ip address so I am using a paid DynDNS account to have a low TTL FQDN to use for the tunnel. The problem is this: if I have the 188.8.131.52 IP address and force the router to get a new IP address by DHCP (by changing the MAC address of the WAN interface) the tunnel reestablishes quickly. However, if I return to 184.108.40.206 the tunnel takes a bit more to establish. Are there any timeouts I could change in the remote pfSense box that might speed this?
On the ASA I can get tunnel uptime like this:
gonafe-fw# show vpn-sessiondb l2l Session Type: LAN-to-LAN Connection : 195.x.y.z Index : 287 IP Addr : 195.x.y.z Protocol : IKEv2 IPsec Encryption : AES256 AES256 AES256 Hashing : SHA512 SHA1 SHA1 Bytes Tx : 4012745245 Bytes Rx : 2569137926 Login Time : 14:28:19 WET Fri Dec 19 2014 Duration : 31d 1h:18m:49s Connection : FOO Index : 424 IP Addr : 188.a.b.c Protocol : IKEv2 IPsecOverNatT Encryption : AES256 AES256 Hashing : SHA512 SHA1 Bytes Tx : 1484698 Bytes Rx : 1420199 Login Time : 13:07:28 WET Mon Jan 19 2015 Duration : 2h:39m:40s
In pfSense as soon as phase 1 is renegotiated the uptime rolls over. Is there any way to get the tunnel uptime?