IPsec tunnel unreliable when tunneling with Draytek 2860
-
Hi there,
I'm having some issues setting up a tunnel that keeps being dropped (apparently) in the re-negotiation of second phase IKE (3600s).
I'm using pfsense 2.2.6 latest version
LOG: http://pastebin.com/HmCCu7cE
Phase 1 -
Main
3DES-MD5
DH key group 1
Responder only
disabled DPDPhase2 -
ESP
3DES-MD5
PFS off
-
English is not my native language so plz forgive any mistake.
I've been in ##pfsense at freenode trying to find a solution for this problem wich user compdoc helped me with it a we raise the tunnel stability. I did also try at the end ofthe day disable re-key (it set's the in pfsense side and VPN uptime increased to … so far 5h. (it used to be like 40m).
Draytek is handling the 2nd fase negotiation and I noticed that by disabling re-key the pfsense sets phase 2 IKE to 0s. (don't know if it's supposed to ...)
Draytek router is set do Dial OUT only.
-
jvata,
I spent countless hours trying to get this to work, the fix for this is here https://forum.pfsense.org/index.php?topic=105589.msg608136#msg608136.