4. IPsec tunnel unreliable when tunneling with Draytek 2860

IPsec tunnel unreliable when tunneling with Draytek 2860

  • T

    Hi there,

    I'm having some issues setting up a tunnel that keeps being dropped (apparently) in the re-negotiation of second phase IKE (3600s).

    I'm using pfsense 2.2.6 latest version

    LOG: http://pastebin.com/HmCCu7cE

    Phase 1 -
    Main
    3DES-MD5
    DH key group 1
    Responder only
    disabled DPD

    Phase2 -
    ESP
    3DES-MD5
    PFS off

    0
  • T

    English is not my native language so plz forgive any mistake.

    I've been in ##pfsense at freenode trying to find a solution for this problem wich user compdoc helped me with it a we raise the tunnel stability. I did also try at the end ofthe day disable re-key (it set's the  in pfsense side and VPN uptime increased to … so far 5h. (it used to be like 40m).

    Draytek is handling the 2nd fase negotiation and I noticed that by disabling re-key the pfsense sets phase 2 IKE to 0s. (don't know if it's supposed to ...)

    Draytek router is set do Dial OUT only.

    0
  • J

    jvata,

    I spent countless hours trying to get this to work, the fix for this is here https://forum.pfsense.org/index.php?topic=105589.msg608136#msg608136.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy