Re: [pfSense Support] pfsense 1.23 rc3 - ipsec VPN dies randomly, but stays active in the overview
Is there a reason your still running RC3 instead of the final 1.2.3 release? RC's shouldn't be considered stable production releases however many people use them in production for testing. I had quirks in 1.2.3 RC23 but would have rolled back to 1.2.2 if I wanted stability instead of testing the newer release. Try upgrading to 1.2.3, setup the internal IP to ping to keep the tunnel alive. Also are you using DPD or not? -- Trevor Benson dCAP, LPIC-1, CLA, Network+, MCP, CNA A1 Networks - Network Engineer DID (707)703-1041 FAX (707)703-1983 On May 21, 2010, at 1:17 AM, Michel Servaes wrote: IPSEC still dies silently from time to time - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] pfsense 1.23 rc3 - ipsec VPN dies randomly, but stays active in the overview
I use an IPSEC connection between two DDNS locations, and it never goes down. Both endpoints are on 1.2.3 FINAL release. Marc R. Meshurle, Jr. President, MCP Kato Technology Solutions, Inc. Exton, PA. 19341 -Original Message- From: Trevor Benson [mailto:tben...@a-1networks.com] Sent: Wednesday, May 26, 2010 11:38 AM To: support@pfsense.com Subject: Re: [pfSense Support] pfsense 1.23 rc3 - ipsec VPN dies randomly, but stays active in the overview Is there a reason your still running RC3 instead of the final 1.2.3 release? RC's shouldn't be considered stable production releases however many people use them in production for testing. I had quirks in 1.2.3 RC23 but would have rolled back to 1.2.2 if I wanted stability instead of testing the newer release. Try upgrading to 1.2.3, setup the internal IP to ping to keep the tunnel alive. Also are you using DPD or not? -- Trevor Benson dCAP, LPIC-1, CLA, Network+, MCP, CNA A1 Networks - Network Engineer DID (707)703-1041 FAX (707)703-1983 On May 21, 2010, at 1:17 AM, Michel Servaes wrote: IPSEC still dies silently from time to time - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.23 rc3 - ipsec VPN dies randomly, but stays active in the overview
Op 26/05/2010 17:37, Trevor Benson schreef: Is there a reason your still running RC3 instead of the final 1.2.3 release? RC's shouldn't be considered stable production releases however many people use them in production for testing. I had quirks in 1.2.3 RC23 but would have rolled back to 1.2.2 if I wanted stability instead of testing the newer release. Try upgrading to 1.2.3, setup the internal IP to ping to keep the tunnel alive. Also are you using DPD or not? Trevor, this error was in the RC release indeed. But I am seeing this also in the normal release... I am running release versions on all ends now... (almost 4 months I think). However, I have replaced a rogue situation, where a DLINK sat behind a NAT router... which did IPSEC vpn through NAT. For some (unknow) reason the DLINK router wouldn't want to make a PPPoE connection, so I had to configure this NAT situation there ! Now when I have replaced this situation with a PFSENSE, using an Alix board - it seems that the issue is resolved for now... just have to wait for a couple more days/weeks, to really be sure about this ofcourse :) I still have one location, with this bizarre NAT situation - If the problem keeps coming from those, I bet that replacing this unit with a PFSENSE too, that my problems will vanish :) In fact, this is always true, when replacing one end, you'd better replace all the other ends as well... IPSEC seems to behave really odd when two different vendors are in place... (which shouldn't be, but is) Anyway, I will repost when the issue occurs between two PFSENSE's :) (but reading all the other posts, I guess this will not happen) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.23 rc3 - ipsec VPN dies randomly, but stays active in the overview
IPSEC still dies silently from time to time. I have to restart racoon each and every now and then... (and I am preffering the old IPSEC sa's on all pfsense ends (which are 3 nodes now) I did install cron, but am not an active cron user (or knowledgeable)... would it be wise to restart the racoon service every now and then (or each morning at 5AM ?) I am using my VPN tunnels only for network printers... so it's not really disturbing to have an on/off situation... The odd thing is, when IPSEC dies between two PFSENSE platforms, nothing is being showed (the tunnel also seems active on both ends !! - but I cannot reach the destination anymore). On the linksys or dlink devices, the tunnel shows a state of unreachable... Restarting racoon on both pfsense-ends, helps me out this situation... On Wed, Nov 25, 2009 at 12:20 AM, Michel Servaes mic...@mcmc.be wrote: Since I have added two IPSEC tunnels to both Linksys' RV042 - my VPN connections start to die randomy, but stay active in both the webgui's overview (both, I mean pfSense and the DLINK's) - but either way is impossible to ping each other !! Have you tried checking the Prefer old IPsec SAs option under System Advanced? Jim No I haven't tried this one yet - as of now, I changed this option - will see if this helps... should I repost the outcome ? Thanks in advance. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.23 rc3 - ipsec VPN dies randomly, but stays active in the overview
On Fri, May 21, 2010 at 4:17 AM, Michel Servaes mic...@mcmc.be wrote: PSEC still dies silently from time to time. I have to restart racoon each and every now and then... (and I am preffering the old IPSEC sa's on all pfsense ends (which are 3 nodes now) Do you have the keepalive ping running, and is it pointing to an IP on the other end LAN (not the other endpoint router IP)? I haven't had IPsec break since pfSense 1.2 came out. I used to get random drops that required stop/start of ipsec before then. What version are you running everywhere? Oh... hmm. you seem to have one non-pfSense endpoint. I don't know if that's your problem then. My pfSense endpoints are very stable. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfsense 1.23 rc3 - ipsec VPN dies randomly, but stays active in the overview
Hi, My pfSense setup ran for about 30 days without a problem. I had a setup with all DLINK DI804 or DI824VUP (wireless variant of the DI804), which ran smoothly. (exclluding mine at home a monowall setup). Since I have added two IPSEC tunnels to both Linksys' RV042 - my VPN connections start to die randomy, but stay active in both the webgui's overview (both, I mean pfSense and the DLINK's) - but either way is impossible to ping each other !! If I restart the DLINK router, or if I restart within pfSense the IPSEC stack - all starts running again fine ?! Some years ago, I had almost the same problem (pinging back then was possible, but no RDP or VNC) - and someone pointed out to add 4 lines of code in the config, for your convienience I have added them to this posting... But I am wondering, if this is still accurate, and if this also addresses this issue as well ? Kind regards, -- In /etc/rc.bootup add there near the comment /* start IPsec tunnels */ exec(/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x); exec(/sbin/sysctl net.enc.out.ipsec_filter_mask=0x0001); exec(/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x); exec(/sbin/sysctl net.enc.in.ipsec_filter_mask=0x0002); save and reboot. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.23 rc3 - ipsec VPN dies randomly, but stays active in the overview
Michel Servaes wrote: Since I have added two IPSEC tunnels to both Linksys' RV042 - my VPN connections start to die randomy, but stay active in both the webgui's overview (both, I mean pfSense and the DLINK's) - but either way is impossible to ping each other !! Have you tried checking the Prefer old IPsec SAs option under System Advanced? Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.23 rc3 - ipsec VPN dies randomly, but stays active in the overview
Since I have added two IPSEC tunnels to both Linksys' RV042 - my VPN connections start to die randomy, but stay active in both the webgui's overview (both, I mean pfSense and the DLINK's) - but either way is impossible to ping each other !! Have you tried checking the Prefer old IPsec SAs option under System Advanced? Jim No I haven't tried this one yet - as of now, I changed this option - will see if this helps... should I repost the outcome ? Thanks in advance. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
