Re: [pfSense Support] IPsec Does Auto Establish work?
You need to do & as & XML is somewhat different and you have to escape <> & On 11/20/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > Here is what I have working. > > #!/bin/sh > DSTIP="192.168.2.1" > SRCIP="192.168.1.1" > COUNT="2" > SLEEP="60" > while [ 1=1 ]; do > ping -c $COUNT -S $SRCIP $DSTIP > /dev/null > sleep $SLEEP > done > > > I can start it and it runs fine from the shell when I use > nohup /sbin/vpnkeepup & > > But if I put that in a shellcmd I seem to get errors about it. > XML error: not well-formed (invalid token) at line 26 > > What I'm putting in is: (in the tag ) > > nohup /sbin/vpnkeepup & > > Now I googled a bit and tried a few other different things but what is the > best way to put this in the shellcmd option? > > Thanks > John > > -Original Message----- > From: alan walters [mailto:[EMAIL PROTECTED] > Sent: Saturday, November 19, 2005 3:33 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] IPsec Does Auto Establish work? > > I would love a copy of this if you get it working well. Could you post a > snippet to the list when you complete it > > thanks > > -----Original Message- > From: John Cianfarani [mailto:[EMAIL PROTECTED] > Sent: Saturday, November 19, 2005 5:37 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] IPsec Does Auto Establish work? > > Yeah I guess it should. > I probably will end up writing a small shell/php script to send a few pings > then sleep for 30-60secs and repeat. And pop that into the shellcmd. Seems > like the best option at the moment. > > John > -Original Message- > From: Holger Bauer [mailto:[EMAIL PROTECTED] > Sent: Friday, November 18, 2005 4:21 PM > To: support@pfsense.com > Subject: AW: [pfSense Support] IPsec Does Auto Establish work? > > Heh, looks like this option should be called "make voip happy [X]" > > > -Ursprüngliche Nachricht- > > Von: John Cianfarani [mailto:[EMAIL PROTECTED] > > Gesendet: Freitag, 18. November 2005 22:18 > > An: support@pfsense.com > > Betreff: RE: [pfSense Support] IPsec Does Auto Establish work? > > > > > > Here is my somewhat potential setup for why I needed to keep > > the tunnel > > up. > > > > Lets say you have voip phones at a small remote site (1-2 users) which > > has a dynamic ip address. (Which uses the mobile ipsec client setup) > > Lets also assume the phones don't register with the call > > server (static > > configuration or they register every 30min/60min). > > > > Call server is at the host site. Call comes in for one of the remote > > phones but because the tunnel is down and the ip is dynamic it can't > > bring up ipsec session, hence unable to ring the phone. > > > > Now you might say if a user isn't there who cares. But the > > phone might > > be set to do call forwarding or the user doesn't have their > > machine on. > > > > > > On this note it could be resolved if it was possible to put in a > > dynamicdns name instead of ip so the host site would always be able to > > find the remote site? > > > > Thanks > > John > > > > -Original Message- > > From: Vivek Khera [mailto:[EMAIL PROTECTED] > > Sent: Friday, November 18, 2005 3:19 PM > > To: support@pfsense.com > > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > > > what's the point of keeping the tunnel up? won't either endpoint > > force it to re-establish on demand anyhow? > > > > i know my mobile user IPsec vpn does so from my mac to pfSense. i'm > > fairly certain our remote office VPN also does so, but it is a > > LNG haul over an unreliable network, so it is up and down > > all the > > time anyway. > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > Virus checked by G DATA AntiVirusKit > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] IPsec Does Auto Establish work?
Here is what I have working. #!/bin/sh DSTIP="192.168.2.1" SRCIP="192.168.1.1" COUNT="2" SLEEP="60" while [ 1=1 ]; do ping -c $COUNT -S $SRCIP $DSTIP > /dev/null sleep $SLEEP done I can start it and it runs fine from the shell when I use nohup /sbin/vpnkeepup & But if I put that in a shellcmd I seem to get errors about it. XML error: not well-formed (invalid token) at line 26 What I'm putting in is: (in the tag ) nohup /sbin/vpnkeepup & Now I googled a bit and tried a few other different things but what is the best way to put this in the shellcmd option? Thanks John -Original Message- From: alan walters [mailto:[EMAIL PROTECTED] Sent: Saturday, November 19, 2005 3:33 PM To: support@pfsense.com Subject: RE: [pfSense Support] IPsec Does Auto Establish work? I would love a copy of this if you get it working well. Could you post a snippet to the list when you complete it thanks -Original Message- From: John Cianfarani [mailto:[EMAIL PROTECTED] Sent: Saturday, November 19, 2005 5:37 PM To: support@pfsense.com Subject: RE: [pfSense Support] IPsec Does Auto Establish work? Yeah I guess it should. I probably will end up writing a small shell/php script to send a few pings then sleep for 30-60secs and repeat. And pop that into the shellcmd. Seems like the best option at the moment. John -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, November 18, 2005 4:21 PM To: support@pfsense.com Subject: AW: [pfSense Support] IPsec Does Auto Establish work? Heh, looks like this option should be called "make voip happy [X]" > -Ursprüngliche Nachricht- > Von: John Cianfarani [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. November 2005 22:18 > An: support@pfsense.com > Betreff: RE: [pfSense Support] IPsec Does Auto Establish work? > > > Here is my somewhat potential setup for why I needed to keep > the tunnel > up. > > Lets say you have voip phones at a small remote site (1-2 users) which > has a dynamic ip address. (Which uses the mobile ipsec client setup) > Lets also assume the phones don't register with the call > server (static > configuration or they register every 30min/60min). > > Call server is at the host site. Call comes in for one of the remote > phones but because the tunnel is down and the ip is dynamic it can't > bring up ipsec session, hence unable to ring the phone. > > Now you might say if a user isn't there who cares. But the > phone might > be set to do call forwarding or the user doesn't have their > machine on. > > > On this note it could be resolved if it was possible to put in a > dynamicdns name instead of ip so the host site would always be able to > find the remote site? > > Thanks > John > > -Original Message- > From: Vivek Khera [mailto:[EMAIL PROTECTED] > Sent: Friday, November 18, 2005 3:19 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > what's the point of keeping the tunnel up? won't either endpoint > force it to re-establish on demand anyhow? > > i know my mobile user IPsec vpn does so from my mac to pfSense. i'm > fairly certain our remote office VPN also does so, but it is a > LNG haul over an unreliable network, so it is up and down > all the > time anyway. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] IPsec Does Auto Establish work?
I would love a copy of this if you get it working well. Could you post a snippet to the list when you complete it thanks -Original Message- From: John Cianfarani [mailto:[EMAIL PROTECTED] Sent: Saturday, November 19, 2005 5:37 PM To: support@pfsense.com Subject: RE: [pfSense Support] IPsec Does Auto Establish work? Yeah I guess it should. I probably will end up writing a small shell/php script to send a few pings then sleep for 30-60secs and repeat. And pop that into the shellcmd. Seems like the best option at the moment. John -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, November 18, 2005 4:21 PM To: support@pfsense.com Subject: AW: [pfSense Support] IPsec Does Auto Establish work? Heh, looks like this option should be called "make voip happy [X]" > -Ursprüngliche Nachricht- > Von: John Cianfarani [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. November 2005 22:18 > An: support@pfsense.com > Betreff: RE: [pfSense Support] IPsec Does Auto Establish work? > > > Here is my somewhat potential setup for why I needed to keep > the tunnel > up. > > Lets say you have voip phones at a small remote site (1-2 users) which > has a dynamic ip address. (Which uses the mobile ipsec client setup) > Lets also assume the phones don't register with the call > server (static > configuration or they register every 30min/60min). > > Call server is at the host site. Call comes in for one of the remote > phones but because the tunnel is down and the ip is dynamic it can't > bring up ipsec session, hence unable to ring the phone. > > Now you might say if a user isn't there who cares. But the > phone might > be set to do call forwarding or the user doesn't have their > machine on. > > > On this note it could be resolved if it was possible to put in a > dynamicdns name instead of ip so the host site would always be able to > find the remote site? > > Thanks > John > > -Original Message----- > From: Vivek Khera [mailto:[EMAIL PROTECTED] > Sent: Friday, November 18, 2005 3:19 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > what's the point of keeping the tunnel up? won't either endpoint > force it to re-establish on demand anyhow? > > i know my mobile user IPsec vpn does so from my mac to pfSense. i'm > fairly certain our remote office VPN also does so, but it is a > LNG haul over an unreliable network, so it is up and down > all the > time anyway. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] IPsec Does Auto Establish work?
Yeah I guess it should. I probably will end up writing a small shell/php script to send a few pings then sleep for 30-60secs and repeat. And pop that into the shellcmd. Seems like the best option at the moment. John -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, November 18, 2005 4:21 PM To: support@pfsense.com Subject: AW: [pfSense Support] IPsec Does Auto Establish work? Heh, looks like this option should be called "make voip happy [X]" > -Ursprüngliche Nachricht- > Von: John Cianfarani [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. November 2005 22:18 > An: support@pfsense.com > Betreff: RE: [pfSense Support] IPsec Does Auto Establish work? > > > Here is my somewhat potential setup for why I needed to keep > the tunnel > up. > > Lets say you have voip phones at a small remote site (1-2 users) which > has a dynamic ip address. (Which uses the mobile ipsec client setup) > Lets also assume the phones don't register with the call > server (static > configuration or they register every 30min/60min). > > Call server is at the host site. Call comes in for one of the remote > phones but because the tunnel is down and the ip is dynamic it can't > bring up ipsec session, hence unable to ring the phone. > > Now you might say if a user isn't there who cares. But the > phone might > be set to do call forwarding or the user doesn't have their > machine on. > > > On this note it could be resolved if it was possible to put in a > dynamicdns name instead of ip so the host site would always be able to > find the remote site? > > Thanks > John > > -Original Message----- > From: Vivek Khera [mailto:[EMAIL PROTECTED] > Sent: Friday, November 18, 2005 3:19 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > what's the point of keeping the tunnel up? won't either endpoint > force it to re-establish on demand anyhow? > > i know my mobile user IPsec vpn does so from my mac to pfSense. i'm > fairly certain our remote office VPN also does so, but it is a > LNG haul over an unreliable network, so it is up and down > all the > time anyway. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
My suggestion for these situations is to use the shellcmd portions of config.xml and launch the pings into the background. Again, I don't want to start editing crontab and inserting ping commands and have to cleanup after you remove tunnels, etc. Its a huge hack and its not something I want to introduce before we release.If we keep adding these things that can easily be solved in other regards we will never release! We are already way behind schedule. On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > Here is my somewhat potential setup for why I needed to keep the tunnel > up. > > Lets say you have voip phones at a small remote site (1-2 users) which > has a dynamic ip address. (Which uses the mobile ipsec client setup) > Lets also assume the phones don't register with the call server (static > configuration or they register every 30min/60min). > > Call server is at the host site. Call comes in for one of the remote > phones but because the tunnel is down and the ip is dynamic it can't > bring up ipsec session, hence unable to ring the phone. > > Now you might say if a user isn't there who cares. But the phone might > be set to do call forwarding or the user doesn't have their machine on. > > > On this note it could be resolved if it was possible to put in a > dynamicdns name instead of ip so the host site would always be able to > find the remote site? > > Thanks > John > > -Original Message- > From: Vivek Khera [mailto:[EMAIL PROTECTED] > Sent: Friday, November 18, 2005 3:19 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > what's the point of keeping the tunnel up? won't either endpoint > force it to re-establish on demand anyhow? > > i know my mobile user IPsec vpn does so from my mac to pfSense. i'm > fairly certain our remote office VPN also does so, but it is a > LNG haul over an unreliable network, so it is up and down all the > time anyway. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] IPsec Does Auto Establish work?
LOL same example. In my potential setup there will be no server at the remote location. That's why I was looking for a way for pfsense to keep it up. John -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, November 18, 2005 3:39 PM To: support@pfsense.com Subject: AW: [pfSense Support] IPsec Does Auto Establish work? Just a real-life example: I have an IPSEC-Mesh between several locations. Each location has it's own VoIP PBX. The PBXs don't talk to each other unless there is a call. If the tunnel is down and you try to call a phone at the distant PBX you get a busy before the tunnel is up (tunnel needs longer to establish than the timeout of the VOIP). The second call then is working as the tunnel was brought up because of the first try which failed. There is other traffic from sublocations to main location only (keeping tunnels from sublocations to mainlocation up, no mesh traffic) but VOIP is going directly from one location to the other through a different tunnel between the two locations (which goes down if there are not calls from time to time). Solutions: - adding cronjobs manually (but they don't get backed up with config.xml, so exchanging/restoring the router needs recalling this settings) - using a server in sublocations subnets doing the ping Holger > -Ursprüngliche Nachricht- > Von: Scott Ullrich [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. November 2005 21:22 > An: support@pfsense.com > Betreff: Re: [pfSense Support] IPsec Does Auto Establish work? > > > Exactly. I really don't see any reason to constantly babysit the > tunnels. If its mission critical to keep the tunnels up, there is > cron. There are situations where something can be over-engineered > and this smells exactly of it. > > Scott > > On 11/18/05, Vivek Khera <[EMAIL PROTECTED]> wrote: > > what's the point of keeping the tunnel up? won't either endpoint > > force it to re-establish on demand anyhow? > > > > i know my mobile user IPsec vpn does so from my mac to pfSense. i'm > > fairly certain our remote office VPN also does so, but it is a > > LNG haul over an unreliable network, so it is up and > down all the > > time anyway. > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] IPsec Does Auto Establish work?
Here is my somewhat potential setup for why I needed to keep the tunnel up. Lets say you have voip phones at a small remote site (1-2 users) which has a dynamic ip address. (Which uses the mobile ipsec client setup) Lets also assume the phones don't register with the call server (static configuration or they register every 30min/60min). Call server is at the host site. Call comes in for one of the remote phones but because the tunnel is down and the ip is dynamic it can't bring up ipsec session, hence unable to ring the phone. Now you might say if a user isn't there who cares. But the phone might be set to do call forwarding or the user doesn't have their machine on. On this note it could be resolved if it was possible to put in a dynamicdns name instead of ip so the host site would always be able to find the remote site? Thanks John -Original Message- From: Vivek Khera [mailto:[EMAIL PROTECTED] Sent: Friday, November 18, 2005 3:19 PM To: support@pfsense.com Subject: Re: [pfSense Support] IPsec Does Auto Establish work? what's the point of keeping the tunnel up? won't either endpoint force it to re-establish on demand anyhow? i know my mobile user IPsec vpn does so from my mac to pfSense. i'm fairly certain our remote office VPN also does so, but it is a LNG haul over an unreliable network, so it is up and down all the time anyway. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
Exactly. I really don't see any reason to constantly babysit the tunnels. If its mission critical to keep the tunnels up, there is cron. There are situations where something can be over-engineered and this smells exactly of it. Scott On 11/18/05, Vivek Khera <[EMAIL PROTECTED]> wrote: > what's the point of keeping the tunnel up? won't either endpoint > force it to re-establish on demand anyhow? > > i know my mobile user IPsec vpn does so from my mac to pfSense. i'm > fairly certain our remote office VPN also does so, but it is a > LNG haul over an unreliable network, so it is up and down all the > time anyway. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
what's the point of keeping the tunnel up? won't either endpoint force it to re-establish on demand anyhow? i know my mobile user IPsec vpn does so from my mac to pfSense. i'm fairly certain our remote office VPN also does so, but it is a LNG haul over an unreliable network, so it is up and down all the time anyway. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
Thats a complete hack and I don't think its a good ida. On 11/18/05, Holger Bauer <[EMAIL PROTECTED]> wrote: > it's not possible to add a cronjob on saving settings and searching again for > it and remove it on disabling it? > > > -Ursprüngliche Nachricht- > > Von: Scott Ullrich [mailto:[EMAIL PROTECTED] > > Gesendet: Freitag, 18. November 2005 20:58 > > An: support@pfsense.com > > Betreff: Re: [pfSense Support] IPsec Does Auto Establish work? > > > > > > No, we do not want to invoke a php binary every minute. > > > > On 11/18/05, Holger Bauer <[EMAIL PROTECTED]> wrote: > > > maybe we should make this a checkbox for a tunnel (pinging > > once in a minute to not let the tunnel go down)? > > > > > > Holger > > > > -Ursprüngliche Nachricht- > > > > Von: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > > Gesendet: Freitag, 18. November 2005 19:38 > > > > An: support@pfsense.com > > > > Betreff: Re: [pfSense Support] IPsec Does Auto Establish work? > > > > > > > > > > > > Great!!! > > > > > > > > On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > > > > > Awesome! You da man! > > > > > Fixes up my issue :) > > > > > > > > > > Thanks > > > > > John > > > > > > > > > > -Original Message- > > > > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > > > Sent: Friday, November 18, 2005 1:30 PM > > > > > To: support@pfsense.com > > > > > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > > > > > > > > > You need to ping with -S (source address) of your lanip. > > > > > > > > > > ping -S 192.168.1.1 192.168.2.1 > > > > > > > > > > On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > > > > > > I've tried pinging from the shell/console to a remote > > > > ipsec endpoint > > > > > but > > > > > > it doesn't cause the tunnel to come up. (a local machine > > > > will cause > > > > > the > > > > > > tunnel to come up though). > > > > > > I though I read in an earlier message or the faq that > > > > freebsd kludges > > > > > > together ipsec tunnels so some routes aren't properly > > in place. Is > > > > > this > > > > > > still true? > > > > > > > > > > > > Or is it possible to run the same command/script that > > > > pfsense does to > > > > > > bring up the tunnel? > > > > > > > > > > > > Thanks > > > > > > John > > > > > > > > > > > > -Original Message- > > > > > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > > > > Sent: Friday, November 18, 2005 1:08 PM > > > > > > To: support@pfsense.com > > > > > > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > > > > > > > > > > > Yeah, we have cron. > > > > > > > > > > > > Scott > > > > > > > > > > > > On 11/18/05, Jesse Norell <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > Ah okay I was figuring it would always try to keep > > > > it up. Any > > > > > > thing I > > > > > > > > > can do from within the pfsense box itself to keep > > > > the tunnel up? > > > > > > > > > > > > > > > > As long as traffic is going through the tunnel, it > > > > should stay up. > > > > > > In > > > > > > > > my case I have a IP phone and never notice an issue. > > > > > > > > > > > > > > Does pfsense have cron? If so, could make a cronjob > > > > to ping once > > > > > a > > > > > > > minute or something. > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Jesse Norell - [EMAIL PROTECTED] > > > > > > > Kentec Communications, Inc. > > > > > >
Re: [pfSense Support] IPsec Does Auto Establish work?
No, we do not want to invoke a php binary every minute. On 11/18/05, Holger Bauer <[EMAIL PROTECTED]> wrote: > maybe we should make this a checkbox for a tunnel (pinging once in a minute > to not let the tunnel go down)? > > Holger > > -Ursprüngliche Nachricht- > > Von: Scott Ullrich [mailto:[EMAIL PROTECTED] > > Gesendet: Freitag, 18. November 2005 19:38 > > An: support@pfsense.com > > Betreff: Re: [pfSense Support] IPsec Does Auto Establish work? > > > > > > Great!!! > > > > On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > > > Awesome! You da man! > > > Fixes up my issue :) > > > > > > Thanks > > > John > > > > > > -Original Message----- > > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > Sent: Friday, November 18, 2005 1:30 PM > > > To: support@pfsense.com > > > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > > > > > You need to ping with -S (source address) of your lanip. > > > > > > ping -S 192.168.1.1 192.168.2.1 > > > > > > On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > > > > I've tried pinging from the shell/console to a remote > > ipsec endpoint > > > but > > > > it doesn't cause the tunnel to come up. (a local machine > > will cause > > > the > > > > tunnel to come up though). > > > > I though I read in an earlier message or the faq that > > freebsd kludges > > > > together ipsec tunnels so some routes aren't properly in place. Is > > > this > > > > still true? > > > > > > > > Or is it possible to run the same command/script that > > pfsense does to > > > > bring up the tunnel? > > > > > > > > Thanks > > > > John > > > > > > > > -Original Message- > > > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > > Sent: Friday, November 18, 2005 1:08 PM > > > > To: support@pfsense.com > > > > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > > > > > > > Yeah, we have cron. > > > > > > > > Scott > > > > > > > > On 11/18/05, Jesse Norell <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > Ah okay I was figuring it would always try to keep > > it up. Any > > > > thing I > > > > > > > can do from within the pfsense box itself to keep > > the tunnel up? > > > > > > > > > > > > As long as traffic is going through the tunnel, it > > should stay up. > > > > In > > > > > > my case I have a IP phone and never notice an issue. > > > > > > > > > > Does pfsense have cron? If so, could make a cronjob > > to ping once > > > a > > > > > minute or something. > > > > > > > > > > > > > > > -- > > > > > Jesse Norell - [EMAIL PROTECTED] > > > > > Kentec Communications, Inc. > > > > > > > > > > > > > > > > > > > > - > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > - > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > - > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > Virus checked by G DATA AntiVirusKit > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
Great!!! On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > Awesome! You da man! > Fixes up my issue :) > > Thanks > John > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Friday, November 18, 2005 1:30 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > You need to ping with -S (source address) of your lanip. > > ping -S 192.168.1.1 192.168.2.1 > > On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > > I've tried pinging from the shell/console to a remote ipsec endpoint > but > > it doesn't cause the tunnel to come up. (a local machine will cause > the > > tunnel to come up though). > > I though I read in an earlier message or the faq that freebsd kludges > > together ipsec tunnels so some routes aren't properly in place. Is > this > > still true? > > > > Or is it possible to run the same command/script that pfsense does to > > bring up the tunnel? > > > > Thanks > > John > > > > -----Original Message----- > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > Sent: Friday, November 18, 2005 1:08 PM > > To: support@pfsense.com > > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > > > Yeah, we have cron. > > > > Scott > > > > On 11/18/05, Jesse Norell <[EMAIL PROTECTED]> wrote: > > > > > > > > Ah okay I was figuring it would always try to keep it up. Any > > thing I > > > > > can do from within the pfsense box itself to keep the tunnel up? > > > > > > > > As long as traffic is going through the tunnel, it should stay up. > > In > > > > my case I have a IP phone and never notice an issue. > > > > > > Does pfsense have cron? If so, could make a cronjob to ping once > a > > > minute or something. > > > > > > > > > -- > > > Jesse Norell - [EMAIL PROTECTED] > > > Kentec Communications, Inc. > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] IPsec Does Auto Establish work?
Awesome! You da man! Fixes up my issue :) Thanks John -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Friday, November 18, 2005 1:30 PM To: support@pfsense.com Subject: Re: [pfSense Support] IPsec Does Auto Establish work? You need to ping with -S (source address) of your lanip. ping -S 192.168.1.1 192.168.2.1 On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > I've tried pinging from the shell/console to a remote ipsec endpoint but > it doesn't cause the tunnel to come up. (a local machine will cause the > tunnel to come up though). > I though I read in an earlier message or the faq that freebsd kludges > together ipsec tunnels so some routes aren't properly in place. Is this > still true? > > Or is it possible to run the same command/script that pfsense does to > bring up the tunnel? > > Thanks > John > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Friday, November 18, 2005 1:08 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > Yeah, we have cron. > > Scott > > On 11/18/05, Jesse Norell <[EMAIL PROTECTED]> wrote: > > > > > > Ah okay I was figuring it would always try to keep it up. Any > thing I > > > > can do from within the pfsense box itself to keep the tunnel up? > > > > > > As long as traffic is going through the tunnel, it should stay up. > In > > > my case I have a IP phone and never notice an issue. > > > > Does pfsense have cron? If so, could make a cronjob to ping once a > > minute or something. > > > > > > -- > > Jesse Norell - [EMAIL PROTECTED] > > Kentec Communications, Inc. > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
You need to ping with -S (source address) of your lanip. ping -S 192.168.1.1 192.168.2.1 On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > I've tried pinging from the shell/console to a remote ipsec endpoint but > it doesn't cause the tunnel to come up. (a local machine will cause the > tunnel to come up though). > I though I read in an earlier message or the faq that freebsd kludges > together ipsec tunnels so some routes aren't properly in place. Is this > still true? > > Or is it possible to run the same command/script that pfsense does to > bring up the tunnel? > > Thanks > John > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Friday, November 18, 2005 1:08 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > Yeah, we have cron. > > Scott > > On 11/18/05, Jesse Norell <[EMAIL PROTECTED]> wrote: > > > > > > Ah okay I was figuring it would always try to keep it up. Any > thing I > > > > can do from within the pfsense box itself to keep the tunnel up? > > > > > > As long as traffic is going through the tunnel, it should stay up. > In > > > my case I have a IP phone and never notice an issue. > > > > Does pfsense have cron? If so, could make a cronjob to ping once a > > minute or something. > > > > > > -- > > Jesse Norell - [EMAIL PROTECTED] > > Kentec Communications, Inc. > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] IPsec Does Auto Establish work?
I've tried pinging from the shell/console to a remote ipsec endpoint but it doesn't cause the tunnel to come up. (a local machine will cause the tunnel to come up though). I though I read in an earlier message or the faq that freebsd kludges together ipsec tunnels so some routes aren't properly in place. Is this still true? Or is it possible to run the same command/script that pfsense does to bring up the tunnel? Thanks John -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Friday, November 18, 2005 1:08 PM To: support@pfsense.com Subject: Re: [pfSense Support] IPsec Does Auto Establish work? Yeah, we have cron. Scott On 11/18/05, Jesse Norell <[EMAIL PROTECTED]> wrote: > > > > Ah okay I was figuring it would always try to keep it up. Any thing I > > > can do from within the pfsense box itself to keep the tunnel up? > > > > As long as traffic is going through the tunnel, it should stay up. In > > my case I have a IP phone and never notice an issue. > > Does pfsense have cron? If so, could make a cronjob to ping once a > minute or something. > > > -- > Jesse Norell - [EMAIL PROTECTED] > Kentec Communications, Inc. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
Yeah, we have cron. Scott On 11/18/05, Jesse Norell <[EMAIL PROTECTED]> wrote: > > > > Ah okay I was figuring it would always try to keep it up. Any thing I > > > can do from within the pfsense box itself to keep the tunnel up? > > > > As long as traffic is going through the tunnel, it should stay up. In > > my case I have a IP phone and never notice an issue. > > Does pfsense have cron? If so, could make a cronjob to ping once a > minute or something. > > > -- > Jesse Norell - [EMAIL PROTECTED] > Kentec Communications, Inc. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
> > Ah okay I was figuring it would always try to keep it up. Any thing I > > can do from within the pfsense box itself to keep the tunnel up? > > As long as traffic is going through the tunnel, it should stay up. In > my case I have a IP phone and never notice an issue. Does pfsense have cron? If so, could make a cronjob to ping once a minute or something. -- Jesse Norell - [EMAIL PROTECTED] Kentec Communications, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
On 11/18/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > Ah okay I was figuring it would always try to keep it up. Any thing I > can do from within the pfsense box itself to keep the tunnel up? As long as traffic is going through the tunnel, it should stay up. In my case I have a IP phone and never notice an issue. > Is traffic shapping over Ipsec out of the question at the moment? Yep. > Thanks > John > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Friday, November 18, 2005 11:57 AM > To: support@pfsense.com > Subject: Re: [pfSense Support] IPsec Does Auto Establish work? > > On bootup or after initial setup of the tunnel, pfSense will ping > across the tunnel to bring it up. > > Scott > > On 11/17/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > > > > > > > > Does anyone have IPSec tunnels auto establish working? I can only > seem to > > get the tunnels to come up when traffic is passing over them. > > > > > > > > Also wondering if there is anything special that needs to be done to > do > > traffic shapping through an IPSec tunnel? > > > > > > > > Thanks > > > > John > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] IPsec Does Auto Establish work?
Ah okay I was figuring it would always try to keep it up. Any thing I can do from within the pfsense box itself to keep the tunnel up? Is traffic shapping over Ipsec out of the question at the moment? Thanks John -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Friday, November 18, 2005 11:57 AM To: support@pfsense.com Subject: Re: [pfSense Support] IPsec Does Auto Establish work? On bootup or after initial setup of the tunnel, pfSense will ping across the tunnel to bring it up. Scott On 11/17/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > > > > Does anyone have IPSec tunnels auto establish working? I can only seem to > get the tunnels to come up when traffic is passing over them. > > > > Also wondering if there is anything special that needs to be done to do > traffic shapping through an IPSec tunnel? > > > > Thanks > > John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPsec Does Auto Establish work?
On bootup or after initial setup of the tunnel, pfSense will ping across the tunnel to bring it up. Scott On 11/17/05, John Cianfarani <[EMAIL PROTECTED]> wrote: > > > > Does anyone have IPSec tunnels auto establish working? I can only seem to > get the tunnels to come up when traffic is passing over them. > > > > Also wondering if there is anything special that needs to be done to do > traffic shapping through an IPSec tunnel? > > > > Thanks > > John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
