I have a pfsense box with the June 30th snapshot, and have it connected
to two Linksys RV016's, two Linksys RV082's, and two Hotbrick 800/2.
The pfsense box has two adsl connections with static IP's for WAN
connectivity, and the remote sites also have adsl connections. Both
brands of units are running the most recent firmware posted on their
vendor's web site as of June 29, 2007.
I was consistently, having trouble with the VPN tunnels dropping after
prolonged periods of inactivity. The remote endpoints had to actively
look for items on the LAN behind the pfsense box to get the connection
to re-establish. Sometimes, for example, if the WAN disconnected for
some reason, the VPN's tunnels would not get re-built without rebooting
the Linksys or Hotbrick router.
Anyway, I contacted Hotbrick's tech support, and asked them for advice
since they sell a couple other products that look to be customized and
branded versions of pfsense. They sent me a link to one of their help
documents here: http://www.hotbrick.com/support_detail.asp?tipo=4
Basically, the documents suggest the following settings for VPN's
between Hotbrick products:
IPSEC Phase 1:
Negotiation: Main
Encryption: 3DES
Hash: SHA1
DH Key: 2 (1024 Bit)
Lifetime: 28800
Authentication: Pre-Shared Key
IPSEC Phase 2:
Protocol: ESP
Encryption: Make Sure 3DES only is checked
Hash: SHA1
Perfect Forward Secrecy: 2 (1024 Bit)
Lifetime: 28800
So, I have tried these settings on my remote endpoint Hotbrick's and
Linksys's and have experienced much more stable VPN connections. I
have also noticed that the VPN connection doesn't have to be
re-established by the remote endpoint after long periods of inactivity,
and I have noticed that the tunnels seem to rebuild correctly after a
WAN link goes down and then comes back up. Also, on the Linksys devices
I have dead peer detection turned off, but have keep-alive turned on.
On the pfsense box, I have the IP address listed to ping as an IP on the
remote subnet that is not assigned to any host. I found that on the
Hotbrick and the Linksys units that long term pinging of the remote LAN
gateway (i.e. pinging the LAN IP of the linksys or hotbrick unit) caused
the device to actively start blocking the connection from the pfsense box.
-Vaughn Reid III
David Strout wrote:
I have had the same experience w/ the RV016 and
pfSense. What is the exact version on the linksys
side (have you upgraded the firmware to the
current?), and what build of 1.0.1 pfSense are you
running? I'd move the the current 1.2-BETA SNAP
and upgrade your Linksys to the current 2.0.17.
I personally have had very little luck in
conecting linksys to anything but linksys for VPN
connectivity. I have gotten it to work in the lab
and maintain it's stability but under a high load
situation it becomes very unstable and drops quite
often.
Hi,
I have PFSense 1.0.1 version configured with
open VPN on one site and Dual
wan router (Linksys RV016) configured on the
other site. VPN connection
works fine. However, even though both the
routers are configured to be on a
Keep Alive status in reference to the VPN
connectivity, still the VPN
connection drops consistently. Please let me
know for any further details
you want from me to resolve this issue. Any
help from your side would
really be appreciated.
Thanks & Regards,
Vidit Gupta
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
