On Thu, Feb 10, 2011 at 8:11 PM, David Rees <dree...@gmail.com> wrote: > On Thu, Feb 10, 2011 at 2:57 PM, Chris Buechler <cbuech...@gmail.com> wrote: >> On Thu, Feb 10, 2011 at 5:36 PM, Fuchs, Martin >> <martin.fu...@trendchiller.com> wrote: >>> I run pfsense 1.2.3 and use 4 ipsec tunnels with dynamic endpoints. >>> >>> Everything works fine, but when one endpoint continuously gets a new WAN-IP >>> due to numerous reconnects, raccoon stops working and has to be started >>> manually… >> >> Probably because DPD doesn't work entirely correctly in that version >> of ipsec-tools, it does in the newest version that's now in 2.0 >> snapshots. > > Is this the relevant ticket? http://redmine.pfsense.org/issues/1256 >
yes now fixed. > Has the fix been checked in to 2.0 yet? > as of a couple days ago yes. > BTW Martin - how are you using dynamic endpoints for IPsec w/pfSense? > I didn't think that was possible... > It's possible, just use dyndns names. It largely works fine, you can hit some scenarios in 1.2.3 though that require kicking racoon on typically rare occasion. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org