EFW Support

Support => VPN Support => Topic started by: csaasc on Thursday 06 May 2010, 11:27:19 pm



Title: IPsec & DynDNS Deadpeer detection
Post by: csaasc on Thursday 06 May 2010, 11:27:19 pm
hey.

i've got a Problem with the Dead Peer detection of the IPsec Tunnels. I'm using 3 Endian 2.3 to connect betwen our sites.. every Endian has a PPPoE Connection with a dynamic IP Adress.
If FW A reconnects it get a new IP. It restarts the tunnel. But side B doesn't detect the dead Peer and always tries to connect to the old IP. FW B doesn't look up the new IP. I've got to restart the IPsec Service everytime....

any ideas?


Title: Re: IPsec & DynDNS Deadpeer detection
Post by: Jasp3r on Wednesday 06 July 2011, 11:39:48 pm
Does anyone have a fix for this?  We are also experiencing this issue.

From what I have tested so far.
IPsec VPNs are connected between 2 sites
We reboot one site and it pulls a new IP.
The site not rebooted shows the VPN is not connected and the log files show that its constantly trying to connect.
After the rebooted site comes back  it updated zoneedit properly.
Using Putty I am logged into the non rebooted machine and I continue to check DNS by pinging the remote host.  After anywhere from 5-15 minutes its dns updates and it sees the new IP however it does not reconnect the VPN. 
It is almost as though the VPN is trying to hang on to the old IP somehow.  Infact this will continue trying but never connecting.  As soon as I restart the VPN connection on the non rebooted machine the VPN connection establishes instantly.

What is the difference between pressing restart and the restart option that is in the connection?
Is there a way to launch a cron job or anything that once the VPN gets disconnected that it would attempt a restart every 1 minute until the connection is reestablished?

Thank you
Jasp3r