[ previous ] [ next ] [ threads ]
 From:  Joost van den Broek <joost at seat dash ibiza dot nl>
 To:  kingz at westernmobile dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] can't re-create ipsec tunnel automatically after peer side poweroff
 Date:  Mon, 17 Dec 2007 12:32:40 +0100
Jian Zhang schreef:
> Dear all,
> We are using one M0n0wall Box(using M0n0wall 1.22) in A city, and in city B
> we have one Dlink OFL 300 box create one IPSEC tunnel (as mobile ipsec) to
> that M0n0wall in City A, the tunnel works well; then after that Dlink box
> power off or Internet link broken, Dlink box can not create that IPSEC
> tunnel to City A again automatically, only after releasing SA of that old
> tunnel on M0n0wall of City A, Dlink can create one IPSEC tunnel to M0n0wall
> again. This is the problem.
> I am not sure if it is about Dead peer detection (DPD) of IPSEC. Could you
> help to look into this problem?
> If so, Could m0n0wall support DPD? Which version of m0n0wall can support? 
> Any hint, comment or suggestion will be highly appreciated!
> Merry Christmas!
> Jian

Hi Jian,

Afaik this indeed has to do with the lack of DPD support and we're also
experiencing this problem. Not sure if this is gonna fixed in some
future release, but the described behaviour is unfortunately as
expected. The only solution for now, and recommended in most situations
anyway, is using the same device (not m0n0wall) on both sides with DFD