[ previous ] [ next ] [ threads ]
 
 From:  "Sam Wun" <swun2010 at gmail dot com>
 To:  kingz at westernmobile dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch, "Joost van den Broek" <joost at seat dash ibiza dot nl>
 Subject:  Re: [m0n0wall] can't re-create ipsec tunnel automatically after peer side poweroff
 Date:  Tue, 18 Dec 2007 08:54:39 +1100 
It is as always like this since the beginning of IPSEC was invented in FreeBSD.

On Dec 18, 2007 3:37 AM, Jian Zhang <kingz at westernmobile dot net> wrote:
> Joost,
>
> Great thanks!
>
> Dear All,
> This feature is very important for us, also it is very urgent for us. Could
> any one make sure if it is one problem with DPD? And could it is fixed in
> the latest release of m0n0wall or Pfsense?
>
> Thanks in advance!
>
> Merry Christmas!
>
> Jian
>
>
> -----Original Message-----
> From: Joost van den Broek [mailto:joost at seat dash ibiza dot nl]
> Sent: 2007Äê12ÔÂ17ÈÕ 7:33 PM
> To: kingz at westernmobile dot net
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] can't re-create ipsec tunnel automatically after
> peer side poweroff
>
> Jian Zhang schreef:
> > Dear all,
> >
> > We are using one M0n0wall Box(using M0n0wall 1.22) in A city, and in city
> B
> > we have one Dlink OFL 300 box create one IPSEC tunnel (as mobile ipsec) to
> > that M0n0wall in City A, the tunnel works well; then after that Dlink box
> > power off or Internet link broken, Dlink box can not create that IPSEC
> > tunnel to City A again automatically, only after releasing SA of that old
> > tunnel on M0n0wall of City A, Dlink can create one IPSEC tunnel to
> M0n0wall
> > again. This is the problem.
> >
> > I am not sure if it is about Dead peer detection (DPD) of IPSEC. Could you
> > help to look into this problem?
> >
> > If so, Could m0n0wall support DPD? Which version of m0n0wall can support?
> >
> >
> > Any hint, comment or suggestion will be highly appreciated!
> >
> >
> >
> > Merry Christmas!
> >
> >
> >
> > Jian
> >
>
> Hi Jian,
>
> Afaik this indeed has to do with the lack of DPD support and we're also
> experiencing this problem. Not sure if this is gonna fixed in some
> future release, but the described behaviour is unfortunately as
> expected. The only solution for now, and recommended in most situations
> anyway, is using the same device (not m0n0wall) on both sides with DFD
> support.
>
> Joost
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>