This feature is very important for us, also it is very urgent for us. Could
any one make sure if it is one problem with DPD? And could it is fixed in
the latest release of m0n0wall or Pfsense?
Thanks in advance!
From: Joost van den Broek [mailto:joost at seat dash ibiza dot nl]
To: kingz at westernmobile dot net
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] can't re-create ipsec tunnel automatically after
peer side poweroff
Jian Zhang schreef:
> Dear all,
> We are using one M0n0wall Box(using M0n0wall 1.22) in A city, and in city
> we have one Dlink OFL 300 box create one IPSEC tunnel (as mobile ipsec) to
> that M0n0wall in City A, the tunnel works well; then after that Dlink box
> power off or Internet link broken, Dlink box can not create that IPSEC
> tunnel to City A again automatically, only after releasing SA of that old
> tunnel on M0n0wall of City A, Dlink can create one IPSEC tunnel to
> again. This is the problem.
> I am not sure if it is about Dead peer detection (DPD) of IPSEC. Could you
> help to look into this problem?
> If so, Could m0n0wall support DPD? Which version of m0n0wall can support?
> Any hint, comment or suggestion will be highly appreciated!
> Merry Christmas!
Afaik this indeed has to do with the lack of DPD support and we're also
experiencing this problem. Not sure if this is gonna fixed in some
future release, but the described behaviour is unfortunately as
expected. The only solution for now, and recommended in most situations
anyway, is using the same device (not m0n0wall) on both sides with DFD