|
||||||||
Have you tried setting up a scheduled ping to the other side? Pfsense now has an option to do this. I have used this trick successfully from a workstation or server for a long time in similar situations. ------Original Message------ From: Michael To: m0n0wall Subject: [m0n0wall] IPSec and dynamic DNS Sent: Jul 28, 2010 6:34 AM Hello list, My routers have a dynamic DNS - IPSec problem. Premise 1: My m0n0wall 1.32 embedded (on Alix 2) router called 'tokyo.mynet.com' correctly forwards over a IPSec tunnel to 'madrid.mynet.com'. Premise 2: tokyo.mynet.com is correctly updating the master DNS server for mynet.com with a dynamic IP address which changes every day. Premise 3: madrid.mynet.com has a static IP address. Problem: After the IP address for tokyo.mynet.com changes, everything continues to perform normally, however IPSec fails. Diagnosis: Looking at diag_ipsec_spd.php and diag_ipsec_spd.php on tokyo.mynet.com, everything looks good. Entries in SAD are torn down when unused, and entries in SPD always contain the current (correct) IP address. On the remote (static ) router madrid.mynet.com, I see that the SAD entries are never torn down and the SPD entries contain the old IP address for tokyo.mynet.com. I've already activated dead peer detection (DPD). What else do I need to do to get this working? Thanks, Michael --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch -- Kevin Tollison Sent from my Blackberry |