[ previous ] [ next ] [ threads ]
 From:  "Harbert, Orangebox Networks" <harbert at orangebox dot com dot br>
 To:  Heinz Teichmann <heinz dot teichmann at wanews dot com dot au>, M0n0wall User List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Still, IPSec VPN with Dyndns hosts
 Date:  Fri, 12 Nov 2010 08:32:13 -0200

Well I have now 2 sites with DynDNS running, 1x pfSense, 1x M0n0wall,
IPsec for remote access, also a 3rd with NO-IP (pfSense).
In general it does not give me trouble, only sometimes directly after an
IP change on my m0n0 side, I can't build up a connection anymore.
When at that moment I disconnect the WAN PPPOE it connects automaticly
again and so far 9 out of 10 times builds up the IPsec again.
1x it didn't and what I did was "save" the IPsec tunnel again and it
In both situations I was on the m0n0wall side, so far did not have to do
something on the pfSense sides.
Did you check if all parameters are on both sides exactly the same?

Harbert Reilink

Orangebox Networks

On Fri, 12 Nov 2010 13:12:51 +0800, Heinz Teichmann
<heinz dot teichmann at wanews dot com dot au> wrote:
> Hello specialists,
> since there are many topics out there with a lot of people having the
> problem, is there a way to completely restart racoon at a certain time
> the day?
> As many threads say in the end, deactivate VPN and reactivate it or just
> click save overcomes the problem, but is not really comfortable.
> By the way, even deleting the security policy doesn't help. Monowall
> tries to initiate phase one with the old IP address after an address
> change.
> Shorter lifetimes etc. don't help, static address on one end doesn't,
> and Policy delete doesn't. Only bouncing racoon helps.
> Even if this thread/mail leads to nowhere somebody might pick it up and
> stop searching for hints because with 1.32 only the initial tunnel and
> key exchange works perfectly, but not after an address change.
> If somebody has it up and running with daily changing IP addresses, two
> dynamic sites and no manual intervention after the change please let me
> know how you did it. Seems like a racoon problem because pfsense has the
> same issue.
> Maybe put a checkbox and a start time in the advanced settings to
> periodically restart racoon? I think it would help a lot of people out
> there to overcome the issue with dynamic IPs.
> By the way, I really think that it is very generous of the developers of
> Monowall to give it away for free, since this is the only issue I have
> it.
> Best Regards
> Heinz
> www.thewest.com.au
> West Australian Newspapers Group
> Privacy and Confidentiality Notice
> The information contained herein and any attachments are intended solely
> for the named recipients. It may contain privileged confidential
> information.  If you are not an intended recipient, please delete the
> message and any attachments then notify the sender. Any use or
> of the contents of either is unauthorised and may be unlawful. Any
> liability for viruses is excluded to the fullest extent permitted by
> Advertising Terms & Conditions
> Please refer to the current rate card for advertising terms and
> conditions.  The rate card is available on request or via
> www.thewest.com.au/ratecard
> Unsubscribe
> If you do not wish to receive emails such as this in future please reply
> to it with "unsubscribe" in the subject line.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch