[ previous ] [ next ] [ threads ]
 
 From:  =?iso-8859-1?Q?Ren=E9_Moser?= <mail at renemoser dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPsec Tunnel DPD does not work
 Date:  Fri, 25 Feb 2011 09:25:19 +0100 (CET)
> I am using 2 m0n0walls behind 2 dyn IPs (WAN). I am using DynDNS on both
> systems. Both systems receiving a new IP every ~24h. (DynDNS default TTL
> of CNAME is 60s)
>
> I configured an IPsec tunnel on both systems, running fine. But after IP
> change, the tunnel is dead. My IPsec config has a DPD of 60s (default).
>
> When I restart racoon (disable/enable IPSec), the tunnel is up again
> immediately.
>
> I am expecting m0n0wall should detect the dead pear and restart the
> tunnel.
> Am I wrong? Or what does DPD (Dead Peer Detection) stand for?

I am coming back to this issue to inform, this issue is suddenly gone, no
clue why it works now as expected. The tunnel is running now for 48 hours
and I also checked the dyndns updates, both IPs changed within the last 36
hours.

Everything works just fine.

The only thing I changed is, "my IP address" as "Identifier" in Phase 1
instead of "User FQDN" the DynDNS DNS entry of the local node.

Log:

racoon: INFO: DPD: remote ... seems to be dead.
racoon: INFO: purging ISAKMP ...
racoon: INFO: purged ...
racoon: INFO: ISAKMP-SA deleted

racoon: INFO: IPsec-SA expired:
racoon: INFO: IPsec-SA request for ...

Hope this helps...

--