AW: [pfSense Support] IPsec Does Auto Establish work?

[Holger Bauer]

Just a real-life example: 

I have an IPSEC-Mesh between several locations. Each location has it's own VoIP 
PBX. The PBXs don't talk to each other unless there is a call. If the tunnel is 
down and you try to call a phone at the distant PBX you get a busy before the 
tunnel is up (tunnel needs longer to establish than the timeout of the VOIP). 
The second call then is working as the tunnel was brought up because of the 
first try which failed. There is other traffic from sublocations to main 
location only (keeping tunnels from sublocations to mainlocation up, no mesh 
traffic) but VOIP is going directly from one location to the other through a 
different tunnel between the two locations (which goes down if there are not 
calls from time to time).

Solutions: 
- adding cronjobs manually (but they don't get backed up with config.xml, so 
exchanging/restoring the router needs recalling this settings)
- using a server in sublocations subnets doing the ping

Holger

 -Ursprüngliche Nachricht-
 Von: Scott Ullrich [mailto:[EMAIL PROTECTED]
 Gesendet: Freitag, 18. November 2005 21:22
 An: support@pfsense.com
 Betreff: Re: [pfSense Support] IPsec Does Auto Establish work?
 
 
 Exactly.  I really don't see any reason to constantly babysit the
 tunnels.   If its mission critical to keep the tunnels up, there is
 cron.   There are situations where something can be over-engineered
 and this smells exactly of it.
 
 Scott
 
 On 11/18/05, Vivek Khera [EMAIL PROTECTED] wrote:
  what's the point of keeping the tunnel up?  won't either endpoint
  force it to re-establish on demand anyhow?
 
  i know my mobile user IPsec vpn does so from my mac to pfSense.  i'm
  fairly certain our remote office VPN also does so, but it is a
  LNG haul over an unreliable network, so it is up and 
 down all the
  time anyway.
 
 
  
 -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 


Virus checked by G DATA AntiVirusKit


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: [pfSense Support] IPsec Does Auto Establish work?

[Holger Bauer]

Heh, looks like this option should be called make voip happy [X] 

 -Ursprüngliche Nachricht-
 Von: John Cianfarani [mailto:[EMAIL PROTECTED]
 Gesendet: Freitag, 18. November 2005 22:18
 An: support@pfsense.com
 Betreff: RE: [pfSense Support] IPsec Does Auto Establish work?
 
 
 Here is my somewhat potential setup for why I needed to keep 
 the tunnel
 up.
 
 Lets say you have voip phones at a small remote site (1-2 users) which
 has a dynamic ip address. (Which uses the mobile ipsec client setup)
 Lets also assume the phones don't register with the call 
 server (static
 configuration or they register every 30min/60min).
 
 Call server is at the host site.  Call comes in for one of the remote
 phones but because the tunnel is down and the ip is dynamic it can't
 bring up ipsec session, hence unable to ring the phone.
 
 Now you might say if a user isn't there who cares.  But the 
 phone might
 be set to do call forwarding or the user doesn't have their 
 machine on.
 
 
 On this note it could be resolved if it was possible to put in a
 dynamicdns name instead of ip so the host site would always be able to
 find the remote site?
 
 Thanks
 John
 
 -Original Message-
 From: Vivek Khera [mailto:[EMAIL PROTECTED] 
 Sent: Friday, November 18, 2005 3:19 PM
 To: support@pfsense.com
 Subject: Re: [pfSense Support] IPsec Does Auto Establish work?
 
 what's the point of keeping the tunnel up?  won't either endpoint  
 force it to re-establish on demand anyhow?
 
 i know my mobile user IPsec vpn does so from my mac to pfSense.  i'm  
 fairly certain our remote office VPN also does so, but it is a  
 LNG haul over an unreliable network, so it is up and down 
 all the  
 time anyway.
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 


Virus checked by G DATA AntiVirusKit


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]