FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
994 views 7 comments
by anonymous
On RUT950 and RUTXR1 I can't find no more the Keep Alive option for IPSEC VPN. DPD is present but as far as I know it works differently.

Can someone help me? I need a mechanism to keep the tunnel up and running when the inside traffic is none in certain moment.

Thanks

Matteo

1 Answer

0 votes
by anonymous

Hi,

IPSec uses Dead Peer Detection for such purposes. DPD sends R_U_THERE messages to check if the connection is up. If the peer does not respond, then the available actions are restart/clear/hold or none. You can configure the device to restart the IPSec tunnel. Take a look a the Wiki page HERE.

You can also find more information about the package itself (strongswan) HERE.

Kind Regards,

Andzej

by anonymous
Hi Andzej,

But if  on remote end I reboot the router for some reason or the VPN is dropped for No LTE signal for example and then the signal correct level is restored, the VPN tunnel is estabilished but not traffic can pass to the remote end until something on remote end initiate the traffic (like a ping to a server on VPN).

DPD seems that can't do this initially. It works just when the traffic is already present or this is what happens to my test bench.

Regards

Matteo
by anonymous
You can try to uncomment the line 'keep_alive = 20s' in /etc/strongswan.d/charon.conf and restart ipsec.

Hope that helps.
by anonymous
Hi,

thanks for the suggestion, but in this case which VPN internal IP will be pinged?

Regards
by anonymous
It is not a ping but an exchange at the IKE level.
by anonymous

It does nothing. After RUT950 reboot VPN phase 1 remain in "Connecting" status until someone on rRUT side does a Ping to a  remote server in the VPN tunnel.

No way to keep the tunnel open if there is no traffic inside.

I'm trying with crontab to do a period ping to my remote server but it seems that I get error in this also:

*/1 * * * * ping -c5 192.168.1.32 

generate this log:

Wed Jan  4 15:19:00 2023 cron.err crond[11725]: USER root pid 15671 cmd ping -c5 192.168.1.32

by anonymous
What is the value of the 'Mode' field at the initiator side ? At the other end ?
by anonymous
OK it seems solved now using the cron job reported before and removing the keep alive option. Now after a reboot VPN tunnel is correctly opened.

Thanks

Regards