Dead Peer detection

iislas18 · December 17, 2018, 04:21:50 PM

How does dead peer detection work for site to site VPN using IPsec? I have read some articles but the version associated with those articles are for 1.2, but I am on 18.7. Does this utilize ICMP or is it used to detect IKEv1/IKEv2 failure?

mimugmail · December 17, 2018, 05:38:01 PM

Ike keepalive

iislas18 · December 17, 2018, 06:49:21 PM

Thanks for the reply. So here is my scenario: I am using Opnsense here and have a site to site IPsec setup to a meraki firewall. The meraki firewall does have a 2nd WAN IP. If the active WAN IP goes and transitions to the 2nd WAN IP how does dead peer detection work? Does it detect that the active WAN IP is down due to no traffic? and does the opnsense keep trying to establish a tunnel with the previous WAN IP?

Dead Peer detection

iislas18

December 17, 2018, 04:21:50 PM

mimugmail

December 17, 2018, 05:38:01 PM #1

iislas18

December 17, 2018, 06:49:21 PM #2