Where is the "Nail-UP" or "Keep Alive" or "Dead Peer Detection" ?

Rix
Rix Posts: 21  Freshman Member
First Comment Friend Collector SurveyFeedback-2022-Nov First Anniversary
edited November 2022 in Nebula
I cannot maintain a VPN connection. The VPN connects once, then fails after a minute or two, then never reconnects back unless I manually uncheck, save, recheck the connection to force initial connect.  Need it nailed up!

I tried with, and without the 1-1 nat policy applied.  Same results.
2022-11-11 14:59:00  VPN 71.1.1.111 205.111.1.2 [Policy: ipv4(10.111.150.0-10.111.150.255)-ipv4(205.111.1.0-205.111.1.255)]

2022-11-11 15:00:23 VPN 71.1.1.111 205.111.1.2 Peer not reachable
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 The cookie pair is : 0x6450fcdf1f27d9f4 / 0x0000000000000000
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID]
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 ISAKMP SA [SA_HP4] is disconnected
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 Send:[HASH][DEL]
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 DPD: The remote address of [SA_HP4:SA_HP4] has been no response.
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 Tunnel [SA_HP4] Sending IKE request
2022-11-11 15:00:02VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 15:00:01System Monitoring  CPU temperature: 67 degrees Celsius.
2022-11-11 14:59:41VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 14:59:41VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 14:59:30VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 14:59:30VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE] [count=3]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 Phase 1 IKE SA process done
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2[ESP 3des-cbc|hmac-sha1-96][SPI 0x4938f05a|0x9db0d912][Lifetime 26400]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 [Policy: ipv4(10.239.150.0-10.239.150.255)-ipv4(205.111.1.0-205.111.1.255)]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 Send:[HASH][SA][NONCE][ID][ID]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 Tunnel [SA_HP4:SA_HP4:0x9db0d912] built successfully
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 Send:[HASH]
2022-11-11 14:59:00VPN205.111.1.271.1.1.111 Recv:[HASH][SA][NONCE][ID][ID]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2[Initiator:71.1.1.111][Responder:205.111.1.2]

Accepted Solution

  • lalaland
    lalaland Posts: 90  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary
    edited November 2022 Answer ✓
    DPD is enable by default in Nebula. so you cannot see the options in Nebula.

All Replies

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Into VPN connection.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Rix,
    DPD is in phase 1 VPN gateway.
    Nailed-up is in phase 2 VPN connection.

  • lalaland
    lalaland Posts: 90  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary
    edited November 2022 Answer ✓
    DPD is enable by default in Nebula. so you cannot see the options in Nebula.
  • Rix
    Rix Posts: 21  Freshman Member
    First Comment Friend Collector SurveyFeedback-2022-Nov First Anniversary
    But the IPSecVPN does not work with Nebula.  Evidently the Nail-Up option is missing. I removed from Nebula and factory-defaulted to on-premise mode and had it set up and working in under 30 minutes.  I spent close to 20 hours tinkering with Nebula with no success. In my humble opnion, Nebula is not ready for prime time until the missing controls can be overcome with SSH or Local access to fill in the missing features. Another negative experience is trying to work with the LOG.  Search doesn't refresh, it has to be refreshed manually and each time it takes 15-20 seconds, only to have to refresh again in every few minutes.  On premise logs are instant. I won't consider Nebula for firewalls for at least another year. Its okay to manage AP's, but that's about it.
  • vuphung
    vuphung Posts: 2
    Zyxel Certified Network Engineer Level 1 - Security Zyxel Certified Network Engineer Level 1 - Nebula Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch

    Dear Zyxel team, could you update the Dead Peer Detection (DPD) feature in the Nebula cloud, I need this feature, thanks.

Nebula Tips & Tricks