Where is the "Nail-UP" or "Keep Alive" or "Dead Peer Detection" ?

Rix Posts: 18
First Comment Friend Collector SurveyFeedback-2022-Nov
 Freshman Member
edited November 2022 in Nebula
I cannot maintain a VPN connection. The VPN connects once, then fails after a minute or two, then never reconnects back unless I manually uncheck, save, recheck the connection to force initial connect.  Need it nailed up!

I tried with, and without the 1-1 nat policy applied.  Same results.
2022-11-11 14:59:00  VPN [Policy: ipv4(]

2022-11-11 15:00:23 VPN Peer not reachable
2022-11-11 15:00:23VPN71.1.1.111 The cookie pair is : 0x6450fcdf1f27d9f4 / 0x0000000000000000
2022-11-11 15:00:23VPN71.1.1.111 Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID]
2022-11-11 15:00:23VPN71.1.1.111 ISAKMP SA [SA_HP4] is disconnected
2022-11-11 15:00:23VPN71.1.1.111 Send:[HASH][DEL]
2022-11-11 15:00:23VPN71.1.1.111 DPD: The remote address of [SA_HP4:SA_HP4] has been no response.
2022-11-11 15:00:23VPN71.1.1.111 Tunnel [SA_HP4] Sending IKE request
2022-11-11 15:00:02VPN71.1.1.111 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 15:00:01System Monitoring  CPU temperature: 67 degrees Celsius.
2022-11-11 14:59:41VPN71.1.1.111 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 14:59:41VPN71.1.1.111 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 14:59:30VPN71.1.1.111 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 14:59:30VPN71.1.1.111 Send:[HASH][NOTIFY:R_U_THERE] [count=3]
2022-11-11 14:59:00VPN71.1.1.111 Phase 1 IKE SA process done
2022-11-11 14:59:00VPN71.1.1.111[ESP 3des-cbc|hmac-sha1-96][SPI 0x4938f05a|0x9db0d912][Lifetime 26400]
2022-11-11 14:59:00VPN71.1.1.111 [Policy: ipv4(]
2022-11-11 14:59:00VPN71.1.1.111 Send:[HASH][SA][NONCE][ID][ID]
2022-11-11 14:59:00VPN71.1.1.111 Tunnel [SA_HP4:SA_HP4:0x9db0d912] built successfully
2022-11-11 14:59:00VPN71.1.1.111 Send:[HASH]
2022-11-11 14:59:00VPN205. Recv:[HASH][SA][NONCE][ID][ID]
2022-11-11 14:59:00VPN71.1.1.111[Initiator:][Responder:]

Accepted Solution

  • lalaland
    lalaland Posts: 86
    First Answer First Comment Friend Collector Fifth Anniversary
     Ally Member
    edited November 2022 Answer ✓
    DPD is enable by default in Nebula. so you cannot see the options in Nebula.

All Replies

  • mMontana
    mMontana Posts: 1,207
    50 Answers 1000 Comments Friend Collector Third Anniversary
     Guru Member
    Into VPN connection.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,178
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Zyxel Employee
    Hi @Rix,
    DPD is in phase 1 VPN gateway.
    Nailed-up is in phase 2 VPN connection.

  • Rix
    Rix Posts: 18
    First Comment Friend Collector SurveyFeedback-2022-Nov
     Freshman Member
    But the IPSecVPN does not work with Nebula.  Evidently the Nail-Up option is missing. I removed from Nebula and factory-defaulted to on-premise mode and had it set up and working in under 30 minutes.  I spent close to 20 hours tinkering with Nebula with no success. In my humble opnion, Nebula is not ready for prime time until the missing controls can be overcome with SSH or Local access to fill in the missing features. Another negative experience is trying to work with the LOG.  Search doesn't refresh, it has to be refreshed manually and each time it takes 15-20 seconds, only to have to refresh again in every few minutes.  On premise logs are instant. I won't consider Nebula for firewalls for at least another year. Its okay to manage AP's, but that's about it.

Nebula Tips & Tricks