Where is the "Nail-UP" or "Keep Alive" or "Dead Peer Detection" ?

Rix
Rix Posts: 18
First Comment Friend Collector
 Freshman Member
edited November 11 in Nebula
I cannot maintain a VPN connection. The VPN connects once, then fails after a minute or two, then never reconnects back unless I manually uncheck, save, recheck the connection to force initial connect.  Need it nailed up!

I tried with, and without the 1-1 nat policy applied.  Same results.
2022-11-11 14:59:00  VPN 71.1.1.111 205.111.1.2 [Policy: ipv4(10.111.150.0-10.111.150.255)-ipv4(205.111.1.0-205.111.1.255)]

2022-11-11 15:00:23 VPN 71.1.1.111 205.111.1.2 Peer not reachable
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 The cookie pair is : 0x6450fcdf1f27d9f4 / 0x0000000000000000
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID]
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 ISAKMP SA [SA_HP4] is disconnected
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 Send:[HASH][DEL]
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 DPD: The remote address of [SA_HP4:SA_HP4] has been no response.
2022-11-11 15:00:23VPN71.1.1.111 205.111.1.2 Tunnel [SA_HP4] Sending IKE request
2022-11-11 15:00:02VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 15:00:01System Monitoring  CPU temperature: 67 degrees Celsius.
2022-11-11 14:59:41VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 14:59:41VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 14:59:30VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE]
2022-11-11 14:59:30VPN71.1.1.111 205.111.1.2 Send:[HASH][NOTIFY:R_U_THERE] [count=3]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 Phase 1 IKE SA process done
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2[ESP 3des-cbc|hmac-sha1-96][SPI 0x4938f05a|0x9db0d912][Lifetime 26400]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 [Policy: ipv4(10.239.150.0-10.239.150.255)-ipv4(205.111.1.0-205.111.1.255)]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 Send:[HASH][SA][NONCE][ID][ID]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 Tunnel [SA_HP4:SA_HP4:0x9db0d912] built successfully
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2 Send:[HASH]
2022-11-11 14:59:00VPN205.111.1.271.1.1.111 Recv:[HASH][SA][NONCE][ID][ID]
2022-11-11 14:59:00VPN71.1.1.111 205.111.1.2[Initiator:71.1.1.111][Responder:205.111.1.2]

Accepted Solution

  • lalaland
    lalaland Posts: 77
    First Answer First Comment Friend Collector Fifth Anniversary
     Ally Member
    edited November 15 Answer ✓
    DPD is enable by default in Nebula. so you cannot see the options in Nebula.

All Replies

  • mMontana
    mMontana Posts: 995
    25 Answers 500 Comments Friend Collector Third Anniversary
     Guru Member
    Into VPN connection.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,058
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member
    Hi @Rix,
    DPD is in phase 1 VPN gateway.
    Nailed-up is in phase 2 VPN connection.

  • Rix
    Rix Posts: 18
    First Comment Friend Collector
     Freshman Member
    But the IPSecVPN does not work with Nebula.  Evidently the Nail-Up option is missing. I removed from Nebula and factory-defaulted to on-premise mode and had it set up and working in under 30 minutes.  I spent close to 20 hours tinkering with Nebula with no success. In my humble opnion, Nebula is not ready for prime time until the missing controls can be overcome with SSH or Local access to fill in the missing features. Another negative experience is trying to work with the LOG.  Search doesn't refresh, it has to be refreshed manually and each time it takes 15-20 seconds, only to have to refresh again in every few minutes.  On premise logs are instant. I won't consider Nebula for firewalls for at least another year. Its okay to manage AP's, but that's about it.

Nebula Tips & Tricks