Wednesday, February 20, 2008

CheckPoint VPN keepalive kills the tunnel

I had the strangest experience when setting up a CheckPoint VPN device the other day. The tunnel built fine, but sometime between a few seconds and 1-2 minutes after coming up fine, it logged a "no proposal chosen" and went dead again. I researched every parameter with no luck, until I came to a checkbox on the last screen of the CheckPoint's VPN tunnel wizard stating something like "Keep this tunnel alive." Naturally I had wanted to keep the tunnel up, so I had checked it.

Funny thing, not until I cleared it again, the tunnel became rock stable. So, as long as you don't ask it to, it keeps your tunnel alive. I guess it just does not like being pushed around...