site to site vpn issue
Customer with an office and a warehouse.
Both sites have an ER605 and OC200
Everything did appear to be working fine until a user was getting constantly disconnected from an RDP session that connects to a vendor system. (not over the vpn)
I have setup a manual IPsec connection using IKEv2.
Upon rebooting one of the endpoints, it seems to stabilize for some time (4hrs or so) and then starts dropping (very briefly)
I am seeing the behavious on both end of the tunnel as I have ScreenConnect loaded on computers on both ends as well for remote access and support.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
i've set up the ipsec for many times. never really see a prob like this. what my suggestions are:
1. contact isp.
2. pay attention your lan connection. is there a short disconnection on your local network which could eventually lead to a disc to the vpn. vpn's based on the internet, based on your connection to the world.
do you use the default encryption settings? or aes-256? i don't think encryption can cause a prob but i did help someone establish the vpn by modifying the encryption.
- Copy Link
- Report Inappropriate Content
@Tedd404
Just sha1 - aes128 - dh2
Actually thought it was an ISP issue at first and had them replace the cable modem (bridge mode)
Weirder part is I am seeing some devices stay connected to my remote control host longer than others.
I am going to replace the network switch as this all just seems so erratic. (switch is possibly 8+ years old - can't remember when I installed it)
- Copy Link
- Report Inappropriate Content
not really to replace the modem. it's more like a network layer problem. you can ask if isp disconnect periodically? maybe the vpn does not reconnect because your isp cut the connection.
- Copy Link
- Report Inappropriate Content
Yeah I don't think that's the issue because I see the disconnects happening on the other endpoint (warehouse) as well, and that's a different ISP.
Which still bring me back to some sort of VPN issue because even if I had a bad switch, the site to site vpn should be fine.
Starting to think it might be the ER605 itself. I may swap that first and see how it goes.
- Copy Link
- Report Inappropriate Content
Just a suggestion if you are still hunting around for more data points. You could replace the site-site with a client-site connection and also run the tunnel encrypted or not.
You say you have different ISPs....what technology(s) are being used? ie is it cable, cellular, FTTH, Starlink....
- Copy Link
- Report Inappropriate Content
It may not be the same problem I had but it sounds like it. there is a lot of tp-link and VPN truble so it can be another VPN problem.
I can not bear to tell the whole story, but I spent 4 months. and 100 emails to get tp-link to and understand this error.
the problem is that every time IPsec connect / reconnect drops all relal time applications for all devices on LAN for a while. this also applies to L2TP.
finally the tp-link figured out the problem and came up with a beta version for ER605v1, v2 and ER7206. this has fixed real time aplication dropout,
But there is a lot of other VPN trouble with tp-link routers so I eventually had to give up and install a Cisco firewall to do IPSec. (another story)
But you can try to contact support to get a copy of the beta with fix, it should fix relal time application drop when IPsec connect/reconnetes.
the file is called ER605v1_un_1.2.0_20220422 (beat) .zip, I have no download link for this so you almost have to contact support to get it.
- Copy Link
- Report Inappropriate Content
@shberge
So its definitly a router / VPN issue.
I disabled the VPN connection and all the disconnect issues went away.
Will drop some screenshots of my config here in case I missed something but it was all working fine for months and then went haywire.
- Copy Link
- Report Inappropriate Content
There is new software ot ruters yesterday, try to upgrade, I think VPN disconnection issue is fixed in this software
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I do not use PPTP so I do not know, but I'm not surprised, VPN has been a nightmare on these routers.
but now there is probably not much that supports PPTP or L2TP anymore, it is away from both Windows 11 and Android 12,
So i'm running OpenVPN on a rapsbery pi4, it works perfectly fine on both pc and andoid / apple.device.and much faster than tp-link routers.
but you can still use PPTP/L2TP between tp-link routers if you do that.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1937
Replies: 10
Voters 0
No one has voted for it yet.