ER605 VPN Log showing traffic with 169.254.0.0/16 subnet
Hello. I am struggling with the slow VPN connection with my ER605's. I have two locations and I set one location (A) to VPN to the other location (B) using L2TP/IPSec so I can manage devices in B from my home in A. I'm so frustrated of the slowness of my access to devices in B that I looked at the log in the ER605 in B. (BTW, both ER605 have the same HW and Firmware versions. The log in B shows that there are traffic requests from subnet 169.254.0.0/16. That is a subnet for devices which does not know which device that traffic came from!!! I think this is what's causing the latency in the connection from A to B.
What could be causing this? Shall I change a VPN Protocol?
In the latest firmware update, there is now a GRE VPN section but I don't know how to set it to connect location A to B. Maybe that is a better option for me.
Thanks in advance.
Hi @firefox111
Thanks for posting in our business forum.
It logs out after 6 minutes by default. If you want to change that, (only) in standalone mode, web idle timeout, change that.
It is okay to see that IP because it is what the firmware writes. I have confirmed it with you in the previous reply.
Is there something wrong with the forum server? I did reply to your question regarding this subnet.
Go above and read what's been said on Thursday. It's been explained in that thread linked. That's why I remember it was answered and there is no point in me repeating this to you as there is an explanation.
ACL State was added to the previous firmware. Not 2.2.2. It does not make a problem.
When the dev releases this firmware, it never came across their mind that there are people literally turning off the HTTPS. Usually, we recommend you proceed with the HTTPS. Reason why HTTPS, you can Google it - HTTP VS HTTPS.
2.2.2 is a version focusing on security fixes and it changes the security-related settings. So, if you have disabled HTTPS, then there is no way to access it. Refer to the related solution post.
Hi @firefox111
Thanks for posting in our business forum.
How slow? What is the speed you get? How do you verify and determine it is slow?
How about your ISP speed? Both sites, DL and UL speed.
Don't get frustrated before you start to learn about the differences between the models.
Don't get frustrated before you pick a good VPN protocol.
About this subnet, screenshot it. Is it in the log?? I don't think so. Did you find it in the Routing Tables?
Okay. I have prepared snippets to show what is happening. Note that the VPN connection is up and established from Location A to Location B with 192.168.5.0/24 in A and 192.168.4.0/24 in B. I hope these snippets will be accepted by the forum server.
I'll show the L2TP VPN configuration of the ER605 in Location A to connect to ER605 in Location B;
The Tunnel List in both A and B;
The speedtest.net statistics of my Internet connections in Location A and B.
Then in Location A, I tried to log in to Location B's ER605 management interface at 2023-11-22 21:19:03. BTW, I don't even get the management interface.... It just times out.
Then finally I remotely logged in to a server in Location B to open the ER605 management interface at 2023-11-22 21:20:44. As you can see, the IP Address is 169.254.11.22. Where is B's ER605 getting that?
Even coming from an iPad with 5G Cellular connection via L2TP connection to ER605 in B, when I try to open B's management interface, I just get a round and round cursor and finally times out. And again, I see the 169.254.*.* IP in the log!
Here are the snippets:
Hi @firefox111
Thanks for posting in our business forum.
It logs out after 6 minutes by default. If you want to change that, (only) in standalone mode, web idle timeout, change that.
It is okay to see that IP because it is what the firmware writes. I have confirmed it with you in the previous reply.
Is there something wrong with the forum server? I did reply to your question regarding this subnet.
Go above and read what's been said on Thursday. It's been explained in that thread linked. That's why I remember it was answered and there is no point in me repeating this to you as there is an explanation.
ACL State was added to the previous firmware. Not 2.2.2. It does not make a problem.
When the dev releases this firmware, it never came across their mind that there are people literally turning off the HTTPS. Usually, we recommend you proceed with the HTTPS. Reason why HTTPS, you can Google it - HTTP VS HTTPS.
2.2.2 is a version focusing on security fixes and it changes the security-related settings. So, if you have disabled HTTPS, then there is no way to access it. Refer to the related solution post.