@ZoloNN 

If you switch from SD-WAN to IPSec (but will have to build all the inter-site VPNs manually) you can change the DPD timeout or disable it entirely which might help with this situation

Hi @Ethan-TP,

On one site I have (semi)permanent public IP address (DHCP lease is renewed with the same IP except when the ISP makes some maintenance) on FTTH.

On the other site my public IP changes quite frequently as my ISP reboots the xDSL modem appoximately once a week with foolish excuse of "purging the DHCP pool .

Usually the SD-WAN resync without problem, but in this case it was different. the SD-WAN died without the usual public IP change (I monitor the availability of "8.8.8.8" via KUMA) and that's the reason behind my question. It happened already the second time, that I had to reboot both gateways to bring the connection back.

for the reference: this was the first and more severe SD-WAN outage

Hi @GRL,

this is my 3rd site2site VPN solution in place.

 * The first one was OpenVPN connection using my previous Asus RT-AC66N_B1 routers running Merlin firmware.

 * Second one (as I wasn't satisfied with the speed) was based on virtualised pfSense using WireGuard

Then I've replaced my Asus routers (which support cycle has ended) with ER605 gateway but unfortunately till FW 2.3.0 the peer configuration accepted only IP address and no FQDN - so I stayed with the pfSense setup. This was robust and I haven't experienced any connection outages (of course except internet connectivity outages ).

* Then the FW 2.3.0 was released. First, I wanted to move the WireGuard setup from pfSense to ER605, but the SD-WAN easy setup has surprised me and I've choose it as my third one.

Maybe I'll return to WireGuard site2site setup when the troubles with SD-WAN will continue to happen.