Why are L2TP/PPTP connection never re-established after a lost connection?
I don't get it: Why are IPSec-VPN-connections always re-established, but never L2TP or PPTP?
It happens on both my two ER605 and my ER707 between three sites and throughout the Firmware history.
What is so f**ng difficult to re-establish these after a connection loss?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, @tgoschuetz
Thanks for posting in our business forum.
IPsec is most commonly deployed for site-to-site VPN connections, and it natively supports the Dead Peer Detection (DPD) function.
When DPD is enabled, if a gateway detects no data traffic passing through the tunnel for a predefined period of time, it will mark the tunnel as interrupted, release the occupied resources, and prepare for reconnection. This mechanism prevents the common issue where one end of the tunnel has gone offline while the other keeps the invalid tunnel active, which would block a new valid connection from being established successfully.
By comparison, neither L2TP nor PPTP natively includes this automatic tunnel cleanup function. Omada Gateways have rolled out the optimization for L2TP VPN: when an L2TP client disconnects unexpectedly, the corresponding server-side tunnel will not retain resources for an extended period, allowing the client to quickly re-establish a new connection.
Note: L2TP and PPTP connections are always initiated from the client side. The optimization on Omada Gateways only enables the server to accept new connection requests from clients in a timely manner — the server will not actively initiate tunnel reconnection if the client disconnects unexpectedly.
- Copy Link
- Report Inappropriate Content
Hi, @tgoschuetz
Thanks for posting in our business forum.
IPsec is most commonly deployed for site-to-site VPN connections, and it natively supports the Dead Peer Detection (DPD) function.
When DPD is enabled, if a gateway detects no data traffic passing through the tunnel for a predefined period of time, it will mark the tunnel as interrupted, release the occupied resources, and prepare for reconnection. This mechanism prevents the common issue where one end of the tunnel has gone offline while the other keeps the invalid tunnel active, which would block a new valid connection from being established successfully.
By comparison, neither L2TP nor PPTP natively includes this automatic tunnel cleanup function. Omada Gateways have rolled out the optimization for L2TP VPN: when an L2TP client disconnects unexpectedly, the corresponding server-side tunnel will not retain resources for an extended period, allowing the client to quickly re-establish a new connection.
Note: L2TP and PPTP connections are always initiated from the client side. The optimization on Omada Gateways only enables the server to accept new connection requests from clients in a timely manner — the server will not actively initiate tunnel reconnection if the client disconnects unexpectedly.
- Copy Link
- Report Inappropriate Content
@Jeremy_12 thank you for the clarification. Is there any way to realize a similar automatic reconnect on the client side (which in my case is either an ER605 or ER707)?
BTW, I just need these L2 connection as an interface in policy based routes (i.e. routing some clients' outbound traffic through another site), I am not an expert and found no way to accomplish this by using the existing IpSec-connection.
Thanks,
Tom
- Copy Link
- Report Inappropriate Content
Hi,@tgoschuetz
Thank you for your reply.
To clarify, are you referring to whether ER605 or ER707 supports similar automatic re-connection functionality when configured as a VPN client?
We have not yet identified a viable solution to enable automatic VPN re-connection for the client side thus far. If you find the solution, you may share your points here.
Thanks for your understanding.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 200
Replies: 3
Voters 0
No one has voted for it yet.