This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM to UTM RED Connection drops every 3-4 hours

Hi fellow Sophos UTM people.
I have a UTM to UTM RED connection setup between two sites where one is my home and the other is a server in a data center.

My homes internet connection is passed through the RED interface to the data center UTM, however every 3-4 hours the connection to the RED dies with the following error:

 

2017:01:01-21:51:35 home red_client[1173]: CHILD Tunnel 1: Socket was closed
2017:01:01-21:51:35 home red_client[1173]: CHILD Tunnel 1: Unable to read PING response
2017:01:01-21:51:35 home red_client[1173]: Tunnel 1: disconnected
2017:01:01-21:51:38 home red_client[4300]: Tunnel 1: Forking client handler
2017:01:01-21:51:53 home red_client[4217]: CHILD Tunnel 1: performing initial keying.

 

While the RED tunnel connects up again within around 15 seconds, this is causing all of my internet to go offline which is starting to get a little annoying during online gaming.

Does anyone have any ideas of what i can check?
If any more information is required, please let me know.

Thanks



This thread was automatically locked due to age.
  • Just looking at similar topics on this sub-forum, I'm going to try to disable compression on the tunnel, if the problem persists after I will post a reply.

  • Hi again all,

    This problem still persists even after turning of compression.

    My WAN connection has not gone down in over 2 months, but the RED connection has died about 6 times a day and it's starting to annoy my parents :P hehe

     

    Does anyone have any ideas of what i can do to fix the issue, or should i just not bother with a UTM->UTM Connection?

     

     

    Here is the log from the UTM that is acting as the RED Server:

    2017:01:03-22:54:32 utm red_server[7025]: a08e8fc3024d471: PING remote_tx=2725 local_rx=2726 diff=-1
    2017:01:03-22:54:32 utm red_server[7025]: a08e8fc3024d471: PONG local_tx=1867
    2017:01:03-22:54:39 utm red_server[7025]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="a08e8fc3024d471" forced="0"
    2017:01:03-22:54:39 utm red_server[7025]: a08e8fc3024d471 is disconnected.
    2017:01:03-22:54:39 utm red_server[10183]: SELF: shutdown requested, killing clients
    2017:01:03-22:54:39 utm red_server[10183]: SELF: killing client a08e8fc3024d471
    2017:01:03-22:54:39 utm red_server[10183]: SELF: exiting
    2017:01:03-22:54:44 utm red_server[13529]: SELF: RED10rev1 version set to 14
    2017:01:03-22:54:44 utm red_server[13529]: SELF: RED10rev2 version set to 2005R2
    2017:01:03-22:54:44 utm red_server[13529]: SELF: RED10rev2 local version set to 5035R2
    2017:01:03-22:54:44 utm red_server[13529]: SELF: RED15 fw version set to 5035
    2017:01:03-22:54:44 utm red_server[13529]: SELF: RED15w fw version set to 5035
    2017:01:03-22:54:44 utm red_server[13529]: SELF: RED50 fw version set to 2005
    2017:01:03-22:54:44 utm red_server[13529]: SELF: RED50 local fw version set to 5035
    2017:01:03-22:54:44 utm red_server[13529]: SELF: IO::Socket::SSL Version: 1.953
    2017:01:03-22:54:44 utm red_server[13529]: SELF: Startup - waiting 15 seconds ...
    2017:01:03-22:54:45 utm red_server[13551]: SELF: RED10rev1 version set to 14
    2017:01:03-22:54:45 utm red_server[13551]: SELF: RED10rev2 version set to 2005R2
    2017:01:03-22:54:45 utm red_server[13551]: SELF: RED10rev2 local version set to 5035R2
    2017:01:03-22:54:45 utm red_server[13551]: SELF: RED15 fw version set to 5035
    2017:01:03-22:54:45 utm red_server[13551]: SELF: RED15w fw version set to 5035
    2017:01:03-22:54:45 utm red_server[13551]: SELF: RED50 fw version set to 2005
    2017:01:03-22:54:45 utm red_server[13551]: SELF: RED50 local fw version set to 5035
    2017:01:03-22:54:45 utm red_server[13551]: SELF: IO::Socket::SSL Version: 1.953
    2017:01:03-22:54:45 utm red_server[13551]: SELF: Startup - waiting 15 seconds ...
    2017:01:03-22:55:00 utm red_server[15508]: UPLOAD: Uploader process starting
    2017:01:03-22:55:00 utm red_server[13551]: SELF: (Re-)loading device configurations
    2017:01:03-22:55:00 utm red_server[13551]: a08e8fc3024d471: New device
    2017:01:03-22:55:04 utm red_server[15660]: SELF: New connection from xxx.xxx.xxx.xxx with ID a08e8fc3024d471 (cipher RC4-SHA), rev1
    2017:01:03-22:55:04 utm redctl[15662]: key length: 32
    2017:01:03-22:55:04 utm redctl[15663]: key length: 32
    2017:01:03-22:55:04 utm red_server[15660]: a08e8fc3024d471: connected OK, pushing config
    2017:01:03-22:55:05 utm red_server[15660]: a08e8fc3024d471: command 'PING 0'


    Here is the log from the clients side:
    2017:01:03-21:54:47 home red_client[3944]: CHILD Tunnel 1: Socket was closed 2017:01:03-21:54:47 home red_client[3944]: CHILD Tunnel 1: Unable to read PING response 2017:01:03-21:54:47 home red_client[3944]: Tunnel 1: disconnected 2017:01:03-21:54:49 home red_client[4300]: Tunnel 1: Forking client handler 2017:01:03-21:55:04 home red_client[7180]: CHILD Tunnel 1: performing initial keying. 2017:01:03-21:55:04 home redctl[7433]: key length: 32 2017:01:03-21:55:04 home redctl[7434]: key length: 32 2017:01:03-21:55:04 home redctl[7436]: xxx.xxx.xxx.xxx = 2017:01:03-21:55:04 home redctl[7436]: xxx.xxx.xxx.xxx
  • I see these restarts at some clients for RED tunnels between two UTMs.  I don't know why these occur, but I suspect it's the ISP that's causing the issue.

    You might consider replacing the RED tunnel with an IPsec or SSL VPN site-to-site.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for your reply, I was hoping it was not the ISP terminating the connection, but I also feel that it could be that.

    As for IPSEC / SSL based tunnel between the two, am i still able to use the other side as a gateway while using IPSEC?

  • "..., am i still able to use the other side as a gateway while using IPSEC?"

    Well, yes and no - what traffic flow are you trying to accomplish?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hey Bob,

    Firstly thanks for your replies, very helpful so far.

    I want to be able to... "unblock" certain websites which my ISP is blocking, i am using a RED Tunnel with Multipath Routing currently to achieve this.

  • If the UTM at the Data Center has a Web Filtering subscription, I would use that as a Parent Proxy for those websites in your home configuration instead of worrying about getting specific IPs for the sites in question.  If not, then there are ways to route traffic through an IPsec tunnel to solve your problem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I didnt think of doing that, yeah awesome i'll give that a go - would be easier indeed!

     

    Thanks