Hello everybody,
We have two branch offices that connect to our company network through RED 10 devices.
Recently, one of these two has started experiencing problems where the tunnel will fail every couple of hours.
Note that only of the offices is having this problem, the other one is fine.
I checked the office's DSL router, according to its logs, the DSL connection itself is not having any problems. It is a LinkSys X3500 in case it matters. Firmware has been updated roughly a year ago. I checked and there seems to be a more recent firmware version available, but I have not installed it, yet.
When the tunnel fails, the RED log on the UTM at our headquarters shows the following:
2016:06:16-08:38:52 vpn red_server[16141]: AXXXXXXXXXXXXXX: No ping for 30 seconds, exiting.
2016:06:16-08:38:52 vpn red_server[16141]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="AXXXXXXXXXXXXXX" forced="0"
2016:06:16-08:38:52 vpn red_server[16141]: AXXXXXXXXXXXXXX is disconnected.
2016:06:16-08:38:52 vpn red_server[4604]: SELF: (Re-)loading device configurations
2016:06:16-08:39:38 vpn red_server[21833]: SELF: New connection from 1.2.3.4 with ID AXXXXXXXXXXXXXX (cipher AES256-GCM-SHA384), rev1
2016:06:16-08:39:38 vpn redctl[21835]: key length: 32
2016:06:16-08:39:38 vpn redctl[21836]: key length: 32
2016:06:16-08:39:38 vpn red_server[21833]: AXXXXXXXXXXXXXX: connected OK, pushing config
2016:06:16-08:39:43 vpn red_server[21833]: AXXXXXXXXXXXXXX: command 'UMTS_STATUS value=OK'
2016:06:16-08:39:43 vpn red_server[21833]: AXXXXXXXXXXXXXX: command 'PING 5 uplink=WAN'
2016:06:16-08:39:43 vpn red_server[21833]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="AXXXXXXXXXXXXXX" forced="0"
(Where AXXXXXXXXXXXXXX is the ID of the RED device at the branch office, and "1.2.3.4" is the remote IP address.)
This has happened every couple of hours over the last few days. Before that, the RED used to work fine. In today's log, the message appears four times already, so this happens roughly every two hours. It appears to become more frequent during working hours.
My research so far tells me that the problem is probably with our ISP, who we have contacted already. A service technician is going to visit the office sometime before the end of this week, but I want to cover all possible causes. Also, the ISP will probably claim that everything is fine on their end, as they always do, and I want to be able to say that I checked all possible causes and solutions to the problem on my end. (We had a similar problem at the other branch office about a year ago, and it turned out to be a faulty cable running from the building to the DSLAM.)
So far, I have changed the settings for the RED device to a) use the static public IP address of our UTM instead of a hostname and b) not to use compression on the RED tunnel. Next, I want to install the more recent firmware on the router and the branch office, but I can only do that in the evening when nobody is working there.
Also, I wonder if I should change the the RED settings not to get networks settings via DHCP from the router and use static settings instead.
If anyone has experienced this kind of problem and has managed to find a solution, I would appreciate any insights they might be able to share.
If it is an ISP problem, the upside would be that it is not my fault, but that would also mean I cannot do much about it in the short term.
Thank you very much for any suggestions or experiences you might be able to share,
Benjamin
This thread was automatically locked due to age.
