This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED Tunnel to specific branch site fails frequently

Hello everybody,

We have two branch offices that connect to our company network through RED 10 devices.

Recently, one of these two has started experiencing problems where the tunnel will fail every couple of hours.
 Note that only of the offices is having this problem, the other one is fine.

I checked the office's DSL router, according to its logs, the DSL connection itself is not having any problems. It is a LinkSys X3500 in case it matters. Firmware has been updated roughly a year ago. I checked and there seems to be a more recent firmware version available, but I have not installed it, yet.

When the tunnel fails, the RED log on the UTM at our headquarters shows the following:

2016:06:16-08:38:52 vpn red_server[16141]: AXXXXXXXXXXXXXX: No ping for 30 seconds, exiting.
2016:06:16-08:38:52 vpn red_server[16141]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="AXXXXXXXXXXXXXX" forced="0"
2016:06:16-08:38:52 vpn red_server[16141]: AXXXXXXXXXXXXXX is disconnected.
2016:06:16-08:38:52 vpn red_server[4604]: SELF: (Re-)loading device configurations
2016:06:16-08:39:38 vpn red_server[21833]: SELF: New connection from 1.2.3.4 with ID AXXXXXXXXXXXXXX (cipher AES256-GCM-SHA384), rev1
2016:06:16-08:39:38 vpn redctl[21835]: key length: 32
2016:06:16-08:39:38 vpn redctl[21836]: key length: 32
2016:06:16-08:39:38 vpn red_server[21833]: AXXXXXXXXXXXXXX: connected OK, pushing config
2016:06:16-08:39:43 vpn red_server[21833]: AXXXXXXXXXXXXXX: command 'UMTS_STATUS value=OK'
2016:06:16-08:39:43 vpn red_server[21833]: AXXXXXXXXXXXXXX: command 'PING 5 uplink=WAN'
2016:06:16-08:39:43 vpn red_server[21833]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="AXXXXXXXXXXXXXX" forced="0"

(Where AXXXXXXXXXXXXXX is the ID of the RED device at the branch office, and "1.2.3.4" is the remote IP address.)

This has happened every couple of hours over the last few days. Before that, the RED used to work fine. In today's log, the message appears four times already, so this happens roughly every two hours. It appears to become more frequent during working hours.

My research so far tells me that the problem is probably with our ISP, who we have contacted already. A service technician is going to visit the office sometime before the end of this week, but I want to cover all possible causes. Also, the ISP will probably claim that everything is fine on their end, as they always do, and I want to be able to say that I checked all possible causes and solutions to the problem on my end. (We had a similar problem at the other branch office about a year ago, and it turned out to be a faulty cable running from the building to the DSLAM.)

So far, I have changed the settings for the RED device to a) use the static public IP address of our UTM instead of a hostname and b) not to use compression on the RED tunnel. Next, I want to install the more recent firmware on the router and the branch office, but I can only do that in the evening when nobody is working there.

Also, I wonder if I should change the the RED settings not to get networks settings via DHCP from the router and use static settings instead.

If anyone has experienced this kind of problem and has managed to find a solution, I would appreciate any insights they might be able to share.

If it is an ISP problem, the upside would be that it is not my fault, but that would also mean I cannot do much about it in the short term.

Thank you very much for any suggestions or experiences you might be able to share,

Benjamin



This thread was automatically locked due to age.
Parents
  • Hi,

    The log states that a disconnection occurs from the remote branch office RED. Which is the RED model you are using? Do tcpdump and check if UTM receives packets on port 3410 and 3400 from the connected RED public IP. Please refer the doc

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Thank you very much for your reply!

    Did I fail to mention the model? Sorry! It is a RED 10.

    I let tcpdump run for a few minutes on our UTM, and I see traffic on TCP and UDP ports 3400 (which is exactly what to expect according to the link you posted).

    The branch office has a regular DSL line with a static IP address. The ISP forces a disconnect every 24 hours, but that has not happened today, yet. Unfortunately, the users at the branch office do not use any latency-sensitive applications like listening to radio streams or Skype, so I cannot tell for sure if the Internet connection is experiencing any hickups when the RED tunnel is lost. As far as I know, the ISP does not filter or restrict traffic in any way.

    I can see that according the log the RED tunnel is lost. The question is, of course, what is causing these problems and what I can do about it. ;-)

    Since my first post, the tunnel has gone down two more times (again, the connection was re-established after about a minute), so changing the RED config to connect to our main office's public IP instead of the associated hostname has not made a difference. ;-(
     (And like I said, I kind of suspect the problem is with our ISP, but at this point I have no proof one way or the other.)


    Kind regards,

    Benjamin

  • Hi Benjamin,

    What is the present firmware version on UTM?

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply Children