VPN issues from flapping secondary connection?



  • So I have a customer with dual WAN. No load balancing, just failover (the primary connection has much more bandwidth).

    There is a site to site IPSec VPN to one of their vendors. That IPSec connection does not use a Gateway Group, it only makes the connection on the primary.

    All day yesterday, they're saying they're getting disconnected from the other side of that VPN. The VPN is not showing that it's disconnected, and there haven't been any issues on the primary WAN.

    What I am seeing, however, is the backup, secondary WAN has been constantly flapping. Could this be flushing some table and causing issues on the VPN on the primary?

    Version is 2.4.4-RELEASE



  • I know generally bumping is looked down upon, but I haven't heard anything on this in a month...



  • Try disabling the backup wan and see if the issues stop
    (they should not, but its a starting poing)

    As for the disconnection per se, ask for logs.



  • @netblues said in VPN issues from flapping secondary connection?:

    the backup wan and see if the issues stop
    (they should not, but its a starting poing)

    We unplugged the backup WAN and the issues stop. This is not ideal. Why would the secondary going down interupt the VPN on the primary?



  • @dlogan So, what do the logs say?
    On which interface is ovpn bound to? Failover group?



  • This is not OpenVPN. This is an IPSec site to site to one of their vendors. It does not failover. It only points at the primary WAN. But for some reason when the secondary WAN drops, the VPN drops. If we leave the secondary WAN unplugged, the issue does not occur, but we need that failover connection sometimes.



  • Ommit my ovpn reference, still, what do the ipsec logs say? timeout? remote disc?
    How is failover implemented