Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    site to multisite vpn - constant connection dropouts

    OpenVPN
    1
    2
    293
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jagradang
      last edited by jagradang

      Hi Guys,

      I have an issue that seems to have occurred only after i upgraded to 2.5 and its really bugging me as i can't even figure out where to begin debugging it!

      The setup
      4 sites:
      Site a
      Site b
      Site c
      Site d

      Each site has a road warrior vpn to connect directly to it and the site to site connectivity allows connection between the sites

      Site a is the main site with 3 vpn connections
      Site a - Site b
      Site a - Site c
      Site a - Site d

      I have FRR setup to handle all the routing
      site a 0.0.0.0 (Main Site)
      site b 0.0.0.1
      site c 0.0.0.2
      site d 0.0.0.3

      Everything worked perfectly with 2.4 but this issue wasn't realised until all the upgrades were done and other changes were made so it's not very easy to revert to go back to 2.4 without me taking each site offline to revert the configs and reconfigure changes. Ideally I want to understand the problem and figure out if that really is my last resort or not.

      The Issue

      • If i remote desktop from site a to any of the other sites i have no issues. all work perfectly.
      • If i connect from site b/c/d to site a again no issues
      • If i connect from site b to site c (which goes via site a) - every 30 seconds to 1 minute remote desktop drops out and i get the "connection lost - reconnecting" error. - This happens on all sites when hopping only (so site b to site c, site c to site d etc...)

      so site to site works fine, and road warrior vpn works fine. going from site to site via site a is where the issue is.

      What i have tried

      • I've looked at the vpn logs - no issues all connecting fine no errors.
      • FRR no connection or routing issues,
      • I've done packet trace - the only thing that flags up is "rdp retransmission" errors. everything else looks perfectly normal
      • site to site VPN was setup with UDP so i switched to TCP to test if that fixes it - same issue
      • I've tried increasing the vpn logging to see anything comes up - nothing out of the ordinary
      • I've tried the same with ssh to rule out any RDP issues, again same issue occurs with ssh
      • I've tried file transfer between sites and i get the same disconnect issue

      SO the issue is definitely the inter-site connection and not specific to RDP or any tool. It ONLY occurs when hopping to another site via site a

      Nothing has changed in this config since 2.4, and this worked perfectly fine. It seems the upgrade to 2.5 has just totally broken the setup and i'm really and ends-witt on where to even begin debugging this now. I have totally exhausted everything i can think off..

      so any help appreciated!! does anyone else have site to site config and using it in the same way, any config tips, any tips on where i even start debugging this? Is my last resort just to lump it and spend the weekend switching it all back to 2.4

      J 1 Reply Last reply Reply Quote 0
      • J
        jagradang @jagradang
        last edited by

        I had a play with this over the weekend and i tried running some ping tests.

        I pinged machine b while remote desktop to machine b on site b from site c.
        I had no ping drops but the remote desktop connection did drop so i have a feeling this isn't a VPN issue, it might be more of an issue with FRR / routing.

        Any help how i can debug FRR? (and how can i change this post to that forum?)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.