Three OpenVPN Pre-Shared Key Site to Site Connections unstable
-
I am hoping someone out there can give me some pointers. I have 3 Sites, MainSite, DRSite1 and DRSite2. The are connected by a OpenVPN Pre-Shared Key Site to Site VPN.
The link is set up between MainSite and each DRSiteX.MainSite (OpenVPN Client - UDP Port 1198)-> ISP A -> DR Site1 (OpenVPN Server - UDP Port: 1198)
MainSite (OpenVPN Client - UDP Port 1197)-> ISP B -> DR Site2 (OpenVPN Server - UDP Port: 1197)This is NO Site to Site between DRSite1 and DRSite2 (yet, it is in the plan at some point but this issue is what is holding up that plan)
The problem is that it appears the routing between the tunnels fails is BOTH VPNs are connected.
When I start ping my from a desktop in MainSite to a host in DRSite 1, all is OK. Then when I start a another ping from MainSite to a host in DRSite 2, all is ok. HOWEVER….after about 1-5 minutes, the pings start to drop and eventually maybe one or two pings actually get though, this appears on both ping sessions.
When I disable either DRSite1 or DRSite2's VPN Session, the remaining site's pings return back to normal.
This is impacting our site to site replication between the MainSite and the two DR sites.
I am at a loss at what the problem is or how to correct it.
-
A lot more information is required in order to accurately determine what might be wrong. At a minimum, the following would be needed:
- A list of configured tunnel networks, routes, and other settings for each VPN instance
- The contents of the OpenVPN log from each node
- The contents of the routing table from Diagnostics > Routes on each node
-
Here is the information requested:
A list of configured tunnel networks, routes, and other settings for each VPN instance
MainSite (OpenVPN Client - UDP Port 1198)-> ISP A -> DR Site1 (OpenVPN Server - UDP Port: 1198) = Tunnel Network 10.10.1.0/24
MainSite (OpenVPN Client - UDP Port 1197)-> ISP B -> DR Site2 (OpenVPN Server - UDP Port: 1197) = Tunnel Network 10.10.2.0/24The settings are the default for Pre-Shared Key Site to Site VPN, there are no manual routes, everything is via BGP within the tunnel.
The contents of the OpenVPN log from each node:
All logs are empty, nothing in them. However all tunnels come up, but appears nothing is being logged.The contents of the routing table from Diagnostics > Routes on each node
This is blank. Routes are provided via BGP.
-
Here is the information requested:
A list of configured tunnel networks, routes, and other settings for each VPN instance
MainSite - Network 192.168.2.0/24 (OpenVPN Client - UDP Port 1198)-> ISP A -> DR Site1 - Network - 192.168.0.1/24 (OpenVPN Server - UDP Port: 1198) = Tunnel Network 10.10.1.0/24
MainSite - Network 192.168.2.0/24 (OpenVPN Client - UDP Port 1197)-> ISP B -> DR Site2 - Network - 192.168.1.0/24 (OpenVPN Server - UDP Port: 1197) = Tunnel Network 10.10.2.0/24The settings are the default for Pre-Shared Key Site to Site VPN, there are no manual routes, everything is via BGP within the tunnel.
The contents of the OpenVPN log from each node:
All logs are empty, nothing in them. However all tunnels come up, but appears nothing is being logged.The contents of the routing table from Diagnostics > Routes on each node
This is blank. Routes are provided via BGP.
-
Then you'll also have to provide info about your BGP config on each node. That's not a typical VPN configuration and should have been disclosed in the original post.
