tdalton69
asked on
Linksys RV082 VPN tunnels won't stay up
Linksys RV082 VPN tunnels won't stay up
I have 4 sites all have RV082s running the latest firmware 1.1.5. I have gateway to gateway vpn tunnels from every site to every other site so each router has 3 tunnels defined on it. I have keepalive, aggresive mode, dead peer detection and NetBIOS broacdastin checked in the advanced properties the Phase I and Phase II settings are default and the settings are the same for every tunnel at every site. We determined the optimum MTU for each site by doing ping -f -l until we got unfragmented replies. Still our tunnels don't stay up. Over the last 2 days the most problematic has been site 1 (this site is a Savvis POP so it has the cleanest internet connection and the closest to the internet backbone) and site 2 (TimeWarner Roadrunner cablemodem). Site 3 (Adlelpia cable modem) and Site 4 (Optimum Online cablemodem) seem to stay up and connected to themselves as well as Site 1. Site 2 seems to stay connected to Site 3 but site 2 loses connection to Site 4 a good bit (not as bad as Site 1 to Site 2 though). When the tunnels are disconnected I can still ping the WAN interface of the routers where the tunnel is terminated. Additionally I have Anyway I've used the RV082s in the past establishing Site-to-Site VPNs with a Cisco VPN3015 and that worked quite nicely. Now I don't have the luxury of the 3015 and I've read posts from alot of people who are doing exactly what I'm doing and don't seem to have the problems I'm having. Any thoughts, suggestions or comments (other than Linksys sux) would be greatly appreciated!
Thanks,
TD
I have 4 sites all have RV082s running the latest firmware 1.1.5. I have gateway to gateway vpn tunnels from every site to every other site so each router has 3 tunnels defined on it. I have keepalive, aggresive mode, dead peer detection and NetBIOS broacdastin checked in the advanced properties the Phase I and Phase II settings are default and the settings are the same for every tunnel at every site. We determined the optimum MTU for each site by doing ping -f -l until we got unfragmented replies. Still our tunnels don't stay up. Over the last 2 days the most problematic has been site 1 (this site is a Savvis POP so it has the cleanest internet connection and the closest to the internet backbone) and site 2 (TimeWarner Roadrunner cablemodem). Site 3 (Adlelpia cable modem) and Site 4 (Optimum Online cablemodem) seem to stay up and connected to themselves as well as Site 1. Site 2 seems to stay connected to Site 3 but site 2 loses connection to Site 4 a good bit (not as bad as Site 1 to Site 2 though). When the tunnels are disconnected I can still ping the WAN interface of the routers where the tunnel is terminated. Additionally I have Anyway I've used the RV082s in the past establishing Site-to-Site VPNs with a Cisco VPN3015 and that worked quite nicely. Now I don't have the luxury of the 3015 and I've read posts from alot of people who are doing exactly what I'm doing and don't seem to have the problems I'm having. Any thoughts, suggestions or comments (other than Linksys sux) would be greatly appreciated!
Thanks,
TD
I have a few clients with problematic VPN's.
Use Task Scheduler and schedule a .BAT file to execute every couple of minutes to ping a PRIVATE address on the inside of the remote end.
This keeps the tunnel established more reliably.
Use Task Scheduler and schedule a .BAT file to execute every couple of minutes to ping a PRIVATE address on the inside of the remote end.
This keeps the tunnel established more reliably.
ASKER
I have been persistant pings running but still not seeing the stability that I was seeing when I had a site-to-site from the Rv082 to a Cisco 3015. Now I know the 3015 should be more stable but an RV082 to RV082 should be pretty stable as well, this isn't rocket science but if the code is flakey then there is no work around except a firmware upgrade.
>I have keepalive, aggresive mode, dead peer detection and NetBIOS broacdastin.......
Maybe disable these features ?
Also, what error messages are you getting here ?
Maybe disable these features ?
Also, what error messages are you getting here ?
ASKER
I have tried w/out keepalive, aggressive mode, dead peer detection and Netbios (unchecked one at a time and tested for a couple of hours) with no improvement. The error logs don't give any clue it just looks like the tunnel is dropping and Dead Peer Detection notices and tries to reinitiate the tunnel. Some of it may very well be my Road Runner connection for my particular site problems but again it's not as stable as it was to the 3015.
I'm not too sure then. I'm leaning toward an ISP problem - they could well be responsible for dropping packets and causing the VPN to fail. Linksys devices need a pretty stable connection to work, but the Cisco stuff seems more resilient to drop outs.
Haveyou tried changing your MTU setting to a lower #. i have several RV042 and it helped me.
Good resource for MTU sizes etc - http://www.dslreports.com/faq/695
ASKER
We adjusted the MTU per site and it made no difference. The tunnels seemed to mysteriously stabilize somewhat over time but every now and then they'd flake on us and it always seemed to be at the worse possible moment (Murhpy's Law of course) ended up going with OpenWRTs running OpenVPN and haven't had a problem since and it is much more feature packed w/ full QoS, etc.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you have any way to benchmark your ADSL performance ?