Ipsec VPN tunnel keeps dropping

Unanswered Question
Jan 19th, 2010
User Badges:

I recently bought and setup a VPN tunnel for a client using a pair of WRVS4400N V2. The setup went well and the VPN tunnel worked.

But atleast once a day the tunnel disconnects (the status says Down). I can manually (remotely) reconnect but would prefer that the tunel

stay connected. Can someone advice if there is anything i can do.


Venkat Taramangalam

[email protected]

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mihagan Wed, 01/20/2010 - 03:23
User Badges:

Go into the settings for the tunnel in each router and expand the Advanced options at the bottom of the screen. You will find an option to enable Keep Alive. Turn the Keep Alive option on for both routers and see if that makes any difference for you.

Also verify that you have the latest firmware on both routers which should be for v2.

sunandakrishna Wed, 01/20/2010 - 10:25
User Badges:

Thank you. The routers are running firmware version

When i expand the "Advanced" option, i only see two choices:

  Aggressive Mode

  Netbios Broadcast

Both are off by default. I don't see the keepalive option.



Te-Kai Liu Wed, 01/20/2010 - 10:47
User Badges:
  • Gold, 750 points or more

WRVS4400N does not support Dead Peer Detection. It will reconnect the tunnel when it sees packets that need to get on the tunnel. If you need the tunnel to stay up all the time, you could have a PC making a continuous ping to another PC accross the tunnel. Other Small Business routers such as RV042 and RV082 support DPD and Keep Alive, which can keep the tunnel up.

juunda Wed, 01/20/2010 - 13:23
User Badges:

This could be irrelevant to your situation but I am just suggesting it, sometimes the tunnels go down because your WAN ip address lease changes or needs to be renewed. While this process happens with your ISP the tunnel will go down, and in certain cases your ip could possibly change until it re-associates usually requiring a manual reconnect from the routers interface.  If that is the case you could find out if you could get static wan IP addresses on both sides or consider registering with a DynDNS server to do the tunnels in that fashion instead.

durgeshpurohit Sat, 06/12/2010 - 23:46
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi All,

In our network environment, we have setup IPSec tunnel from Mumbai to Hong Kong.

I was facing the same issue and came to know that there was major packet loss from our TELCO side and was unable to forward their traffic from one of them BGP..

increases of IPSec tunnel heart rate help us a bit..

Thank you,