12-08-2011 12:10 PM
Hi -
I have 2 WRVS4400N's installed in our network, one at each end of a VPN tunnel between 2 physical locations. I continue to have issues with the VPN to "Stay" connected, even after purchasing another new WRVS4400N 4 months ago. I can reboot both routers, and the VPN connects with no problem, but hangs up after a few hours / days (no pattern).
I am taking a hard look at the issue now, as about 1 month ago, the newest router "automagically" reset it itself back to factory settings (thus interrupting nearly everything in our network). After contacting support, we reset the router and re-configured it to our environment. It is plugged into a surge protected UPS (yep, I thought maybe a power issue caused the problem, but it's not). Then about 1 week ago, the other/older (9 month old) router lost it's configuration. again, reset it and all works. Including the VPN, but the VPN still works as it did before.... connects for a while, but then drops and generally I need to reboot the router to get it connected again (clicking on the Connect on either router doesn't work until after a reboot).
Also, in light of the recent "lost configurations", I turned on logging and now I'm getting TONS of emails of log activity, even when the network is idle (no users, no background jobs running). Yep, this sounds great, but I dont' know how to read the messages (there in english, but don't make any sense to me).
after rebooting and no inter activity, I get this kind of log, all night long (to me it generally looks like the VPN connection resets and increments by 1... I'm taking a guess that the increment hits a limit someplace and I lose my VPN).
Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #13: received Delete SA payload: deleting ISAKMP State #13
Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #13: received and ignored informational message
Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #11: received Delete SA payload: deleting ISAKMP State #11
Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #11: received and ignored informational message
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [RFC 3947] method set to9
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth8, but already using method 109
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth7, but already using method 109
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: responding to Aggressive Mode, state #15, connection "GB-VPN" from 67.76.xxx.xxx
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: STATE_AGGR_R1: sent AR1, expecting AI2
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: STATE_AGGR_R2: ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=kley_3des_cbc_192 prf=kley_md5 group=dp768}
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: responding to Quick Mode {msgid:f3119ce2}
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: STATE_QUICK_R2: IPsec SA established {ESP=x267c1391 <0xe101ca37 xfrm=ES_0-HMAC_MD5 NATD=ne DPD=ne}
6737667.
more ....
Subject: WRVS4400N Security Log [FE:68:6F]
Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [RFC 3947] method set to9
Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth8, but already using method 109
Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth7, but already using method 109
Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: responding to Aggressive Mode, state #39, connection "GB-VPN" from 67.76.xxx.xxx
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: STATE_AGGR_R1: sent AR1, expecting AI2
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: STATE_AGGR_R2: ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=kley_3des_cbc_192 prf=kley_md5 group=dp768}
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #40: responding to Quick Mode {msgid:e11762ec}
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #40: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #40: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 8 14:56:27 - [VPN Log]: "GB-VPN" #40: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 8 14:56:27 - [VPN Log]: "GB-VPN" #40: STATE_QUICK_R2: IPsec SA established {ESP=x267c139d <0xe101ca43 xfrm=ES_0-HMAC_MD5 NATD=ne DPD=ne}
Dec 8 15:05:19 - [VPN Log]: packet from 67.76.xxx.xxx:500: Informational Exchange is for an unknown (expired?) SA
also, I get this log quite often, but have no clue what it means, or if I should be concerned (but generally when the network is in use, but not neccessarily the VPN connection)
:
Dec 8 04:09:38 - klips_debug:pfkey_acquire: no sockets registered for SAtype=ESP).
also, I get this log often on one of the routers, but not so much on the other (and have no idea what this is):
Nov 27 00:22:22 - hit KRIS_DDOS_TYPE
Nov 27 00:25:26 - hit KRIS_DDOS_TYPE
thanks guys,
Brian
02-06-2013 04:10 PM
I have this same issue. I also tried creating continuous traffic across the vpns via ping /t but no dice. The logs are not helpful for me either. Any ideas?
02-09-2013 07:10 AM
This entry is for IPS
Nov 27 00:25:26 - hit KRIS_DDOS_TYPE
Most of the other entries are VPN exchanges. You can disable the IPS to lighten the router load.
Can you post screenshot of both VPN configurations?
-Tom
Please mark answered for helpful posts
02-15-2013 07:36 AM
I have actually tried this as well and the connections still go down at random.
02-19-2013 01:31 PM
02-19-2013 01:34 PM
02-26-2013 07:39 AM
Any ideas? The connection i consistently have problems with is BAX.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide