12-08-2011 12:10 PM
Hi -
I have 2 WRVS4400N's installed in our network, one at each end of a VPN tunnel between 2 physical locations. I continue to have issues with the VPN to "Stay" connected, even after purchasing another new WRVS4400N 4 months ago. I can reboot both routers, and the VPN connects with no problem, but hangs up after a few hours / days (no pattern).
I am taking a hard look at the issue now, as about 1 month ago, the newest router "automagically" reset it itself back to factory settings (thus interrupting nearly everything in our network). After contacting support, we reset the router and re-configured it to our environment. It is plugged into a surge protected UPS (yep, I thought maybe a power issue caused the problem, but it's not). Then about 1 week ago, the other/older (9 month old) router lost it's configuration. again, reset it and all works. Including the VPN, but the VPN still works as it did before.... connects for a while, but then drops and generally I need to reboot the router to get it connected again (clicking on the Connect on either router doesn't work until after a reboot).
Also, in light of the recent "lost configurations", I turned on logging and now I'm getting TONS of emails of log activity, even when the network is idle (no users, no background jobs running). Yep, this sounds great, but I dont' know how to read the messages (there in english, but don't make any sense to me).
after rebooting and no inter activity, I get this kind of log, all night long (to me it generally looks like the VPN connection resets and increments by 1... I'm taking a guess that the increment hits a limit someplace and I lose my VPN).
Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #13: received Delete SA payload: deleting ISAKMP State #13
Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #13: received and ignored informational message
Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #11: received Delete SA payload: deleting ISAKMP State #11
Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #11: received and ignored informational message
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [RFC 3947] method set to9
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth8, but already using method 109
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth7, but already using method 109
Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: responding to Aggressive Mode, state #15, connection "GB-VPN" from 67.76.xxx.xxx
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: STATE_AGGR_R1: sent AR1, expecting AI2
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: STATE_AGGR_R2: ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=kley_3des_cbc_192 prf=kley_md5 group=dp768}
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: responding to Quick Mode {msgid:f3119ce2}
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: STATE_QUICK_R2: IPsec SA established {ESP=x267c1391 <0xe101ca37 xfrm=ES_0-HMAC_MD5 NATD=ne DPD=ne}
6737667.
more ....
Subject: WRVS4400N Security Log [FE:68:6F]
Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [RFC 3947] method set to9
Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth8, but already using method 109
Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth7, but already using method 109
Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: responding to Aggressive Mode, state #39, connection "GB-VPN" from 67.76.xxx.xxx
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: STATE_AGGR_R1: sent AR1, expecting AI2
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: STATE_AGGR_R2: ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=kley_3des_cbc_192 prf=kley_md5 group=dp768}
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #40: responding to Quick Mode {msgid:e11762ec}
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #40: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #40: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 8 14:56:27 - [VPN Log]: "GB-VPN" #40: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 8 14:56:27 - [VPN Log]: "GB-VPN" #40: STATE_QUICK_R2: IPsec SA established {ESP=x267c139d <0xe101ca43 xfrm=ES_0-HMAC_MD5 NATD=ne DPD=ne}
Dec 8 15:05:19 - [VPN Log]: packet from 67.76.xxx.xxx:500: Informational Exchange is for an unknown (expired?) SA
also, I get this log quite often, but have no clue what it means, or if I should be concerned (but generally when the network is in use, but not neccessarily the VPN connection)
:
Dec 8 04:09:38 - klips_debug:pfkey_acquire: no sockets registered for SAtype=ESP).
also, I get this log often on one of the routers, but not so much on the other (and have no idea what this is):
Nov 27 00:22:22 - hit KRIS_DDOS_TYPE
Nov 27 00:25:26 - hit KRIS_DDOS_TYPE
thanks guys,
Brian
02-06-2013 04:10 PM
I have this same issue. I also tried creating continuous traffic across the vpns via ping /t but no dice. The logs are not helpful for me either. Any ideas?
02-09-2013 07:10 AM
This entry is for IPS
Nov 27 00:25:26 - hit KRIS_DDOS_TYPE
Most of the other entries are VPN exchanges. You can disable the IPS to lighten the router load.
Can you post screenshot of both VPN configurations?
-Tom
Please mark answered for helpful posts
02-15-2013 07:36 AM
I have actually tried this as well and the connections still go down at random.
02-19-2013 01:31 PM
02-19-2013 01:34 PM
02-26-2013 07:39 AM
Any ideas? The connection i consistently have problems with is BAX.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: