Menu
What's new
By:
Filters Better Search

RT-AC88U VPN IPSec Passthrough issue

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

Cristi Cotet

New Around Here
We use a RT-AC88U router as an internet gateway with one public IP and multiple internal hosts.
We have a Centos 7.4 Virtual Machine that connects to an external VPN server using IPsec.
The VPN connection drops about 6-12 times a day and cannot reconnect even if we restart the Virtual Machine.
If we reboot the router the VPN works again. This is why we belive the problem is with the Asus router.

VPN Status:
000 #1403: "connection-name-removed":4500 STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_v1_RETRANSMIT in 24s; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
1403: pending Phase 2 for "connection-name-removed" replacing #0
At the other end there is a Juniper SRX240. From Juniper Log + documentation the problem seems to be invalid Pre Shared Key but the PSK is not changed. Only rebooting the Asus Router resolved the issue so we belive the Asus router starts to change the packets is such a way that the other end can't decode them any more and the reported error is with the PSK.

We think there is a correlation between internet connection going down for a second and coming back up and VPN issue.
If we don't reboot Asus router the VPN connection cannot be established even after 24 hours.
 
Cristi Cotet said:
The VPN connection drops about 6-12 times a day and cannot reconnect even if we restart the Virtual Machine.

We think there is a correlation between internet connection going down for a second and coming back up and VPN issue.
If we don't reboot Asus router the VPN connection cannot be established even after 24 hours.
Click to expand...

Are you saying there is an Internet connection instability problem separate from the router/VPN not recovering?

OE
 
OzarkEdge said:
Are you saying there is an Internet connection instability problem separate from the router/VPN not recovering?

OE
Click to expand...
We are not 100% sure but we think this is the trigger. A few times happened that at least one colleague reported brief internet connection issue (eg: one page load error) exactly before the VPN connection drops on the Virtual Machine. Personally I always have SSH sessions opened (via putty) but they are not affected by the brief internet connection issue.
99% of the traffic is directly routed to the internet..only a few computers have a static route for one IP range to go through Virtual Machine and therefor through VPN to access a clients internal servers.
 
I asked the question to clarify your original statement, and you did. I don't think I can offer any pointed help other than to wonder if the VPN issue is a symptom of another problem relating to the Internet connection... and that it could be as mundane as dodgy interconnects/cabling. If you are losing connectivity 6-12 times a day, that would be the first problem to address, imo... if only to keep the users happy. :)

There must be a log somewhere to confirm Internet up time...

OE
 
Well.. even if there is a temporary connection issue (there is definitely not a permanent connection issue) I'm expecting the VPN connection to be reestablished. "ipsec restart" does nothing, Virtual Machine reboot does nothing... something bad happens on the router that block any future attempt to start the VPN connection. I've logged in on router/ssh and checked iptables before and after the issue happened. There is no change. I wanted to try to restart various services maybe I find the one causing the problem but didn't succeeded (I don't know what command to run and the one's I've found doesn't seem to work).
Firmware is official. Latest version: 3.0.0.4.384_20379-gc0714df
 
You must log in or register to reply here.

Similar threads

L
IPSec VPN Server with VNC connection causes ASUS RT-AC3100 to Reboot
Replies
0
Views
587
lporchas
L
SamCarey
ASUS router blocking VPN (Error Code 809) - L2Tp/IPsec - TUF-AX5400.
Replies
0
Views
2K
SamCarey
SamCarey
K
RT-AX86U and network issue or ISP (Rogers) Issue?
Replies
11
Views
494
Keyser-_-soze
K
F
Site To Site VPN between Debian VM and AsusWRT-Merlin router, no routes exists
Replies
2
Views
1K
Freewill0592
F
C
VPN doing a lot of unrecognized options without them even being in the config IPV6 issue
Replies
3
Views
993
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
R Help with RT-ac88u network switch issues - causing reboot ASUS AC Routers & Adapters (Wi-Fi 5) 0
N Recommendation For Next Router. Currently have RT-AC88U and RT-AC68U (as a node). ASUS AC Routers & Adapters (Wi-Fi 5) 8
Squall Leonhart WAN Light blinks then sticks bright, dim WPS/USB, no power light (jealous cat peed on ac88u) [Fixed] ASUS AC Routers & Adapters (Wi-Fi 5) 0
gian1200 RT-AC88U CPU bottleneck with 500mbps+ internet speed. Good replacement/upgrade with same features enabled? ASUS AC Routers & Adapters (Wi-Fi 5) 3
P AC88U - flashing problem need help with Jtag ASUS AC Routers & Adapters (Wi-Fi 5) 0
J Choose best wired ai mesh nodes for rt-ac88u ASUS AC Routers & Adapters (Wi-Fi 5) 4
H Asus RT- AC88U strange log ASUS AC Routers & Adapters (Wi-Fi 5) 9
A RT-AC88U WAN speed hitting max DL of around 500Mbps from speedtest? ASUS AC Routers & Adapters (Wi-Fi 5) 9
kaanaslan DSL-AC88U asuscomm DDNS Lets Encrypt Problem ASUS AC Routers & Adapters (Wi-Fi 5) 0
kaanaslan DSL-AC88U Port Forwarding doesn't seem to be working when not in the local network ASUS AC Routers & Adapters (Wi-Fi 5) 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 885 (members: 23, guests: 862)
Top