Linux: Intermittent connectivity Lan-to-Lan L3 VPN

markr · Post by **markr** » Mon Feb 20, 2017 5:11 am

Hello,

I've set up a LAN-to-LAN VPN (Using L3 IP Routing) as detailed in section 10.6 of the manual between Kitchener (head) and Ottawa (branch) locations. I can connect among the subnets normally when I start the vpnserver and vpnbridge, but then connectivity becomes intermittent after a few minutes. Usually ssh over the VPN from one segment to the next times out, then a few minutes later it works again. The same happens with HTTP and SMB connections. Connecting directly (without the VPN) always works normally.

I'm running Ubuntu 14.04 and 16.04 with SE 4.22 with 2 NIC's in each box all using the r8169 driver. Connecting to either network from home works perfectly and both networks remain running at full-speed even when SE connections time-out.

Would anyone have a suggestion? Could this be an issue with the L3 switch or cached IP address tables? I note that the IP address assigned in the L3 switch (ie: 192.168.2.254), appears intermittently as a client IP on the WAN/LAN/DHCP router.

Another post that has the same issue is at <http://www.tomshardware.com/answers/id- ... ubles.html>. No solution is offered. I've done all the configurations suggested there.

Many thanks for suggestions,
Mark

Post by **thisjun** » Thu Mar 02, 2017 7:38 am

Could you show a server log?

markr · Post by **markr** » Sat Mar 04, 2017 6:51 pm

Thank you for asking. Logs are attached.

The logs were recorded when trying to connect using ssh from the head office (vpnserver) to the bridged network (vpnbridge), from 192.168.1.110 to 192.168.2.221. The connection did not succeed.

I appreciate your suggestions.

Post by **thisjun** » Thu Mar 16, 2017 6:04 am

The server log doesn't have important section.
So, please show the VPN log when session starts.

Maybe, UDP acceleration causes the problem.

markr · Post by **markr** » Fri Mar 31, 2017 8:34 pm

Thanks. A log of the head office server startup is attached.

Here's what I also tried: Connect with and without UDP acceleration, installed at the 'edge' site the vpn_bridge and vpn_server versions to make the cascade connection, reset the server to default settings with the minimum necessary configuration. All work, equally sporadically but intermittently. I can usually connect with ssh from the 'edge'->head office; but less often from head office->edge. The head office->edge connection is more likely to succeed if it is attempted a few seconds after a successful edge->head office session is started.

Could it be an issue with the layer 3 switch?

Best,
Mark

Post by **thisjun** » Thu Apr 06, 2017 7:13 am

I could't find a cause from the server log.

Could you find packet log of ping at both side of virtual L3 switch when communication lost.

markr · Post by **markr** » Thu Apr 06, 2017 4:00 pm

Hello,

I think we have solved the problem: the Asus RT-N12D1 router had its firewall enabled. This has some sort of SPI function. I disabled it for troubleshooting an unrelated issue and now bi-directional communication over the L3-switch works perfectly.

Suggested fix: disable (SPI) firewall.

Best wishes and many thanks for all your work,
Mark

Linux: Intermittent connectivity Lan-to-Lan L3 VPN

Linux: Intermittent connectivity Lan-to-Lan L3 VPN

Re: Linux: Intermittent connectivity Lan-to-Lan L3 VPN

Re: Linux: Intermittent connectivity Lan-to-Lan L3 VPN

Re: Linux: Intermittent connectivity Lan-to-Lan L3 VPN

Re: Linux: Intermittent connectivity Lan-to-Lan L3 VPN

Re: Linux: Intermittent connectivity Lan-to-Lan L3 VPN

Re: Linux: Intermittent connectivity Lan-to-Lan L3 VPN