RV042 VPN - Shows "Connected" But Randomly Stops Passing All Traffic


R

rebus9

Network Guru
Member
I posted this at DSLReports.com and someone recommended asking in this forum.

I have 2 brand new Linksys RV042 units doing a site-to-site VPN. Several times per day, traffic between the VPNs just..... stops. Neither side can ping the other over the VPN, although the public WAN IP still responds fine. (week-long ping monitoring to the public WAN IP at the other end, every 15 seconds, shows the WAN link is stable)

When traffic stops flowing, BOTH gateway web interfaces still show the VPN as "Connected" status.

The only solution is to manually force a Disconnect at one of the endpoints via the web interface. Then they immediately re-connect (like they're supposed to) and traffic starts to pass normally again.

Firmware: Both are at the latest 1.3.9 and both have been re-flashed just in case the original onboard image was corrupt.

Connections: One end is Road Runner, the other end is FIOS. To rule out a RR to FIOS routing issue, I unhooked the one from RR and took it to my next door neighbor who has FIOS, making a FIOS-to-FIOS VPN. Both endpoints are in the same city, about 8 milliseconds apart. Same result. After a random amount of time (sometimes 30 minutes, an hour, 2 hours, 3 hours...) traffic just stops passing, neither end can ping the other, even though the web interface shows "connected" at both ends.

I've tried all combinations of enabling/disabling the Keep Alive feature, and the Dead Peer Detection feature, at one and both ends. No luck.

Any advice to sort this out (other than sending them back for a refund and using a different brand)?

Thanks in advance.
 
Thanks for the info. I bumped the other thread you linked, just because it had more responses. It's both comforting to know that others are having the same issue, yet maddening at the same time because Linksys tech support tried to turf this as a problem only affecting me and nobody else. ("we don't have any other reports of this")

I wish I could script the router reboot, but.... our phones are all IP based (the PBX equipment, user phones at each desktop, and the VoIP dialtone service itself) and if I kicked the router whenever the VPN went down, any in-progress phone calls would be dropped. Our phone use is moderate to heavy so that would make a lot of enemies, fast. :frown:
 
(I posted this in the RV082 thread also. http://www.linksysinfo.org/forums/showthread.php?t=56229&goto=newpost )

I've become somewhat convinced this has to do with one end being Static IP, and the other being dynamic. The dynamic end always initiates the connection.

Since the dynamic IP almost never changes, I reconfigured the VPN as static IP at both ends, so either end can initiate the connection. I have WhatsUp pinging the other end every 30 seconds, and it has gone 2 days without a single missed ping.

OBVIOUSLY (!!!) this is not a solution, just a workaround if/until Linksys figures this out, assuming they even acknowledge it at all. Dynamic -> Static option is completely unreliable and there ARE many users whose IP changes frequently, so they will not be able to workaround like I did.
 
We are having the same problem. Anywhere in between 2-3 weeks, the link just stops working. Both ends show as connected, but the VPN link will not transmit until we force a disconnect. Then the two sides reconnect automatically and then it all works again.

Both ends have static IPs, and WE are the ISP. :biggrin: (as in the links from end to end are carried on our network and never enter a third party's network) So we can't blame the ISP. The links don't show any errors or packet loss, so it's something internal to the RV042. In fact, we suspect it's related to the key exchange, because when we change the key exchange times, we can get the link to stay up more/less time. Currently, we have found that we can get the longest uptime by chosing two different prime numbers for the Phase 1/2 SA Life Time.

However, 2-3 weeks of uptime is not enough for us, since the connection is actively used for access to DB servers and VOIP phones, and as soon as the connection dies, the phones disconnect and all the applications crash causing all sorts of database corruption (not our software, so we can't fix that).

We are using firmware 1.3.9 and we have reflashed both devices.

Linksys Tech Support does not seem to understand the fact that there is a problem (we have about 6 calls in to them over this issue). Their invariable answer is "what happens with you click disconnect? is it working now? ok, thanks for calling" Perhaps we should start calling Tech Support everytime the link goes down.

Has anybody here gotten further than we have?

Thanks,

Hector
 
I'm glad I am not the only one where tech support acts like this is a non-issue. (misery loves company)

I'm also appalled by it, because they act like it's a non-issue.

Just like you said, they have us click the disconnect button, the VPN connects, they ask if it's working now (Yes, it is) and they end the call. They don't want to LISTEN and THINK about how it affects users. And like your case, this VPN is used for phones, and it's happened many times in the middle of a call-- and of course, the call gets dropped, and we look like schmucks who don't know how to use a telephone.

Is it working now?

Yes.

Thank you for calling. Goodbye. (translation: we've done our job, now go away)
 
I'm sorry to reply on a 5 months old post, but does anyone have a good solution on the problem described by the TS? Because I also have the same problem...

Thanks!
 
syslog report

Can anyone with this problem set up a syslog server and generate a report? I have not had time to do this, but Cisco has offered to look at the problem if I can get them some data.
 
I have such logs for both ends of the VPN tunnel. Sent you a private message asking where/who to send this to.
 
Finally, something is happening with this issue. I sure hope you are able to get something out of Cisco. I have chimed in about this problem in Jan of this year. Though I said that it never happened to static to static VPNs, I rescind that comment and have been experiencing the problem across the board on all VPN connections. It does happen quite a lot more often on the dynamic connections though. It's like the DPD isn't functioning properly...

I have an RV016 as the main office and many RV042 branch offices.

Good Luck!!
 
FWIW, same problem here. I have not quite exhausted every possible combination of settings (lifetimes, DES/3DES, etc.) but I feel as if I've come close :) nothing solves this. Everything seems fine for a while, maybe hours, maybe days, but sooner or later something dies, one side still thinks it's connected but it's obviously not. Only solution is to "disconnect" the tunnel on the bad side, then everything's fine again for a while. Infuriating...
 
Sollostech has my logs now.

Yes, I am static to static VPN and it effects me. I have experimented (as much as I can risking a remote VPN site that is an airplane ride away) and the problem coincides with the phase 2 key renegotiation. The shorter the key lifespan the more VPN drops will be experienced simply due to more opportunies. I increased my lifespan to 8 hours (maximum allowed) and I still get the drop every few days which is better than every few hours with a shorter key lifespan.

I hope Sollostech Cisco contact works out for us all.
 
RV082 to Any other VPN Router just not stable

I've been using various linksys routers for the past 8 years starting with the BEFVP41 routing to the same locations for that amount of time and never had any re-occuring problems with the tunnels. I have been using the RV082 for the past 18 months doing the same thing and this router cannot keep a VPN connection if you are transferring any amount of data consistently over it. As reported many times by others, you will see that the VPN tab doesn't recognize that the tunnel is down. You can manually reset the connection, but be prepared to do this many times, especially during a large time consuming file transfer. The workaround I have in place is to use DPD set to 5 minutes. This seems to be the lowest you can go and have this feature still work. You still get downtime, but now that router will recognize the downed tunnel and correct, but this can still be annoying. You should only designate one side of your tunnel to handle the DPD, or else this feature may never work.

With each firmware update, I think that they may finally have tackled this one, but it's nowhere to be found on the release notes. This router has better throughput than the BEFVP41 had by many factors, so I don't want to have to go back to using it. It's not good if support is denying such an issue...usually means there is no solution to the problem...
 
I've had the same problem for over a year now. Funny how this thread is 3 years old and still nothing solved since.

I have 3-4 RV042 connected together and i always have a problem between 2 places while the other are fine.
I have noticed that when the tunnel dies, it pretty much only dies on 1 end. If on the broken end i try to login to the RV042 on the other side it won't work but if i try vice versa, it will detect the problem and reconnect by itself and start working both ways.

Has anyone been able to find a solution so far?
 
You must log in or register to reply here.

Back
Top