1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WVR200 -> RV082 ipsec tunnel isn't really up

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by justavpnquestion, Sep 1, 2007.

  1. justavpnquestion

    justavpnquestion LI Guru Member

    I have a tunnel between my house and the office that (how do I describe this?)

    Thinks it is staying up.

    I have a linux script called VPN.keepalive that does a ping and logs DOWN! if the ping fails. The problem I have is that it is not failing, however when I try to ssh it just never connects. I managed to get the router to notice the link was down by running nmap instead of ping. When I am trying to ssh into a server at the office this is simply annoying. When I have a rsync job scheduled to copy something overnight it is a little more than annoying.

    I have added nmap [host on other end of tunnel] to my script and I will see if that can keep it up. I would really like to set up a couple of my remote users with a similar configuration but I can not do that without finding a way to keep the tunnel alive without running the keepalive script.

    My router info
    Hardware Version: WRTR-147G_V02
    Software Version: 1.0.32.2


    Thank you
    Randy
     
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    What are your settings for routers? For example, are both routers using static addresses, or is one (or both) on a dynamic ip address connection? An additional consideration is that Linksys still hasn't gotten under control on how the WRV200 (and most other ethernet routers) will behave on a PPPoE connection.

    Jay
     
  3. justavpnquestion

    justavpnquestion LI Guru Member

    RV082 at the office is static ip
    WRV200 at home is dynamic ip DSL (Embarq uses DHCP instead of pppoe)

    I am doing ddns to resolve the dynamic address. It was doing the same thing on RoadRunner before I switched to DSL

    followup: the automated nmap does not appear to have kept the connection alive. I can ping right now but not connect to the same server using ssh.

    Randy
     
  4. LucF

    LucF Network Guru Member

  5. justavpnquestion

    justavpnquestion LI Guru Member

    resolved

    Just to let everyone know.

    I had Dead Peer Detection turned on at home and not at the office. When I turned it on at the office it did not seem to help so I turned it off at both locations. After my ISP (at work) quit knocking down the connection over the holiday weekend it has stayed up except for:

    Tue Sep 4 12:10:08 CDT 2007 DOWN!
    Wed Sep 5 02:45:17 CDT 2007 DOWN!
    Wed Sep 5 05:05:18 CDT 2007 DOWN!
    Wed Sep 5 05:10:18 CDT 2007 DOWN!


    I honestly think it was a combination of ComCast / DPD setting. At least now when it goes down the router can tell it is down and rebuild the tunnel.

    Randy
     

Share This Page