RV042 Gateway to Gateway VPN Connection Issue

  1. microe08

    I have a client that has a branch office connected to the main office using a pair of RV042s in a Gateway to Gateway VPN Tunnel Configuration. The connection gets established and works fine for a while. Unexpectedly the tunnel will stop passing traffic even though the RV042s both display connected. Internet traffic is still passed but the tunnel does not.

    Logging into one of the RV042's and disconnecting the tunnel and letting it automatically reconnect will correct the problem. This happens randomly about once a day. It used to happen more often but I set the Phase 2 SA Lifetime to 28800 and this reduced the frequency.

    Client is so frustrated that they are ready to scrape the RV042 and by something more reliable. (Considering U.S. Robotics USR8200)

    Both are running Firmware 1.3.9. The Main Office is connected the Internet using an XData connection with a dedicated IP address. The Branch Office is connected via DSL (Verizon) and has a dynamic IP so I am using FQDN for authentication.

    Subnet at the Branch is, at the main office it is

    Any help on this issue would be appreciated before we re-invest another $600 into hardware.
  2. Sfor

    Since the branch office Internet connection does not have a static IP a DDNS service should be used, I think.

    Also, a DPD option should be turned on in the advanced settings of the tunnel.
  3. Toxic

    I also found the tunnels stability better if you set BOTH Lifetimes to 28800, and using 3DES/SHA1 if you do not have a Static IP then you must use a DDNS/FQDN Address. Also if using ADSL connection make sure you have MTU Set at 1492 or lower.
  4. rebus9

    This has been posted about in several other threads both here, and in the official Linksys company forum, but so far no luck. See my post in another thread for a temporary workaround that may (or may not) work for you. In our particular case, we had an RV042 on a Dynamic IP always initiating the VPN connection to the RV042 on a Static IP. The VPN would stop passing traffic several times per day, even though both ends showed "connected". Like you, we had to manually force a disconnect of the VPN at one side and let it re-connect. Then it would run for a little while and die again.

    Since the Dynamic IP almost never changes, I reconfigured the VPN for Static IP whereby either side can initiate the connection. I did this 2 days ago, and the connection has been perfect ever since.


    Obviously this is NOT a good solution, and Linksys needs to get this sorted out and fixed, assuming they eventually acknowledge it's a problem at all. My chats with the IM support drones has always ended in "we've never heard of this before".
  5. psdamiani

    I had the same problem.-
    Solved this way:
    Where you have dynamic IP DO NOT SET Dynamic + email.-
    SET IP resolved by DYNDNS and enable DDNS on then router.-
    Hope this helps.-
  6. rebus9

    :thumbdown: Your answer does not apply to the problem described in this thread.

    We're connecting to the gateway using a DNS hostname, not hard-coded IP address. If you'd read though this whole thread, you'd realize this is NOT the kind of problem you think it is. (I'm guessing you're assuming the problem is the dynamic IP changes, and you're wrong.)

    Client on dynamic IP connects to Gateway w/Static IP
    Client passes email address and shared secret.
    VPN randomly stops passing traffic even though both endpoints show "connected" status.

    If we set it up pretending BOTH ends have static IP, then VPN stays connected reliably. But this is NOT a good solution because the dynamic IP changes, requiring us to re-config the VPN settings each time the IP changes.

    Bottom line is: Linksys implementation is broken and needs fixed at the firmware level.
  7. microe08

    Problem Resolved

    We took a hard look at this and after trying most of the suggestions (except DynDns), we decided to get a dedicated IP for the remote end of the tunnel. I know this can be a little costly, but the client was losing money with it going down.

    With dedicated IP's on both ends, it has been pretty stable. Only going down once in the last 3 weeks.

    I think the instability with the Dynamic IP really has something to do with only one end can re-negotiate the tunnel. With both on static IP either end can sense a drop and start the re-negotiation process.

    Thanks for everyones help.
  8. rebus9

    What I find most disturbing, though, is that neither endpoint seems to notice the VPN is not passing any traffic and both sit there happily saying "connected".

    I don't expect the moon for $175 per unit, but I *do* expect whatever features they've built in to at least work properly.
  9. mcato

