News: This forum is now permanently frozen.
Pages: [1]
Topic: IPSec Site to Site - Random Disconnection Problems  (Read 1857 times)
« on: November 24, 2009, 19:37:37 »
StoneUSA7 *
Posts: 2

I have a site to site VPN tunnel that I use to connect a remote office to the main office.  We are running M0n0wall 1.3b18 on both sides of the tunnel and both have static IPs.  We have a domain controller in the main office that reaches across the tunnel.  I was able to bind the remote office computers to the domain and we even have a VoIP system running across the bridge.

The problem is that a few times a day the VPN tunnel is severed.  I know this because I'll get calls from the remote office saying their computers reported disconnection from the server and all their desktop icons disappear (we have folder redirection on).  I have these systems setup for Offline Files which should stop the icons disappearing, but that's a separate issue.  My main concern is the severing of the tunnel.  It comes back up within seconds but is still worrisome.  Is there any way to troubleshoot this?  I've tried to monitor the connection with Wireshark, but because of the randomness of the disconnections I don't have it running when it happens.

Both sides have more than adequate bandwidth for the current usage, and the internet seems to stay up at both sites during a disconnection.

Any tips would be greatly appreciated.

« Reply #1 on: December 10, 2009, 21:26:50 »
bigredcherokee *
Posts: 5

Same issue here. I establish Phase 1 and 2 I can set a constant ping to my main office get a good 30 to 40 pings and then it drop. The tunnels stay up but traffic dosn't pass

I have a ASA5510 on the main office side.

3 Other sites use the m0n0wall 1.235 with out anyproblems.
« Reply #2 on: December 10, 2009, 21:28:49 »
StoneUSA7 *
Posts: 2

That's a little different than me.  The tunnel will stay up hours at a time, but randomly just "disconnect" and then reconnect automatically 15-30 seconds later.  Maybe it's an issue with our ISP.  The only reason it's so obvious is because the domain users get a warning saying they've been disconnected from the server hosting their profiles.
« Reply #3 on: December 10, 2009, 21:38:40 »
bigredcherokee *
Posts: 5

Disable your keep alives. I had to do that on my asa. Couldn't find any setting on the m0n0wall.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines