IPSec vpn tunnel down

iadamovic · August 7, 2019, 10:42am

Hi,

i am having a problem with ipsec on wr21 with combination of vpn concentrator VC74.

I have set to bring tunnel up whenever route is available and to renew tunnel after 8 hours.

Daily some of wr21 have tunnel down, and not renewed.

This is logs.

07:04:12, 07 Aug 2019,(3424) IKE Keys Negotiated. Peer: co214vpn
07:04:12, 07 Aug 2019,(3424) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:04:12, 07 Aug 2019,IKE Request Received From Eroute 0
07:04:02, 07 Aug 2019,(3421) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:04:02, 07 Aug 2019,(3422) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:04:02, 07 Aug 2019,(3422) IKE Negotiation Failed. Peer: ,Inactivity
07:04:02, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:52, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:42, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:32, 07 Aug 2019,(3422) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:03:32, 07 Aug 2019,(3421) IKE Keys Negotiated. Peer: co214vpn
07:03:32, 07 Aug 2019,(3421) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:03:32, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:22, 07 Aug 2019,(3418) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:03:22, 07 Aug 2019,(3419) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:03:22, 07 Aug 2019,(3419) IKE Negotiation Failed. Peer: ,Inactivity
07:03:22, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:12, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:02, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:52, 07 Aug 2019,(3419) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:02:52, 07 Aug 2019,(3418) IKE Keys Negotiated. Peer: co214vpn
07:02:52, 07 Aug 2019,(3418) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:02:52, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:42, 07 Aug 2019,(3415) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:02:42, 07 Aug 2019,(3416) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:02:42, 07 Aug 2019,(3416) IKE Negotiation Failed. Peer: ,Inactivity
07:02:42, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:32, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:22, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:12, 07 Aug 2019,(3416) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:02:12, 07 Aug 2019,(3415) IKE Keys Negotiated. Peer: co214vpn
07:02:12, 07 Aug 2019,(3415) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:02:12, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:02, 07 Aug 2019,(3412) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:02:02, 07 Aug 2019,(3413) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:02:02, 07 Aug 2019,(3413) IKE Negotiation Failed. Peer: ,Inactivity
07:02:02, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:52, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:42, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:32, 07 Aug 2019,(3413) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:01:32, 07 Aug 2019,(3412) IKE Keys Negotiated. Peer: co214vpn
07:01:32, 07 Aug 2019,(3412) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:01:32, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:22, 07 Aug 2019,(3409) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:01:22, 07 Aug 2019,(3410) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:01:22, 07 Aug 2019,(3410) IKE Negotiation Failed. Peer: ,Inactivity
07:01:22, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:12, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:02, 07 Aug 2019,IKE Request Received From Eroute 0
07:00:52, 07 Aug 2019,(3410) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:00:52, 07 Aug 2019,(3409) IKE Keys Negotiated. Peer: co214vpn
07:00:52, 07 Aug 2019,(3409) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:00:52, 07 Aug 2019,IKE Request Received From Eroute 0
07:00:42, 07 Aug 2019,(3406) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:00:42, 07 Aug 2019,(3407) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:00:42, 07 Aug 2019,(3407) IKE Negotiation Failed. Peer: ,Inactivity

after restart of wr21 it gets connected VPN tunnel.

jpaczkow · December 19, 2019, 4:51pm

Hello!

It looks like it’s hitting the Deed Peer Detection (DPD) timeout and is closing negotiation. Try extending out the DPD timers.

Under Configuration - Network > Virtual Private Networking (VPN) > IPsec > Dead Peer Detection (DPD)

bengartland · January 7, 2020, 4:30am

Hi,
Based on the time stamps and events, it looks like the VC74 is not responding to the WR21’s IKE negotiation, or, the IKE response is not getting to the VC74, or, the response is not getting back to the WR. You should check the logs and debug on the VC74.

Kind regards,
Ben - Digi Support

Topic		Replies	Views
IPSec - Negotiation Failure Digi TransPort WR (Series) vpn , wr21 , ipsec	3	534	March 16, 2021
Digi -> Digi IPSEC VPN Drops Digi TransPort WR (Series) vpn , digi , wr21 , transport , ipsec	1	486	July 15, 2020
IKE Negotiation Failed. Peer: ,Inactivity Digi TransPort WR (Series) ipsec	1	401	March 31, 2021
IPsec VPN tunnels to access remote LAN Digi TransPort WR (Series) ipsec	1	402	February 28, 2020
I have digi WR31s with the same problem, is there a way to manually force the tunnel up? Digi TransPort WR (Series) ipsec , tunnel , wr31	0	425	May 8, 2019

IPSec vpn tunnel down

Related topics