Reply To: vpn lan to lan bond lossing packages

Home Page Forums Network Management VPN vpn lan to lan bond lossing packages Reply To: vpn lan to lan bond lossing packages



I find that remote BOND interface IP cannot be the default gateway, because this IP will be accessible only after at least one tunnel is created.

For this there must be a gateway in the first place, to allow the tunnel authentication with the side.

Disabling the net balancer and setting a default gateway instead, on both sides, don’t helped either, as one tunnel will never came up and show a lot of read UDPv4 [ECONNREFUSED]: Connection refused (code=111) messages in the log.

Adding the –ping 10 –ping-exit 30 in Parameters field of VPN configuration will fix this problem, but this will cause another problem in that the VPN will never came back online, once his route will be back online.

As far as I go in researching this I discovered that, if one ISP will fail on one side, and once with it the corresponding end of the VPN tunnel(lets say VPN00 per exemple), the other side will keep trying to reconnect , signaling that in fact the tunnel is up and packages can be routed this way. I belive that eventually it should give up but it does not.

In this case if I manually bring that VPN00 down that packages are going smoothly again on the second tunnel. If I bing that VPN00 up again, the package lost appear again(around 40 to 60% packages lost).

If there is an issue in the way VPN is failover at least the VPN load balancing should run smoothly, but this is not the case. The package lost appear even when both routes are up and both VPN tunnels started.

Looking in the VPNs logs I can find that the VPN connections are keep restarting, and this can explain the packages lost but not why this ongoing restarting is happen.

If there is a conflict between net balancer and VPN bounding, at least static routes or net balancing rules that force the routing of UDP packages over a certain gateway, but this will not work either.

I can’t go without net balancer and letting only the VPN bounding to do his job, this is not possible as one tunnel will never be up, and then a single static default gateway is anyway unpractical if the ISP connection that routes that gateway goes down.