Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN disconnects after 60 mins?

Status
Not open for further replies.
GriffMG

GriffMG

Programmer
Mar 4, 2002
6,307
FR
Hi,

I have just set-up a LAN to LAN VPN using Draytek Vigor routers over ADSL in the UK.

It works pretty well, apart from a few problems with BT...

The last remaining issue is not BT related. We want the VPN tunnel up the whole time, and have set up a call schedule to make it 'forced on' - this works well - but the VPN link drops every 60 minutes. The ADSL links are still up - both ends can still access the internet and I am getting log files - one end shows an info message indicating that the LCP has timed out. It takes the routers about 60 secs to restablis the link and they stay up for another hour (exactly).

Is this a security feature - renewing keys or cookies or something?

Would like the link to remain 'always on' - although this set-up does work and most people don't notice.

The Vigor routers support multiple VPN tunnels, would it be safe to set up two tunnels between the same sites and make them start 30 minutes apart and thereby overlap the whole time?

Any help appreciated


Regards

Griff
Keep [Smile]ing
 
Sort by date Sort by votes
Hello,

You should make sure that the idle timeout is set to "-1". Also make sure you upgrade to the latest firmware as some of the older ones have had some connection timeout issues in the past. I believe after an hour the Keys get rehashed anyway and you can't change this if it is vigor to vigor.

The latest firmware is 2.25 and fixes most problems I have come across (I work for an ISP and know these products backwards :) ).

If you are to make more tunnels and want to have one place as a central site I would recommend using something more powerful and having the vigors at clients sites.

Hope this helps :)

Dave.
 
Upvote 0 Downvote
Dave,

Thank you for answering.

The timeouts were set as you suggested.
The firmware is 2.25 as well.
And its all working now!

I accidently came across the solution after setting up a second tunnel to another bridge - that just worked, straightaway and didn't go down!

To get the first one to work I just sat and compared every setting on each machine and connection profile and made the non-working one match the good one - and presto!

We only have a few sites at the moment and the Vigor units seem to work well enough for the amount of data we're chucking back and forth - by using the ADSL connections to give the site users access to the internet and outlook/exchange the performance looks sparkling (and as a bonus the traffic from HQ via the leased line is much faster too).

On a bang-for-your-buck basis there is no benefit in changing the machine in HQ we can even keep a spare for what they cost!

My remaining gripes are purely BT related... their No-NAT service is not very good (put nicely).

Thanks again



Regards

Griff
Keep [Smile]ing
 
Upvote 0 Downvote
Dave,

The firmware is actually 2.2.5 - latest from vigor site... is there a later one?

Best Regards

Regards

Griff
Keep [Smile]ing
 
Upvote 0 Downvote
Yes v2.2.5 is the latest version for the 2600 series.

You are right BT do suck for their ADSL. You should get your ADSL with the ISP I work for, but I'm not going to say for the fact I'm scared of getting flamed!

But my email address probably gives it away :)

Dave.
 
Upvote 0 Downvote
Dave,

Tek-Tips keeps your e-mail private, to reduce spammers I suppose.

BT ADSL doesn't exactly suck its their so called tech support and order management people who do. They seemd to be convinced that you only want to buy their service - not use it! It took 5 weeks to get their silly No-NAT service, which is bogus - it seems to give you an aliased fixed IP, if you use it for syslogging or whatever, the senders address is dynamic! Oh, and it took a whole week of harrassing them before they would admit the conversion hadn't worked because of a fault at their end (not because I hadn't waited long enough:

"It will take 2-30mins Sir..."
"Sorry up to an hour Sir..."
"did we say an hour?, no this takes overnight..."
"Never just overnight Sir, the conversion can take 24 hours..."
"Sorry, 48 hours..."
"Err, 72 Hours..."
"Who told you that, you probably need to leave it plugged in for the next five days..."

Grr...

Regards

Griff
Keep [Smile]ing
 
Upvote 0 Downvote
yes this is what users who came to us also said.

BT actually have lots of their call centres over in India you know :)

And of course they are never wrong, never never never never never never, but are actually 99% of the time
 
Upvote 0 Downvote
I suppose it might be a kind of corporate arrogance: "we've at this a long time - ergo we must be right".

Funny thing, I'm running a brilliant little ping monitor on the line to the BT end just now (it's also pinging the other site) [it's called AlertPingPro and only cost £11!]
and every two or three minutes the BT line takes an age to
respond and then recovers!

I wonder what little gem of the BTWorld is causing that!
(the other connections are fine)

Regards

Griff
Keep [Smile]ing
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
449
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
337
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
278
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
243
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
318
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top