This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Klepo
Explorer
‎2023-07-22 12:51 PM

Unstable VPN tunnels to other locations

Hello,

I have a CP 3600 security gateway with recently upgraded R81.10 take 95 same goes for security management server. The issue that we are experiencing was even before the upgrade (I decided to upgrade because of this issue) is that after less than 24 hours our VPN tunnels stop working, when I connect to sec. gateway and try to ping 1.1.1.1 or www.google.com  I dont get response, after the reboot of sec. gateway I can ping and get resolve and IPsec VPN establish back.

Want to point out that we have really unstable ISP connection which is why we are having probably this issue. Now I read about enabling permanent tunnels and DPD configuration but as in other topics this didnt seem to help...

I found some logs:

06:25:19 2023 FW-1 pppd[9233]: No response to 5 echo-requests
Jul 21 06:25:19 2023 FW-1 pppd[9233]: Serial link appears to be disconnected.
Jul 21 06:25:19 2023 FW-1 pppd[9233]: Connect time 350.1 minutes.
Jul 21 06:25:19 2023 FW-1 pppd[9233]: Sent 180714220 bytes, received 1656325007 bytes.
Jul 21 06:25:19 2023 FW-1 kernel: [fw4_0];cphwd_api_update_if_info_: called before init of sxl_dev_id 0
Jul 21 06:25:25 2023 FW-1 pppd[9233]: Connection terminated.
Jul 21 06:25:25 2023 FW-1 pppd[9233]: Modem hangup
Jul 21 06:26:30 2023 FW-1 pppd[9233]: Timeout waiting for PADO packets
Jul 21 06:26:30 2023 FW-1 pppd[9233]: Unable to complete PPPoE Discovery
Jul 21 06:27:01 2023 FW-1 pppd[9233]: PPP session is 1

Was thinking about to increase interval from 2 -> 10 and failure from 5 - > 7 because of the really unstable ISP line as we get PPPoE resets  3-5 hours

lcp-echo-interval 2
lcp-echo-failure 5

 

Do you have any other Idea ? Or how to perhaps configure differently IPsec VPNs ... perhaps enabling permanent tunnels and DPD on global settings ? 

Perhaps anyone with similar issue like me and did succesfully resolve it ? I am almost certain its because of instable ISP connection but there should be some more settings I can do on gateway for automatic re-establishment of VPN tunnels withou my manual interference.

 

Thank you in advance,

Klemen P. 

 

 

 

 

 

0 Kudos
2 Replies
the_rock
Legend
Legend
‎2023-07-23 05:50 AM

Starting R81 base, if you enable permanent tunnel inside VPN community, you dont need to change anything in Guidbedit at all for DPD.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-24 01:22 PM

Those look like PPPoE errors, which will definitely cause instability.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events