I have got a RUT950 device with a networkdevice on LAN site, which use ipsec connection for secure communication.
At begin all is fine, after some time the connection is disconnected. I cant’t see any traffic from the RTU950, there are no more requests from the router at WAN side.
After restarting the router, the error is resolved, but only for a short time.
What can ich do for troubleshooting ? what diagnosis and analysis options are there on the router to find the cause? Or is there a known bug ?
I used the newest Firmware Version: RUT9XX_R_00.07.04.05
Please ensure that the ‘IKE Lifetime’ and ‘Lifetime’ in both Phase 1 and Phase 2 settings for IPSec are identical to the values on the other device you’re using to create the IPSec connection. It’s important that these settings match on both devices. Keep in mind that you can specify the lifetime using the ‘h’ notation for hours.
thanks for your answer. I have no ipsec connection to the router himself! Is your answer also applicable?
the lan device connects with ipsec to a server on interface side wwan0. i have make a tcp dump. i see the request on lan side, but not on wwan0!!! after the request the router answer with icmp net IP unreachable. The connection is still okay, ich can ping other server etc. after reboot all is fine.
If you’re not using IPSec directly on the router, you don’t have to make changes there.
Could you try modifying these IKE lifetimes on your LAN device and server?
Do you have any logs related to IPSec from your devices?
Is it just the IPSec that has this issue? Is internet working fine?
Additionally, please see if there’s a pattern to how often this issue occurs. Does it happen randomly, or does it happen at specific time intervals, like every 30 minutes?
i’ve make a tcpdump. on lan-side i see the ipsec request for initialization. But the router answer with icmp net ip unreachable. Why? On wwan0 interface side there are no packets from the router. Why does the router block the Traffic request?
After reboot the router, all is fine. But only for a little time!
By default, all traffic from LAN to WAN is allowed. Could you please provide more details about your configurations and network? Did you make any changes to the configurations?
Also, did you update the firmware recently? If you updated recently, could you please try restoring the device to factory defaults in System → Backup? This would eliminate any potential issues that could have occured during firmware update.
Yes, I update the newest firmware. When i reset to factory setting i lost the remote ssh access. right ?
Wich information of the network and configuration are helpful for you?
Configurations related to network interfaces, failover, firewall, as well as routes (‘route -n’ command) for now. Before posting, make sure to hide any sensitive information, such as public IP addresses. Also, it would be great if you could check logs from System → Administration → Troubleshoot → ‘View’ system logs. Are there any errors or anything iteresting that happens around the time when the connection is lost?
The logs are fine. Though if the issue is related to DNS, you can try specifying a different DNS server. For this, navigate to Network → Interfaces → edit LAN and add custom DNS servers. For example, 8.8.8.8 and 1.1.1.1. Check if that resolves the issue.
I would also suggest restoring the device whenever you will have the opportunity.
Also, if you are using the public IP of RUT950 to SSH into it, you can enable remote SSH via SMS message:
i have set the dns ip and the problem was fixed. why does it work for a while and then suddenly it doesn’t work anymore.
under advanced dhcp option 6, we have set a own dns-ip-address. the network device have a fix-ip, it dont use dhcp. Should i also set the dns server in the lan settings?
It is possible that the IP address of the other device is dynamic. It is hard to say without knowing your network setup and configurations.
DHCP option 6 pushes DNS server to the DHCP client, while DNS server configured on the LAN is used to resolve DNS queries (DNS is pointing towards RUT on end devices in this case).
It seems that you have fixed the issue. Hence, I do not think that there is a need to set a custom DNS on LAN. However, if you run into the same or similar issue again, I would suggest you try setting DNS on LAN.
