Hi, I have a network configuration where I have two RUTX50 routers in a VRRP cluster. The VRRP failover seems to work fine for new connections, meaning that a client in the local network regains Internet connectivity through the backup router within seconds of the primary router losing connectivity, and for use cases like continuing web browsing by loading a new web page, the VRRP failover is practically imperceptible.
However, I run a setup where the local network is connected through a VPN tunnel solution that is running on a local PC. When a VRRP failover happens, the connection/session of this VPN client seems to partially break. It seems like if the connection is not reset (and also not transferred to the backup router correctly), and the VPN client seems to be holding onto the existing connection that it can no longer use successfully. In my case, it can take the the VPN client up to 20 minutes to reinitialize a new connection and go back to normal operating state. Unfortunately, there is not much I can do about that specific VPN solution, but I think there might be some issues with Teltonika’s VRRP failover implementation or perhaps with my configuration of the VRRP cluster.
Some more detailed information about my failover testing:
- VPN client is connected through the primary VRRP router and works fine. There is a Teltonika PoE managed switch between the VPN client PC and the two routers.
- Primary router is disconnected (i.e. by unplugging LAN cable or removing SIM card).
- Backup router becomes the new primary within seconds.
- VPN client can no longer transfer data with VPN server. On the PC, where the VPN client runs, I can already successfully ping Internet addresses - new sessions are routed through the previously backup router. I then tested the 3 following scenarios:
a) If I bring the disconnected primary router back online, another failover is triggered immediately and the newly connected router assumes the primary role again. When this happens, the VPN client is able to resume its connection to the VPN server.
b) If I unplug the ethernet cable between the VPN client PC and the managed switch and plug it back in after a few seconds, the VPN client quickly connects to the VPN server. (through the previously backup router)
c) If I don’t do anything, the VPN client eventually reestablishes connection to the VPN server in 15-20 minutes. (through the previously backup router)
From the test above, I guess it might also be the switch that could play a role in the failover. I don’t have much experience with VRRP configs, but I can see mentions of connection/session reset and optionally their synchronization between the primary and backup routers, like: VRRP - RouterOS - MikroTik Documentation
Is there anything I can do about this? Thanks!