VPN Intermittently works on failover

I recently purchased an RUT241 for a emergency remote site access solution. The failover seems to work quite well, however, I have intermittent issues with the LT2P tunnel during failover. Sometimes the tunnel reconnects on failover but more often than not it does not.

From what I can see in the logs, the RUT241 reports it is attempting to reconnect, but the logs in the far end route show no attempts coming from the RUT241.If I disable the LT2P client in the RTU241 for several minutes and then re-enable, it will then connect reconnect the tunnel.

I am assuming this is some sort of a caching issue, where the RTU241 is not clearing out the old session data before attempting to re-establish the tunnel.The firmware versin is RUT2M_R_00.07.06.10, which appears to be the most recent.

Has anyone else had the issue? Does anyone know if a work around?

Hello,

Thank you for reaching out.

From what you’ve described, it does seem possible that this is related to a caching issue, where the old session data is not being cleared properly before the RUT241 attempts to reconnect. While the firmware version you’re using (RUT2M_R_00.07.06.10) is relatively recent, we recommend updating to the latest version, RUT2M_R_00.07.09.01, which includes various improvements and bug fixes.

You can download the latest firmware from the following link:
RUT241 Firmware Downloads.

Additionally, detailed instructions on how to update the firmware can be found here:
How to Update RUT241 Firmware.

Please proceed with the update and let us know if the issue persists. If you need any further assistance, feel free to reach out.

Best Regards,

Thank you for your very timely response. I preformed the upgrade but I am still see the same result.

Here is what I have been able to determine:

When I force failover from WAN to Mobile by disconnecting the WAN, I can see the LT2P tunnel disconnect at my server and at the RUT241. The RUT241 continues to try to re-establish the tunnel, but it appears it is still attempting to utilize the route created from the previous session (via WAN) as no packets are received at my server from the RUT241’s Mobile IP address. I have waited several minutes to see if it might eventually recover and follow the new default route, but it appears that it will continue indefinitely to try to connect via the former WAN port if the tunnel is not disabled. If I disable the LT2P tunnel in the RUT241 for a long enough period of time, it will then re-establish the tunnel over the Mobile network as expected. But, I must disable it for several minutes for this reset to occur.

When I failover from the Mobile (LTE) back to the WAN port, the LT2P tunnel does not disconnect at all. The RUT241 places the Mobile WAN as standby but does not disconnect the LT2P tunnel, so the LT2P session remains active across the Mobile WAN and I can still ping the LT2P address of the RUT241 from my server. If I disable LT2P in the RTU241 for a short period and then restart it, it will immediately re-establish the tunnel over the Mobile network instead of the WAN network which is now the default route. If I disable the LT2P tunnel for a long enough period (exact time yet to be determined) it will re-establish over the WAN port as would be expected (following the correct default route).

.

Some additional testing information that might be helpful.

Instead of disconnecting the WAN port (shutting the interface connected to it), I used a firewall rule to drop packets to the IP address the WAN port monitors when determining failover. The failover occured as you would expect, the WAN port was placed as Standby and the Mobile port came up as the Online active gateway. However, the L2TP tunnel (running on the WAN port) stayed connected. Apparently the failover process does not kill and restart an active tunnel when failover occurs.

Hope this is helpful.

Hello,

Thank you for providing a detailed description.

Could you try enabling the four “Flush connections” options found in the Failover settings for both the WAN and Mobile interfaces? This should ensure that any active connections, including the L2TP tunnel, are cleared during the failover process.

Please let us know if the issue still persists after trying this adjustment.

Best Regards,

Yes, that is what was needed. Thank you for pointing that out. I should have looked deeper into the setup options. Thanks again.

You’re very welcome! I’m glad it helped. Don’t hesitate to reach out if you need any further assistance in the future.

Best regards,

This topic was automatically closed 40 hours after the last reply. New replies are no longer allowed.