VPN with Failover Failback

Hi,

I have found some chatter on the internet but, strangely enough, nothing much in the user forum, regarding the behaviour of VPN connections with failover / failback WANs.

I have a few RUT360 4G Modem/Routers. I purchased them because I need an industrial Router which would offer failover between a Wired WAN Service and a 4G(LTE) Backup WAN.
We have several remote sites which use IPSec VPN Tunnels to connect to our main office sites. The main offices have Ubiquity ER12 Routers and also support other IPSec VPN connections to other Ubiquity sites. Some of remote sites used old Billion 7800VDOX with 3/4GUSB Modems. These are very old now an need replacing. Hence our investigation into the RUT360. I know these are also oldish, but the specs offer almost everything we need and they are still readily available. Like most hardware, after purchase I have upgraded the firmware to the latest available (7.10).
Firstly, I set these up for Failover Internet, which works exactly as expected. Then I built the VPN tunnels and tested the connections for a day or so, 100%, no data loss or disconnection…Then I started testing the Failover with VPN, and that’s where things seem to go wrong.
I can failover from Wired to the 4G (by removing the cable) and this works fine. You can see the Internet connection change within a matter of seconds, and then the VPN tunnels recover and full connectivity is restored. However, when I replace the cable and monitor the failback, it is not so good. The internet changes after a few seconds and looks OK, but the VPN tunnels are never restored. I have left this hours to see if it might be a timing thing but no change. I noticed that if I go into the Router Services/VPN settings and disable the VPN, then wait a while and re-enable the VPN, the tunnels are re-established OK. If I get someone on-site to reboot the router, it also works OK. However, some sites are unmanned and this is not a solution.
So, I started testing ll the likely suspects (Dead Peer Detection DPD, and Flushconntrack) but his makes no difference at all. The behaviour remains exactly the same.
This is not really a solution if we cannot failback automatically…
Some discussions follwo a similar tack but I cannot see any solutions that works for me.
Can anyone assist with this issue??

This topic was automatically closed after 15 days. New replies are no longer allowed.