Something drops VPN

D

DeonH

Senior Member
Joined
Feb 21, 2005
Messages
677
Reaction score
41
Hi there and thanx for your help so long. I trust this is the correct forum to post this question to :confused:

We run our business through a VPN between Jo'burg and George. The VPN is established by the function of the two routers: Netgear DG834G v3. (latest firmware on both.)

For some reason the VPN gets dropped a few times a day; it is currently down. The routers have "Name DNSes"; myrouter.dyndns.org & myrouter1.dyndns.org

This has worked perfectly well for over a year now; BUT ...

Lately it has started to happen that the VPN is dropped for no apparent reason. We have changed ISPs and changed routers today.
All this without any success.

Currently I can access the router in Jo'burg via http://myrouter.dyndns.org:8080 BUT, NOT the one in George. Both are set to allow remote management via "anyone" through port 8080.
The only thing that works for a while is when we switch of both router and plug back the power again.
BUT, it then sometimes happen that the VPN drops again.

What do you think, can cause the VPN to drop?

I am now, after changing ISP's and routers, that the dyndns.org is the culprate, but I have no means to test my theory.

How would you do the VPN? Through the routers and Dyndns.org it costs us nothing and would love to keep it this way.

Please advise. This is SO frustrating. :(

Regards,
Deon
 
Is there any way you can pull logging information from the routers themselves?

Also, when the VPN drops, are you able to access the Internet or not? Test this from both sides - it is possible that the one side's ADSL line is a bit wonky, and tend to drop, especially with the rainy weather we've had.

Maybe the router in George is starting to pack up? Did you buy the router cash, or was it bundled with the line? Swap the router out with another, similar one, and see if the problem goes away. If the problem goes away then the router must be faulty. If the router is still under warranty, try exchanging it then.

The setup is fine as is - if you really want to, you can use two Linux boxen to act as firewalls and to maintain the VPN tunnel as well, although the current setup works just as well.

Regards

Libs
 
Deon,

To test whether it's the dyndns service, sign up for the similar www.no-ip.org service.

AFAIK you would need to delete the hosts you created on dyndns, but it's just a fact of what you mentioned: myrouter.dyndns.org, so you can always add it later again.

Is there anyone with a basic networking skillset at the two locations? You need to check that your ADSL line is actually working and syncing properly.

I'm thinking residential environment here, not business, reason being that in a house, if your fax/telephone system is not connected to a filter, or connected to a faulty filter, it could also cause your line to drop.

Other possible cause, plain as day the present service provider network.

For instance, only as an example: Both WebAfrica and SAOL have SAIX based accounts. SAOL can have higher latency and any possible range of problems that WebAfrica might not have and the vice versa, but they both could either be stuffed or work fine at the same time as well because they both run on the Telkom network: SAIX.

WebAfrica has prepaid accounts on offer, which you can also use to test if it is your network/ISP. I can't open many links now, sorry, I'm on GPRS, but have a look at www.webafrica.co.za and look at the Prepaid Unshaped 1Gb package. You buy one gigabyte of bandwidth which is unshaped, and through a simple addition in the username, you can switch between SAIX and the Verizon network.

Furthermore, you can buy a Semi Shaped IS (Internet Solutions) prepaid account from www.axxess.co.za for testing purposes as well.

All and all, fixing the problem is going to cost just over R200, but the plus side is your accounts stay active and the bandwidth gets transferred each month, so if you used 500mb on the prepaid account, the rest gets automatically transferred to the new month and you can use it when you please. Payment is upfront though, but it's just a once off cost, not monthly or contract based.

So in summary:

Check that physical ADSL connections are correct as per Telkom's guidelines. Check the system with the no-ip.org DNS service. Check with all 3 major network providers accounts that this is not a network/isp based issue.

tera ;) :D :p
 
Thanx Librarian & teraside for your quick replies.

In the past week we have (all because of the VPN thats dropping):
* moved from Cybersmart to Axxess (I think a huge improvement);
* changed routers today at both premises.

As usual, Telkom has tested the ADSL line and swears that everything is OK.
Just for my own confirmation: The router, in both instances, share a line with the fax machines. Where must the filter be; fax or router?

My dad is at the George side and I am at our Jo'burg office. I will try no-ip.org 2morrow. We also host our own mail but can keep it on hold while testing with no-ip.org

INTERRUPTION:
While I was typing, I took a chance to loin on the router in George and it allowed me!!!
Here's an extract of the lat few entries in the log file of the George router:

Wed, 2009-01-21 18:50:13 - Initialize LCP.
Wed, 2009-01-21 18:52:14 - Initialize LCP.
Wed, 2009-01-21 18:52:14 - LCP is allowed to come up.
Wed, 2009-01-21 18:52:46 - LCP down.
Wed, 2009-01-21 18:53:14 - Initialize LCP.
Wed, 2009-01-21 18:53:26 - LCP is allowed to come up.
Wed, 2009-01-21 18:53:28 - PAP authentication success
Wed, 2009-01-21 18:56:02 - <DDNS>HTTP cannot connected
Wed, 2009-01-21 18:58:58 - LCP down.
Wed, 2009-01-21 18:59:05 - Initialize LCP.
Wed, 2009-01-21 19:00:36 - LCP is allowed to come up.
Wed, 2009-01-21 19:00:38 - PAP authentication success
Wed, 2009-01-21 19:02:17 - <DDNS>Update OK: good
Wed, 2009-01-21 19:03:58 - LCP down.
Wed, 2009-01-21 19:04:05 - Initialize LCP.
Wed, 2009-01-21 19:05:05 - LCP is allowed to come up.
Wed, 2009-01-21 19:05:07 - PAP authentication success
Wed, 2009-01-21 19:10:37 - LCP down.
Wed, 2009-01-21 19:10:45 - Initialize LCP.
Wed, 2009-01-21 19:11:15 - LCP is allowed to come up.
Wed, 2009-01-21 19:11:15 - PAP authentication success
Wed, 2009-01-21 19:11:43 - <DDNS>Update OK: good

I am not very familiar with all the router terminology, but what can you make of it?

Thanx for your help!
Deon
 
It has just dropped again and I cannot access the George router!

This is so frustrating. If I only I knew what the problem is and how to fix it.

Deon
 
Wed, 2009-01-21 18:58:58 - LCP down. <-- possible line drop?
Wed, 2009-01-21 18:59:05 - Initialize LCP.
Wed, 2009-01-21 19:00:36 - LCP is allowed to come up.
Wed, 2009-01-21 19:00:38 - PAP authentication success < - re-authenticating and logged in
Wed, 2009-01-21 19:02:17 - <DDNS>Update OK: good <-- send new public IP to dyndns.org
Wed, 2009-01-21 19:03:58 - LCP down.
Wed, 2009-01-21 19:04:05 - Initialize LCP.
Wed, 2009-01-21 19:05:05 - LCP is allowed to come up.
Wed, 2009-01-21 19:05:07 - PAP authentication success
Wed, 2009-01-21 19:10:37 - LCP down. <-- possible line drop?
Wed, 2009-01-21 19:10:45 - Initialize LCP.
Wed, 2009-01-21 19:11:15 - LCP is allowed to come up.
Wed, 2009-01-21 19:11:15 - PAP authentication success
Wed, 2009-01-21 19:11:43 - <DDNS>Update OK: good <-- send new public IP to dyndns.org

Bear in mind it can also be that one of the routers have syncing issues and keeps on dropping and reconnecting.
 
Hi Deon,

The filter should always be directly connected and only connected to the telephone/fax machine.

If it is connected to the ADSL line, it usually won't sync at all, but if there is no filter, any change in the line signal, like a telephone call or fax tone, could cause it to drop the connection.

According to wikipedia: http://en.wikipedia.org/wiki/Link_Control_Protocol

LCP is used in the PPPoE connection, which is the actual connection between you and the ISP. I can't say for sure why the router so frequently drops it's connection, but looking at the time on the log, it's about 1 and a half minute before the LCP authenticates, which means it could be definetely that the router is losing it's connection completely and therefore takes about a minute to sync.

Changing the filter or placing it in the correct spot is not a quick fix solution and wherever the problem really lies Telkom has to come and sort it out.

Having the information at hand, you can start telling them what to do, by telling them that the line is losing sync if it is.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X