I have two 2866s at different clients that cannot maintain a lan 2 lan connection without the router being rebooted each day. At the other end we have a 2865 and a 2862 but the reboot of the 2866s allows the vpn to reconnect.

One is on 432 and other on 4321 although upgrading the 432 to 4321 just in case. One of them is an ac and the other is an ax. VPN is fine when it is up and is an SSL vpn but the dial does nothing and does not really show anything in the log either.

Anybody seeing similar or have any ideas.

How are the VPNs setup? Which protocols?

One with dial-in one with dial-out? Or are they both set to both?

The more info you can give when discussing Lan 2 Lan the better.

Assuming you're working with IPSEC I personally find the dead peer detection to be pretty poor on Draytek Routers (it's worse with Draytek to non-Draytek but I get especially irritated when it's poor between Draytek models on the same firmware)

If you're in a dial-in / dial-out setup, would recommend making sure dial-out has "always on" ticked and that the dial-in idle timeout is set to 0 - you're mileage may vary with the 'quality monitoring/keep alive' tickbox.

Finally, just make sure that your Phase 1 and Phase 2 lifetimes are matching but this really shouldn't be an issue if you're using the default IKE settings on both routers.

IPSEC / DPD has been so intermittent on some routers (i.e tunnel up but no traffic between 3910/2962) that I'm looking to try Wireguard Lan 2 Lan in the future in the hopes it's more reliable.. probably after the next stable firmware for 3910/2962.

I'm having a problem at the moment where my Lan 2 Lan wont reconnect after the DSL connection resets - fault on the line that Openreach are investigating, but the routers should till reconnect.

Its SSL for both site to sites.

Dial out on both failing routers. It is not that the VPN just drops and needs to be reconencted. It drops and you cannot manually dial or reconenct it. Considering changing to IPSEC to see if it will perform better.

Dial out / SSL / Always on /Custom destination port
Site A > Site B
Site C > Site D
Same config apart from networks on other sites but different router versions.

Site A's router was a 2860 and was replaced by the 2866 with mirrored settings built up rather than config restore. 2860's VPN was rock solid. Config for VPN at Site A and B have not changed. I put the questions in here as I think it is a router issue. Tempted to use a 4.4 RC firmware as I understand there are some VPN issues.