hi

I have lan-lan IPSec vpn that has been stable for months. A few days ago the tunnel was showing as connected but I couldn't get any traffic over it. If I dropped it or rebooted the tunnel would come straight back up but no traffic. Both ends are 2910's. I rebooted both ends multiple times.

I haven't changed any settings for a long time


I phoned the 0906 help line and he suggested changing the VPN type to PPTP which worked. Over the weekend I changed it back to IPSec because I want more security.

It worked all day until 4pm then started dropping packets (30% packet loss ish) I've changed the vpn type back to pptp but its still the same. I've rebooted both ends multiple times.

Years ago I've had this kind of problem with a couple of diffrerent Drayteks but usually multiple reboots would eventually fix it.

Any suggestions gratefully received.

thanks

I know this reply is a bit late but have you tried testing the packet size that is reliable on the route?
From a windows box its something like "ping -f -l 1480 (remote IP)"
and play with the 1480 value (going lower) until it reports no truncation.
Try that over a few days see if it changes.

The packets may be being truncated depending on the vagaries of net routing and the IPSEC sometimes can't survive it. See packet loss blackhole routers.

if you drop the MSS/MTU packet size on the router it may survive the trip better.
We had this on one VPN route UK-Singapore and it needed a slight drop on the router packet size and then a bit of fine tuning on the XP boxes for best performance.
PPTP does seam a bit more robust in those conditions so the problem may have only shown up as Internet routing changed for some arcane reason.