DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2960 VPN is up but cannot print until reboot

More
24 Nov 2014 14:17 #1 by chatty
2960 VPN is up but cannot print until reboot was created by chatty
HI All

I've invested in a coupleof 2960's mainly for their highrer throughput on the IPSEC LAN-LAN side. I'm having an issue with both routers at different sites in that after a day or so even though the VPN tunnel is up and running as users are logging in remotely the users cannot print through the tunnel and I cannot access anything on the network through the tunnel. I can ping the router's gaeway IP OK. This is resolved when I drop the tunnel and bring it up again and i am having to do this every day or so. I have not changed any of the key life times so this is standard or chnaged any other default setting.

I previously used the 2830's with no issues at all so am finding this quite frustrating. I am using 3DES and SHA/MD5.

Any help appreciated.

Thanks

Please Log in or Create an account to join the conversation.

More
24 Nov 2014 18:38 #2 by takeo_ischi
Replied by takeo_ischi on topic Re: 2960 VPN is up but cannot print until reboot

chatty wrote: HI All

I've invested in a coupleof 2960's mainly for their highrer throughput on the IPSEC LAN-LAN side. I'm having an issue with both routers at different sites in that after a day or so even though the VPN tunnel is up and running as users are logging in remotely the users cannot print through the tunnel and I cannot access anything on the network through the tunnel. I can ping the router's gaeway IP OK. This is resolved when I drop the tunnel and bring it up again and i am having to do this every day or so. I have not changed any of the key life times so this is standard or chnaged any other default setting.

I previously used the 2830's with no issues at all so am finding this quite frustrating. I am using 3DES and SHA/MD5.

Any help appreciated.

Thanks



I'm sorry this won't be of help, but in case anyone else finds this, 3DES and MD5 hashing are both insecure and shouldn't really be used.

Please Log in or Create an account to join the conversation.

More
24 Nov 2014 18:50 #3 by chatty
Replied by chatty on topic Re: 2960 VPN is up but cannot print until reboot
What should be used?

Please Log in or Create an account to join the conversation.

More
24 Nov 2014 20:53 #4 by takeo_ischi
Replied by takeo_ischi on topic Re: 2960 VPN is up but cannot print until reboot

chatty wrote: What should be used?



AES/Twofish and the highest SHA you can (unfortunately, on the 28xx family I believe the highest is SHA-1, which is somewhat vulnerable already :( )

I presume that when the link goes down, computers on either side can't ping each other?

Also, always on/keep alive sometimes caused me problems. Perhaps you should try different combinations? What currently works for me is for the host (dial-in) router to have neither always on or enable ping enabled, and for the client (dial-out) router to have "always on" only checked.

Please Log in or Create an account to join the conversation.

More
25 Nov 2014 09:42 #5 by chatty
Replied by chatty on topic Re: 2960 VPN is up but cannot print until reboot
Hi

It's the 2960 I have and all other applications including email, logging into termainal services via the VPN is OK. The printers are on a print server and are mapped via GP to the user. The user can see the printer so these have been mapped but cannot print. Ping works to the gateway only, nothing beyond until I bring down/up th etunnel.

Thanks
Chatty

Please Log in or Create an account to join the conversation.

Moderators: Sami