• March 28, 2024, 05:10:17 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DIR-330 site-to-site VPN suddenly disconnecting  (Read 11717 times)

firepuppy

  • Level 1 Member
  • *
  • Posts: 2
DIR-330 site-to-site VPN suddenly disconnecting
« on: July 26, 2016, 03:45:08 PM »

I have 2 DIR-330s configured with a site-to-site IPSec VPN which has been working with almost no hiccups for over 5 years.  Suddenly this morning, the VPN gets torn down and then reconnects every minute or two.  I found a thread (http://forums.dlink.com/index.php?topic=8270.0) with similar behavior, but no solution.  I did change the time server on 1 of the routers a week or so ago and their clocks WERE out of sync, but resetting both to be the same made no difference.  I realize these routers haven't been supported for quite some time, but was hoping some VPN master might take a look at my logs and spot something.

I have copied a few (~100) lines from the logs from both DIR-330s for your perusal (tried to attach txt files but apparently that's a no-no here!)
(Note: at 14:44 the tunnel was up & running, then):

Site XXXX:
Jul 26 14:44:08  Debug Information IPSec   "conn_XXXX" #2: deleting state (STATE_QUICK_I2)
Jul 26 14:44:21  Debug Information IPSec   "conn_XXXX" #1: initiating Main Mode
Jul 26 14:44:21  Debug Information IPSec   "conn_XXXX" #1: received Vendor ID payload [Dead Peer Detection]
Jul 26 14:44:21  Debug Information IPSec   "conn_XXXX" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 26 14:44:22  Debug Information IPSec   "conn_XXXX" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 26 14:44:22  Debug Information IPSec   "conn_XXXX" #1: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:44:22  Debug Information IPSec   "conn_XXXX" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 26 14:44:22  Debug Information IPSec   "conn_XXXX" #1: ISAKMP SA established
Jul 26 14:44:22  Debug Information IPSec   "conn_XXXX" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Jul 26 14:44:22  Debug Information IPSec   "conn_XXXX" #2: Dead Peer Detection (RFC3706) enabled
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #1: ignoring Delete SA payload: IPSEC SA not found (maybe expired)
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #3: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #3: sent MR3, ISAKMP SA established
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #4: responding to Quick Mode
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #4: transition from state (null) to state STATE_QUICK_R1
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #4: Dead Peer Detection (RFC3706) enabled
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 26 14:44:28  Debug Information IPSec   "conn_XXXX" #4: IPsec SA established
Jul 26 14:44:43  Debug Information IPSec   "conn_XXXX" #2: deleting state (STATE_QUICK_I2)
Jul 26 14:44:56  Debug Information IPSec   "conn_XXXX" #1: initiating Main Mode
Jul 26 14:44:56  Debug Information IPSec   "conn_XXXX" #1: received Vendor ID payload [Dead Peer Detection]
Jul 26 14:44:57  Debug Information IPSec   "conn_XXXX" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 26 14:44:57  Debug Information IPSec   "conn_XXXX" #1: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:44:57  Debug Information IPSec   "conn_XXXX" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 26 14:44:57  Debug Information IPSec   "conn_XXXX" #1: ISAKMP SA established
Jul 26 14:44:57  Debug Information IPSec   "conn_XXXX" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Jul 26 14:44:57  Debug Information IPSec   "conn_XXXX" #2: Dead Peer Detection (RFC3706) enabled
Jul 26 14:45:03  Debug Information IPSec   "conn_XXXX" #1: ignoring Delete SA payload: IPSEC SA not found (maybe expired)
Jul 26 14:45:03  Debug Information IPSec   "conn_XXXX" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 26 14:45:03  Debug Information IPSec   "conn_XXXX" #3: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:45:03  Debug Information IPSec   "conn_XXXX" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 26 14:45:03  Debug Information IPSec   "conn_XXXX" #3: sent MR3, ISAKMP SA established
Jul 26 14:45:03  Debug Information IPSec   "conn_XXXX" #4: responding to Quick Mode
Jul 26 14:45:03  Debug Information IPSec   "conn_XXXX" #4: transition from state (null) to state STATE_QUICK_R1
Jul 26 14:45:04  Debug Information IPSec   "conn_XXXX" #4: Dead Peer Detection (RFC3706) enabled
Jul 26 14:45:04  Debug Information IPSec   "conn_XXXX" #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 26 14:45:04  Debug Information IPSec   "conn_XXXX" #4: IPsec SA established
Jul 26 14:46:38  Debug Information IPSec   "conn_XXXX" #2: deleting state (STATE_QUICK_I2)
Jul 26 14:46:51  Debug Information IPSec   "conn_XXXX" #1: initiating Main Mode
Jul 26 14:46:51  Debug Information IPSec   "conn_XXXX" #1: received Vendor ID payload [Dead Peer Detection]
Jul 26 14:46:51  Debug Information IPSec   "conn_XXXX" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 26 14:46:52  Debug Information IPSec   "conn_XXXX" #1: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:46:52  Debug Information IPSec   "conn_XXXX" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 26 14:46:52  Debug Information IPSec   "conn_XXXX" #1: ISAKMP SA established
Jul 26 14:46:52  Debug Information IPSec   "conn_XXXX" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Jul 26 14:46:52  Debug Information IPSec   "conn_XXXX" #2: Dead Peer Detection (RFC3706) enabled
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #1: ignoring Delete SA payload: IPSEC SA not found (maybe expired)
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #3: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #3: sent MR3, ISAKMP SA established
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #4: responding to Quick Mode
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #4: transition from state (null) to state STATE_QUICK_R1
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #4: Dead Peer Detection (RFC3706) enabled
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 26 14:46:58  Debug Information IPSec   "conn_XXXX" #4: IPsec SA established
Jul 26 14:47:13  Debug Information IPSec   "conn_XXXX" #1: deleting state (STATE_MAIN_I4)
Jul 26 14:47:27  Debug Information IPSec   "conn_XXXX" #1: initiating Main Mode
Jul 26 14:47:27  Debug Information IPSec   "conn_XXXX" #1: received Vendor ID payload [Dead Peer Detection]
Jul 26 14:47:27  Debug Information IPSec   "conn_XXXX" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 26 14:47:27  Debug Information IPSec   "conn_XXXX" #1: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:47:27  Debug Information IPSec   "conn_XXXX" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 26 14:47:27  Debug Information IPSec   "conn_XXXX" #1: ISAKMP SA established
Jul 26 14:47:27  Debug Information IPSec   "conn_XXXX" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Jul 26 14:47:27  Debug Information IPSec   "conn_XXXX" #2: Dead Peer Detection (RFC3706) enabled
Jul 26 14:47:33  Debug Information IPSec   "conn_XXXX" #1: ignoring Delete SA payload: IPSEC SA not found (maybe expired)
Jul 26 14:47:33  Debug Information IPSec   "conn_XXXX" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 26 14:47:34  Debug Information IPSec   "conn_XXXX" #3: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:47:34  Debug Information IPSec   "conn_XXXX" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 26 14:47:34  Debug Information IPSec   "conn_XXXX" #3: sent MR3, ISAKMP SA established
Jul 26 14:47:34  Debug Information IPSec   "conn_XXXX" #4: responding to Quick Mode
Jul 26 14:47:34  Debug Information IPSec   "conn_XXXX" #4: transition from state (null) to state STATE_QUICK_R1
Jul 26 14:47:34  Debug Information IPSec   "conn_XXXX" #4: Dead Peer Detection (RFC3706) enabled
Jul 26 14:47:34  Debug Information IPSec   "conn_XXXX" #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 26 14:47:34  Debug Information IPSec   "conn_XXXX" #4: IPsec SA established
Jul 26 14:49:08  Debug Information IPSec   "conn_XXXX" #1: deleting state (STATE_MAIN_I4)

and Site YYYY:
Jul 26 14:44:08  Debug Information IPSec   "conn_YYYY" #1: received Delete SA payload: replace IPSEC State #4 in 10 seconds
Jul 26 14:44:08  Debug Information IPSec   "conn_YYYY" #1: received Delete SA payload: deleting IPSEC State #3
Jul 26 14:44:15  Debug Information IPSec   "conn_YYYY" #4: could not find newest phase 1 state for DPD
Jul 26 14:44:18  Debug Information IPSec   "conn_YYYY" #5: initiating Main Mode
Jul 26 14:44:18  Debug Information IPSec   "conn_YYYY" #5: ERROR: asynchronous network error report on eth0 for message to nnn.nnn.nnn.nnn port 500, complainant nnn.nnn.nnn.nnn: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticate
Jul 26 14:44:21  Debug Information IPSec   "conn_YYYY" #6: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 26 14:44:22  Debug Information IPSec   "conn_YYYY" #6: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:44:22  Debug Information IPSec   "conn_YYYY" #6: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 26 14:44:22  Debug Information IPSec   "conn_YYYY" #6: sent MR3, ISAKMP SA established
Jul 26 14:44:22  Debug Information IPSec   "conn_YYYY" #7: responding to Quick Mode
Jul 26 14:44:22  Debug Information IPSec   "conn_YYYY" #7: transition from state (null) to state STATE_QUICK_R1
Jul 26 14:44:22  Debug Information IPSec   "conn_YYYY" #7: Dead Peer Detection (RFC3706) enabled
Jul 26 14:44:22  Debug Information IPSec   "conn_YYYY" #7: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 26 14:44:22  Debug Information IPSec   "conn_YYYY" #7: IPsec SA established
Jul 26 14:44:28  Debug Information IPSec   "conn_YYYY" #5: received Vendor ID payload [Dead Peer Detection]
Jul 26 14:44:28  Debug Information IPSec   "conn_YYYY" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 26 14:44:28  Debug Information IPSec   "conn_YYYY" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 26 14:44:28  Debug Information IPSec   "conn_YYYY" #5: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:44:28  Debug Information IPSec   "conn_YYYY" #8: Dead Peer Detection (RFC3706) enabled
Jul 26 14:44:28  Debug Information IPSec   "conn_YYYY" #8: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jul 26 14:44:28  Debug Information IPSec   "conn_YYYY" #8: sent QI2, IPsec SA established
Jul 26 14:44:43  Debug Information IPSec   "conn_YYYY" #5: received Delete SA payload: replace IPSEC State #8 in 10 seconds
Jul 26 14:44:43  Debug Information IPSec   "conn_YYYY" #5: received Delete SA payload: deleting IPSEC State #7
Jul 26 14:44:43  Debug Information IPSec   "conn_YYYY" #5: received Delete SA payload: deleting ISAKMP State #5
Jul 26 14:44:53  Debug Information IPSec   "conn_YYYY" #9: initiating Main Mode
Jul 26 14:44:53  Debug Information IPSec   "conn_YYYY" #9: ERROR: asynchronous network error report on eth0 for message to nnn.nnn.nnn.nnn port 500, complainant nnn.nnn.nnn.nnn: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticate
Jul 26 14:44:57  Debug Information IPSec   "conn_YYYY" #10: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 26 14:44:57  Debug Information IPSec   "conn_YYYY" #10: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:44:57  Debug Information IPSec   "conn_YYYY" #10: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 26 14:44:57  Debug Information IPSec   "conn_YYYY" #10: sent MR3, ISAKMP SA established
Jul 26 14:44:57  Debug Information IPSec   "conn_YYYY" #11: responding to Quick Mode
Jul 26 14:44:57  Debug Information IPSec   "conn_YYYY" #11: transition from state (null) to state STATE_QUICK_R1
Jul 26 14:44:57  Debug Information IPSec   "conn_YYYY" #11: Dead Peer Detection (RFC3706) enabled
Jul 26 14:44:57  Debug Information IPSec   "conn_YYYY" #11: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 26 14:44:57  Debug Information IPSec   "conn_YYYY" #11: IPsec SA established
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #9: received Vendor ID payload [Dead Peer Detection]
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #9: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #9: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #9: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #9: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #9: ISAKMP SA established
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #12: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #12: Dead Peer Detection (RFC3706) enabled
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #12: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jul 26 14:45:03  Debug Information IPSec   "conn_YYYY" #12: sent QI2, IPsec SA established
Jul 26 14:46:38  Debug Information IPSec   "conn_YYYY" #9: received Delete SA payload: replace IPSEC State #12 in 10 seconds
Jul 26 14:46:38  Debug Information IPSec   "conn_YYYY" #9: received Delete SA payload: deleting IPSEC State #11
Jul 26 14:46:38  Debug Information IPSec   "conn_YYYY" #9: received Delete SA payload: deleting ISAKMP State #9
Jul 26 14:46:48  Debug Information IPSec   "conn_YYYY" #13: initiating Main Mode
Jul 26 14:46:48  Debug Information IPSec   "conn_YYYY" #13: ERROR: asynchronous network error report on eth0 for message to nnn.nnn.nnn.nnn port 500, complainant nnn.nnn.nnn.nnn: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticat
Jul 26 14:46:51  Debug Information IPSec   "conn_YYYY" #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 26 14:46:51  Debug Information IPSec   "conn_YYYY" #14: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:46:51  Debug Information IPSec   "conn_YYYY" #14: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 26 14:46:51  Debug Information IPSec   "conn_YYYY" #14: sent MR3, ISAKMP SA established
Jul 26 14:46:51  Debug Information IPSec   "conn_YYYY" #15: responding to Quick Mode
Jul 26 14:46:51  Debug Information IPSec   "conn_YYYY" #15: transition from state (null) to state STATE_QUICK_R1
Jul 26 14:46:52  Debug Information IPSec   "conn_YYYY" #15: Dead Peer Detection (RFC3706) enabled
Jul 26 14:46:52  Debug Information IPSec   "conn_YYYY" #15: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 26 14:46:52  Debug Information IPSec   "conn_YYYY" #15: IPsec SA established
Jul 26 14:46:58  Debug Information IPSec   "conn_YYYY" #13: received Vendor ID payload [Dead Peer Detection]
Jul 26 14:46:58  Debug Information IPSec   "conn_YYYY" #13: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 26 14:46:58  Debug Information IPSec   "conn_YYYY" #13: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:46:58  Debug Information IPSec   "conn_YYYY" #13: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 26 14:46:58  Debug Information IPSec   "conn_YYYY" #13: ISAKMP SA established
Jul 26 14:46:58  Debug Information IPSec   "conn_YYYY" #16: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Jul 26 14:46:58  Debug Information IPSec   "conn_YYYY" #16: Dead Peer Detection (RFC3706) enabled
Jul 26 14:46:58  Debug Information IPSec   "conn_YYYY" #16: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jul 26 14:46:58  Debug Information IPSec   "conn_YYYY" #16: sent QI2, IPsec SA established
Jul 26 14:47:13  Debug Information IPSec   "conn_YYYY" #13: received Delete SA payload: deleting IPSEC State #15
Jul 26 14:47:13  Debug Information IPSec   "conn_YYYY" #14: received Delete SA payload: deleting ISAKMP State #14
Jul 26 14:47:23  Debug Information IPSec   "conn_YYYY" #17: initiating Main Mode
Jul 26 14:47:23  Debug Information IPSec   "conn_YYYY" #17: ERROR: asynchronous network error report on eth0 for message to nnn.nnn.nnn.nnn port 500, complainant nnn.nnn.nnn.nnn: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticat
Jul 26 14:47:27  Debug Information IPSec   "conn_YYYY" #18: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 26 14:47:27  Debug Information IPSec   "conn_YYYY" #18: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:47:27  Debug Information IPSec   "conn_YYYY" #18: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 26 14:47:27  Debug Information IPSec   "conn_YYYY" #18: sent MR3, ISAKMP SA established
Jul 26 14:47:27  Debug Information IPSec   "conn_YYYY" #19: responding to Quick Mode
Jul 26 14:47:27  Debug Information IPSec   "conn_YYYY" #19: transition from state (null) to state STATE_QUICK_R1
Jul 26 14:47:27  Debug Information IPSec   "conn_YYYY" #19: Dead Peer Detection (RFC3706) enabled
Jul 26 14:47:27  Debug Information IPSec   "conn_YYYY" #19: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 26 14:47:27  Debug Information IPSec   "conn_YYYY" #19: IPsec SA established
Jul 26 14:47:33  Debug Information IPSec   "conn_YYYY" #17: received Vendor ID payload [Dead Peer Detection]
Jul 26 14:47:33  Debug Information IPSec   "conn_YYYY" #17: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 26 14:47:33  Debug Information IPSec   "conn_YYYY" #17: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 26 14:47:34  Debug Information IPSec   "conn_YYYY" #17: Main mode peer ID is ID_IPV4_ADDR: 'nnn.nnn.nnn.nnn'
Jul 26 14:47:34  Debug Information IPSec   "conn_YYYY" #17: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 26 14:47:34  Debug Information IPSec   "conn_YYYY" #17: ISAKMP SA established
Jul 26 14:47:34  Debug Information IPSec   "conn_YYYY" #20: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Jul 26 14:47:34  Debug Information IPSec   "conn_YYYY" #20: Dead Peer Detection (RFC3706) enabled
Jul 26 14:47:34  Debug Information IPSec   "conn_YYYY" #20: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jul 26 14:47:34  Debug Information IPSec   "conn_YYYY" #20: sent QI2, IPsec SA established
Jul 26 14:49:08  Debug Information IPSec   "conn_YYYY" #17: received Delete SA payload: deleting IPSEC State #19

and so on and so on...
Any thoughts??
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-330 site-to-site VPN suddenly disconnecting
« Reply #1 on: July 27, 2016, 01:20:24 PM »

Link>Welcome!

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?

For each site:
Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

I recommend that you have your ISP check the cabling going to the ISP modem, check signal levels going to the ISP modem. For DSL or Fiber service lines, ensure that the ISP is using good working phone or cable lines to the DSL modem and that the phone lines are filtered correctly. For cable Internet, RG-6 coaxial cable is needed, not RG-59. Check for t.v. line splitters and remove them as they can introduce noise on the line and lower the signal going to the ISP modem. I recommend having the ISP service physically check the lines going from the out side to the ISP modem. Connecting to the ISP modem could result in a false positive as the signal to the modem could be just enough to that point then adding on a router, could see problems. The router operation is dependent upon getting good data flow from the ISP modem and the modem is dependent upon getting good signal from the ISP Service.

I presume all non VPN operations are ok at each site? General Internet access?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

firepuppy

  • Level 1 Member
  • *
  • Posts: 2
Re: DIR-330 site-to-site VPN suddenly disconnecting
« Reply #2 on: August 14, 2016, 01:23:32 PM »

I thought I had sent this reply back on 7/27/16 but just discovered it had not been posted, so posting now for anyone who's still listening...

Ok, problem has been resolved without ANY changes to VPN config (not surprising since it started the same way!):

Turns out there was some issues on the end that was behind a AT&T NVG510 Uverse modem.  When I first switched the client to UVerse, the IP Passthrough functionality of the NVG510 had MANY bugs, so I had configured (cough, hacked, cough) it to enable True bridge mode using Jordan Earl's technique http://earlz.net/view/2012/06/07/0026/rooting-the-nvg510-from-the-webui to allow the DIR-330 to see the public IP on it's WAN interface and had been happily running that way for 3.5 years.  Apparently, AT&T took exception to us wanting to use the NVG510 as just a "modem", and yesterday began taking steps to discourage such behavior!  After the VPN problems mentioned in the original post, the modem reset itself in the middle of the night with the result that the client not only had no VPN this morning, but NO INTERNET whatsoever!!

I have since reconfigured the modem and DIR-330 with a more acceptable (at least to AT&T!!) method of passing the public IP through to the router from instructions I initially found here: https://forums.att.com/t5/Third-Party-Devices/NVG510-Bridge-Mode/td-p/2890841.

NOTE: Those instructions initially required the router (in this case my DIR-330) behind the modem to be configured with a static IP matching the public IP of the NVG510.  As of now (with the NVG510 running v9.0.6h2d45 firmware), I have modified those settings to use a dynamic (DHCP) connection type on the WAN setup of the DIR-330 (which resolves the issues mentioned in that thread if the public IP ever changes).  This initially produced similar behavior to my original post (VPN going up & down every few minutes), but I was able to fix that by changing the NVG510's Passthrough DHCP Lease time from the default (10 minutes) to the maximum (99 days).

I hope this helps anyone else trying to run DLink VPN routers behind the NVG510.
e
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-330 site-to-site VPN suddenly disconnecting (RESOLVED)
« Reply #3 on: August 15, 2016, 06:34:08 AM »

We find that having a built in router on the ISP modem is best used by bridging the modem and letting the DIR series router handle the NAT. Some times if the ISP Modem can't be bridged, it's DMZ may be of some help as well. Glad you got it working. Enjoy.
 ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.