Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[dghost]

I have successfully configured a site to site VPN tunnel using IPSec with 2 DIR-330. Everything works well, I can communicate with both private LAN using these 2 router.

The problem is that the VPN session always get disconnected after a couple of minutes (maximum 5 minutes). The VPN session won't be reactivated if I reboot the DIR-330, I have to log back to the DIR-330 web interface, go to the VPN connection settings and reclick save in order to reconnect the VPN tunnel (any one of the 2 router, it doesn't matter). I don't need to change the settings for the VPN tunnel, I just click save for the VPN connection and then the connection is re-establish, but then, it will fail again after some minutes.  I have also tried with the 3 different setting for the Keep Alive / DPD and there are no difference whatsoever for the VPN tunnel (none, Keep Alive, Dead Peer Detection).

I can understand that the VPN tunnel may get disconnected once in a while because of some network issue, but that the device doesn't reconnect the VPN tunnel automatically is the part that I don't understand.

Any advice regarding this problem?

This device has some cool feature, but it really doesn't work as advertised so far. I am disappointed with it.

[dghost]

At last, after a couple of days taking a break, I was able to resolve most of the problems with the site to site VPN connection.  Here's my personal experience with it so far with this device. I have configured 2 DIR-330, with the VPN connection, at each site successfully but it took my a while to discover that the 2 routers has to be connected directly without any SOHO LAN router between them. My biggest problem was that one of the site, the DIR-330 was installed in a DMZ behind another D-link router, a DIR-615. Even after putting the DIR-330 in the DMZ and turning off all of the firewall features of the DIR-615, the VPN connection would keep getting disconnected and would never reconnect automatically. The connection would not even last 5 minutes like I've previously said in my post. So I decided to remove the DIR-615 and put the DIR-330 instead as the main router.

Site A of the VPN is connected to the Internet with an ADSL connection (about 80Kb/sec for upload speed) and site B (120 Kb/sec for upload) is connected to the net using a cable connection. I've noticed that the VPN connection tend to get disconnected when one of the 2 sites is having a large usage of bandwidth (i.e. one of the site is taking all of the upload bandwidth available) but the VPN connection will reconnect automatically and it won't stay dead very long. I am able to browse the Windows share from both sites, even if it's a little bit slow, it's working.

So I am happy that it does work for a very cheap solution, even tough it means that both router cannot be behind any other routers at all. The main factor if this solution is good for you or not is mostly depending on the quality of each Internet connection - you need a good upload speed.

Before closing this comment, if you need a VPN connection that stays on at all time, do not choose the Keep-Alive setting for the connection but take instead the Dead Peer Detection (DPD), really much better, you save time for the automatic reconnection when it goes down and you'll save a little bit of bandwith. Read the official RFC for the DPD, for more details on this - https://tools.ietf.org/html/rfc3706

Have fun!

[FurryNutz]

What ISP services and ISP modems do you have?
Stand Alone or built in routers? Having build in routers into ISP modem creates Double NAT which will cause connection issues FYI.

Good information and Feedback. Thank you for sharing.

[dghost]

Site A with the ADSL connection is with the ISP of Bell Sympatico. Yes their modem also have a router integrated with it but I've disabled all of the router functionality with it, it only act as an ADSL modem. Can't remember the exact model for it, it's very recent. Site B is with Videotron, no router is integrated with the modem cable. So both router at each site does get a public IP. I am well aware about the problem that double NAT may do, it's a good idea to mention it.

[FurryNutz]

Ok, wanted to make sure. Sounds like you have it locked down finally.

Thanks for the good information and feed back. This will help others for sure.

Enjoy.