New Member
Posts: 21
Registered: ‎12-15-2017

VPN troubles with PPPoE

[ Edited ]

Hi,

We have many many many edgerouter lite deployed. A lot of them are using for VPN site-to-site.

We are using VPN IPSEC Site-to-site from the GUI, and then customized a little in CLI.

 

When the clients are on DHCP WAN or STATIC WAN ... NO problem at all ! VPN's are Rock Solid !!

 

But

 

As soon as we have clients with PPPoE WAN, there is always bugs and VPN going down for many weird reason.

Sometimes when I look at the SA , I see old IP address, like if the VPN was not aware that WAN IP has changed or something.

Sometimes the PPPoE get static ip through dhcp, meaning: they always renew for the same IP, so no IP change.

99% of the case we can "clear vpn ipsec peer" and the tunnel is up again.

 

I'm trying to find WHY the VPN are always going down randomly when PPPoE is used and i'm trying to find a way to fix this so we can have a rock solid vpn even with PPPoE.

 

So, that said, if you guys could point me in the right direction to where to look for logs so I can find that is going wrong when the VPN gets down.

 

We tried, ikev2 instead of ikev1, we tried, local-address 0.0.0.0 or default, we tried DPD restart, and DPD clear.

We tried a bunch of different config, but can't pinpoint why we have troubles with PPPoE VPN.

 

I already know these but can't find anything meaningfull about what is happening:

show vpn log

show vpn ipsec policy

show vpn ipsec sa

show vpn ipsec state

show vpn ipsec status

cat /var/log/messages

cat /var/log/charon.log

 

I also get a lot of this error, not sure if it is something that can tell you what is the problem...

cavium_delete_hndl : NULL Sa/SA Handle : with x 8000000411c19800 x->sa_handle (nil)

 

 

[edit] :  firmware version is all 1.9.7 hotfix 4

New Member
Posts: 21
Registered: ‎12-15-2017

Re: VPN troubles with PPPoE

bump ?