02-08-2018 01:48 PM - edited 02-08-2018 01:49 PM
We have many many many edgerouter lite deployed. A lot of them are using for VPN site-to-site.
We are using VPN IPSEC Site-to-site from the GUI, and then customized a little in CLI.
When the clients are on DHCP WAN or STATIC WAN ... NO problem at all ! VPN's are Rock Solid !!
As soon as we have clients with PPPoE WAN, there is always bugs and VPN going down for many weird reason.
Sometimes when I look at the SA , I see old IP address, like if the VPN was not aware that WAN IP has changed or something.
Sometimes the PPPoE get static ip through dhcp, meaning: they always renew for the same IP, so no IP change.
99% of the case we can "clear vpn ipsec peer" and the tunnel is up again.
I'm trying to find WHY the VPN are always going down randomly when PPPoE is used and i'm trying to find a way to fix this so we can have a rock solid vpn even with PPPoE.
So, that said, if you guys could point me in the right direction to where to look for logs so I can find that is going wrong when the VPN gets down.
We tried, ikev2 instead of ikev1, we tried, local-address 0.0.0.0 or default, we tried DPD restart, and DPD clear.
We tried a bunch of different config, but can't pinpoint why we have troubles with PPPoE VPN.
I already know these but can't find anything meaningfull about what is happening:
show vpn log
show vpn ipsec policy
show vpn ipsec sa
show vpn ipsec state
show vpn ipsec status
I also get a lot of this error, not sure if it is something that can tell you what is the problem...
cavium_delete_hndl : NULL Sa/SA Handle : with x 8000000411c19800 x->sa_handle (nil)
 : firmware version is all 1.9.7 hotfix 4