05-02-2017 10:58 AM - edited 06-06-2018 09:54 AM
Hello friends,
We purchased an RV340 to replace an aging router. The switch was mostly painless except for one issue. Traffic to/from our openvpn service is being interrupted. Our setup is similar to the bottom of this page, we are using a static route to route traffic to 10.8.0.0/24 to a machine on VLAN1 (192.168.0.5). Machines on VLAN1 can ping vpn clients (10.8.0.5) but not the other way around. UDP seems to work both ways fine, but TCP does not. When trying to SSH from inside, I get this message in the logs on the router:
kernel: [87023.255407] FIREWALL:PACKET DROP IN=eth3.1 OUT=eth3.1 MAC=ec:fd:1d:44:8a:21 9c:f6:54:af:e8:a0 08:00:45:01:01:5d src=192.168.0.136 DST=10.8.0.7 LEN=93 TOS=0x00 PREC=0x00 TTL=63 ID=5207 DF PROTO=TCP SPT=34696 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0 MARK=0xff00
I've tried adding firewall access rules for 10.8.0.0 with no change. Even disabling the firewall did not seem to help. Does anything stand out to anyone or is there any advice on what to try next?
Thanks for reading!
UPDATE: It's been a little over a year and after spending some time checking today, the seems to be fixed. My setup hasn't changed much but I have upgraded the firmware on the router twice. Presumably this has fixed what ever the issue was.
05-04-2017 06:18 AM
A workaround seems to be configuring the static route on each machine so the traffic can avoid going "to" the router and straight to the gateway (192.168.0.5). It's strange this would be a problem when it wasn't with our old router.
12-07-2017 10:14 AM
Good workaround .... but is'nt the solution. In my opinion is a bug of RV345 and I hope that Cisco would make something to correct the firmware.
02-20-2018 01:35 PM
I have this same issue with a RV340W router. I can add a route using the PC but the static route in the router is getting blocked by the firewall.
05-15-2018 01:01 AM
Same problem for me. We need a patch to solve this problem. This behaviour is unsustainable. Please, may Cisco let us know when this serious bug would be fixed?
05-15-2018 03:09 AM
By now it seems sure that Cisco is not interested in Small System Routers. It does not seem to me a behavior worthy of a serious company.
06-06-2018 06:18 AM
We're on our 4th Engineer trying to get the RV340W to stop freezing on us (and generating about 80K error packets a day when the switches attached have no errors).
He said static routing won't work without a VLAN stub. Kinda defeats the purpose.
06-06-2018 07:47 AM
What is a VLAN stub and why would you need it for fixed IP addresses
06-06-2018 09:13 AM
They way the engineer described it was setting up a VLAN without "inter-VLAN routing" and then using that new VLAN IP in your static route.
I was still confused as he tried to explain it, but he said that's the only way static routing will work on these routers. He could not clarify why we would do this and NOT check "inter-VLAN routing" vs. enabling that and not using a static route.
I have not tried that yet and probably won't. I don't see the purpose. I wanted routing without VLANs because using VLANs creates 80K error packets a day in my router and it eventually freezes.
Sorry I couldn't offer a better explanation.
08-05-2018 05:25 AM
I’ve been getting this and a few other errors too. Some errors were resolved by adding the offending client to the static IP table but I still get these drop packets. The router had been locking up too requiring a reboot to make the network work again. I bought an RV325 just in case I need to swap out this RV345 in order to keep the customer happy. This lack of support from Cisco is discouraging and makes no sense. Why develope a product that deosn’t work properly and continue to allow problems that tarnishes the entire brand.
08-06-2018 12:30 AM
10-25-2018 08:39 PM - edited 10-25-2018 08:47 PM
I have these same messages note mac addresses have been edited for privacy.
My setup is almost completely stock on
Firmware Version: | 1.0.01.18 |
just a bridged modem on wan1 simple LAN and some QOS rules. Changed the default ip address. I have set every ip address on a Static DHCP this reduced the number of warnings.
12-14-2018 12:55 AM
Hi !
I have the same issues with my RV340...
kernel: [82162.434738] FIREWALL:PACKET DROPIN=eth3.11 OUT=eth2 MAC=ec:bd:1d:44:89:6a:70:48:0f:90:17:b0:08:00:45:02:00:89 src=10.50.11.30 DST=188.165.185.33 LEN=137
The difference is that I do not try to do inter vlan but just out on the internet ...
The navigation is fine but I have a lot of packet error on the LAN interface and its firewall error.
Users sometimes complain about a long internet. In searching I fall on this topic. I find this unacceptable by Cisco. On the RV340 I do not even stop to make the ipsec between RV320 and R340.
If I can not find a solution I change my router
12-12-2020 05:21 AM
Does anyone has a solution? Still not able to get my static vpn connections working with a RV340.
12-14-2020 04:10 AM
I was told the static routes will never work as-is like you may have been used to. You have to set vlans.
Do both your networks plug directly into the router?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide