08-04-2013 09:42 PM
I have 5 RV082 routers. One at each location. Over the past 3 weeks, I have been having a site outage pretty much every Monday. This evening I saw the tunnels drop about 10PM. They all dropped at the same time.
So I saw there was a firmware update. I read the notes on it and there is a fix to resolve an issue with the tunnel drops.
So I loaded it on one of the remote office RV082 devices.
The tunnel dropped and wouldn't re-establish.
I then proceeded to contact support. The units have hardware warranty but no software/troubleshooting support.
I have updated all units to the most recent firmware now. But I am still not getting the tunnels back.
I have also had issues reconnecting to the main firewall via HTTPS.
It just sits there where as all other sites let me in. I just can't connect to the main office firewall. Internet is up, everything is routing fine.
When I update the firmware at one location I am guessing that having all of the routers running the latest version of firmware is recommended. So at this time I am able to get to all remote locations just fine, I however cannot get into the main office router via any web browser. Is there another way someone knows that I can remotely bounce this device? A command that can be sent?
Do I need to establish new VPN keys after firmware update?
Do I need to have customers power off the routers and power them back on?
Error messages:
Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
This update has turned out to be far more tedious than I imagined.
Thanks for your help,
Patrick
08-05-2013 10:25 AM
Some more information:
VPN Log (g2gips1) #147: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:30 2013
VPN Log (g2gips1) #147: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:30 2013
VPN Log (g2gips1) #148: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:32 2013
VPN Log (g2gips1) #148: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:32 2013
VPN Log (g2gips2) #149: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:33 2013
VPN Log (g2gips2) #149: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:33 2013
VPN Log (g2gips1) #150: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:33 2013
VPN Log (g2gips1) #150: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:33 2013
VPN Log (g2gips2) #151: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:36 2013
VPN Log (g2gips2) #151: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:36 2013
VPN Log (g2gips2) #152: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:38 2013
VPN Log (g2gips2) #152: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:38 2013
VPN Log (g2gips2) #153: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:39 2013
VPN Log (g2gips2) #153: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:39 2013
08-05-2013 11:55 PM
Did you rebuild the configs from scratch or restore them from a saved copy? If you restored, I'd rebuild them from scratch.
There is a way to remotely reboot the rv016, and this should work for the rv082. PM me and I'll share it.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
08-07-2013 01:10 AM
Hello Patrick,
What IP addresses are you using on the WAN sides of all RV082 - public or privat and what internet connection are you using - modem, SDSL, ADSL...
Also what was the previous firmware on ther routers, when the tunnels was established- before uploading the latest one
Regards,
Kremena
08-07-2013 08:53 PM
The WAN addresses are comcast static IP on WAN1 and Integra Static from T1 on the WAN2.
It was the previous version to the latest version. The most updated version indicated that the issue with tunnels going down had been resolved.
I rebuilt the VPN tunnels for 2 locations tonight.
The weird thing is that I can VPN in fine though it is incredibly slow, on the Integra interface over the T1.
If I reconfigure the Tunnel to use the Cable modem line, the tunnel comes back with
Aug 7 21:47:10 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25.x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
Aug 7 21:46:51 2013 Connection Refused - Policy violation TCP 10.100.20.100:135->10.100.40.100:3916 on eth1
Aug 7 21:45:50 2013 Kernel last message repeated 2 times
Aug 7 21:44:30 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25.x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
Aug 7 21:43:50 2013 Kernel last message repeated 2 times
Aug 7 21:42:30 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25.x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
Aug 7 21:41:50 2013 Kernel last message repeated 2 times
Aug 7 21:40:30 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25..x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
Aug 7 21:39:50 2013 Kernel last message repeated 2 times
Aug 7 21:39:20 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25.x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]
Aug 7 21:39:20 2013 VPN Log (g2gips0) #3: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Aug 7 21:39:20 2013 VPN Log (g2gips0) #3: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Aug 7 21:39:20 2013 VPN Log (g2gips0) #3: initiating Main Mode to replace #2
01-19-2014 02:08 PM
RV082 V03 Firmware version on all is v4.2.2.08
Having the issues again.
Only 1 site this time. We found that a "Green" switch at the main office was causing the VPN's to time out and lose conection. At lease we think that it was the issue based on the fact when we swapped it out for a non-green switch, things worked fine.
Having the issue now after having replaced a Cable modem at one of the sites.
The Phase 1 SA is being destroyed fairly quickly after issue.
Most often I am seeing the tunnel drop between the remote location every 30-45 minutes. All on the same error about the PHase 1 SA being destroyed.
Jan 19 17:01:28 2014 VPN Log (g2gips0) #5691: [Tunnel Negotiation Fail] Phase 1 SA was destroyed
Jan 19 17:01:28 2014 VPN Log (g2gips0) #5691: [Tunnel Negotiation Fail] Phase 1 SA was destroyed
Jan 19 17:01:28 2014 VPN Log (g2gips0) #5686: starting keying attempt 2 of an unlimited number
Jan 19 17:01:28 2014 VPN Log (g2gips0) #5686: max number of retransmissions (2) reached STATE_QUICK_I1
Jan 19 17:01:28 2014 VPN Log (g2gips0) #5686: max number of retransmissions (2) reached STATE_QUICK_I1
Jan 19 17:00:39 2014 VPN Log (g2gips0) #5689: received Delete SA payload: deleting ISAKMP State #5689
Jan 19 17:00:39 2014 VPN Log (g2gips0) #5689: received Delete SA payload: deleting ISAKMP State #5689
Jan 19 17:00:38 2014 VPN Log (g2gips0) #5687: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x742e3137) not found (maybe expired)
Jan 19 17:00:38 2014 VPN Log (g2gips0) #5687: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x742e3137) not found (maybe expired)
To get things rolling again, I go to the main office router, I modify the VPN tunnel configuration from the VPN tab, summary option. I click the modify button, go to the bottom of the page, changing absolutely no settings. I simply click on save and things work again after 5-10 seconds.
Its kind of a nuissance to have to go back to the tunnel configuration screen every 1/2 hour. So if anyone has any ideas on what is causing this please let me know.
I have Dead Peer Detection turned on
I have the keep alive checked
02-11-2014 05:55 PM
Try changing the encryption/protocol for phase 1 and see if that helps.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
03-19-2015 06:26 AM
Ho PatrickDonan,
I have the same trouble. I have to click on save and the VPN works for sometime.
Did you fixed your this trouble ?
Let me know if you have a solution.
Thank you
BR
Pierre HOEGY
08-08-2013 07:50 AM
What version hardware is your rv082? The latest firmware only works on v3 hardware and above. Otherwise, you're limited to v1-3 firmwares (on the rv016 at least, rv082 may vary).
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide