Re: RV340 hang when using VPN site-to-site - Page 2

Catalin Burla · ‎11-05-2017

Hi.

For +5 years I manage a farm of various RV routers with VPN site-to-site. Around 700 locations connected to HQ , at the beginning with Linksys routers then under Cisco brand. RV042, RV042G , RV320, RV082, RV016, all of then are online 24/7/365.

With every launch dual-wan+vpn device I replaced few working routers and become more or less a "tester", eager to get the increased performance and stability.

RV320 was released with a broken firmware regarding VPN connections: if using more than 2-3 VPN tunnels suddenly hangs. I opened a case and it took more than 6 months to see a working firmware while I put my infrastructure at Cisco disposal to investigate and test.

When RV340 was announced I was glad, the 100 Mbps VPN barrier was exceeded. I ordered 5 RV340 and 3 RV345, waited 3- 4 weeks for delivery and.... RV340 has also a broken firmware regarding VPN connections: it suddenly hangs, down not respond to ping, does not load interface , no traffic, nothing. It can work for 1 day to 10 days, but for sure it will hang. For more than 2 months I still insist using RV340, but I think next step is RMA . It's the same behavior that RV320 had ! I am using RV340 only for 9 VPN tunnels over MPLS lines, no other traffic thru this unit. All 9 MPLS connections cumulated are about 100 Mbps and most important router is freezing during working hours BUT also on night hours when traffic in ZERO.

I somehow contacted Cisco Romania, they told me that I am not the only one complaining.

I tried to open a case by phone on Cisco, the guy asked for service contract and I don't have one.

If somebody else run into same problems please share .

Best regards,

FelipeZatta · ‎02-20-2020

Hi,

The VPN Failover is not working on the latest version of firmware?

I have two RV340 k9 and irá not working for me.

How do I must configure this? Just set the IP of the Second link of remote location on local site to site VPN and vice versa?

Any body have a manual or "How to" about site to site VPN failover to send to me?

Thanks.

ali.gharaei · ‎09-01-2018

We are using 3x rv345 with 3 VPN site-to-site tunnel with other rv345 routers and unfortunately they hang all the time and I need to restart them every week because of freezing problem.

Russell Racey · ‎09-01-2018

That was my experience with the older firmware. The latest release does seem to stabilize VPN connections, or at least as far as I can tell. Right now I only have one RV340 in the field and it's tunnels appear healthy and are staying up without having to reboot. I normally have a Cisco RVxxx as initiator and the other router as responder, as two routers fighting to establish the same ipsec can result in a corrupted tunnel (i.e. blocks data). And especially if the other router is not a Cisco, always make that one a responder. That said, I can't say if the RV34x VPN is as good as the older RV0xx series, which were pretty much bulletproof.

The RV34x previous firmware had a lot of stability issues, not just with VPN.

budwlkr2888 · ‎09-02-2018

Update: So far I have deployed about 25 of the RV340's and all are working well for our purposes. So long as we continue to use firmware 1.0.0.33 our site-to-site VPN seems quite stable. We have them deployed using DSL, Cable, & Fiber installations. This model (for the cost) just seems to give us all the features we need and I am finding that I am quite happy with them at this point. I just wish I could keep current with firmware updates, till then we stay vigilant with other security hardware, software, & procedures.

ali.gharaei · ‎09-02-2018

thanks to share this info I'm using image 1.0.01.18 do you think I need to downgrade to 1.0.00.33?
Also what sort of ipsec profile are you using? Mine is: phase1 group 5, 1536bit / AES-128 / SHA1 28800 and phase2 ESP/AES-128/SHA1 3600 group 5,1536bit
And I have hang problem every week

ali.gharaei · ‎09-02-2018

thanks to share this info I'm using image 1.0.01.18 do you think I need to downgrade to 1.0.00.33?

Also what sort of ipsec profile are you using? Mine is: phase1 group 5, 1536bit / AES-128 / SHA1 28800 and phase2 ESP/AES-128/SHA1 3600 group 5,1536bit

And I have hang problem every week

budwlkr2888 · ‎09-02-2018

Ali, I can only tell you what worked and what seems to be working for me. Be aware though that to downgrade you will not be able to export/import the current configuration file because your router is currently using the updated firmware, I found that when I tried to downgrade the firmware, that it basically reset to factory and that I could not import my config into the router now using the downgraded firmware. **Be sure to take note of all your settings & configs prior to downgrading the firmware.**

My IPSec settings are: Phase I, Group 2 - 1024, 3DES, SHA1, 28800; Phase II, ESP, 3DES, MD5, 28800. Hope this helps you out, Good Luck!

krishna_c · ‎11-20-2018

Hi All,
I'm currently running the FW version 1.0.01.20. I too have multiple VPN Site-to-Site tunnels running on my router without any issue for more than a week so far. I have faced this hang issue previously and no clue about the symptoms that cause this issue. Going through the release notes for the firmware mentioned above, there seem to be issues with Syslog over VPN. So I have moved my Syslog server to be on my LAN rather over VPN. After this, the tunnels seems to be stable. Not sure if this solves your problem. Thanks...!

ali.gharaei · ‎11-25-2018

Hi thanks to share your experience.
Yes I have got the same experience, let me tell you and everyone what's
happened and share my experience: I logged tickets with Cisco about hang
issue and also pptp issues and after few weeks challenging and sent few
frimwares, finally they suggested me to turn off the log system and I can
confirm since 6 weeks ago no hang happens yet using RV34X-v1.0.02.06
frimware.
For PPTP issues finally I find out it's working if you are using Remote
Authentication Service (RADIUS server) if you want to connect using local
user you have to connect with no encryption! looks like Cisco did that
because they think they can sell RADIUS Server to SMB sector!!(upselling).
Hope this info can help everyone who got the same issues with RV345.

krishna_c · ‎11-25-2018

Hi Ali.gharaei, thanks for the information. When is this new version gonna release?

ali.gharaei · ‎11-25-2018

I'm not sure about that. But I saw today

RV340/RV340W/RV345/RV345P v1.0.01.20
19-OCT-2018 50.91 MB version is available on Cisco website.

papamanuel · ‎10-18-2018

I was told today by Cisco TAC, there will be a new firmware version published tomorrow and it will be available after the weekend, "that should fix some of the VPN issues"

Ruckol1 · ‎12-11-2018

I've experienced the same issue using a site-to-site VPN on my RV345. The latest firmware did not fix it, the only resolution is to simply disable the site to site VPNs. Absurd, easily the worst piece of equipment we've ever purchased. Maybe even worse than any software's in our stack either. A VPN router that crashes and freezes the entire LAN / WAN when it's using a VPN!

webmaster · ‎01-20-2021

I have the same issue,

I replaced a RV320 mainly because my 1gbit ISP Upstream was not fully used by the RV320 I thought the RV340 with more CPU power and throughput would be a great idea.

Since the RV340 is in use (for 2 weeks now) I see maybe 2 times a day Traffic beeing blocked/not working to the outside world. This has never been the case with the RV320.

I have 2 VPN site2site Tunnels and whenever the tunnels reconnect I have about 1-2 minutes issues connecting from LAN to outside world.

I´m running the latest firmaware 1.0.03.20

In the web UI I also see around 500 Packet Loss on the WAN interface, raising 500 more every day. I had never seen any packet loss before on the RV320.

So far not a good choice...

Martin Aleksandrov · ‎01-21-2021

@webmaster

So sorry to hear about your bad experience with the router. We've fixed a similar issue with the firmware 1.0.03.15 back in 2019 (CSCvo20003 - The VPN traffic can't be forwarded by the DUT after running some time.- https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/RV340/Release_Note/RV34xx_relnote_v1_0_03_20.pdf ) but haven't filed an issue with the packet loss on the WAN interface. Do you use SEC license on the router and have enabled Antivirus, Web Filtering, etc.?

Kindly proceed with WAN port packet capture (https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/enable-wan-packet-capture-rv34x-devices.html ) and gather all information during the problem periods, then raise a ticket with STAC where an engineer will help you further troubleshoot and resolve the issue. Contact details are as follows:

https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

Regards,

Martin