We have an XG 85. It has 2 IPSec VPNs to remote Draytek 2860 devices.
The VPNs are up and they run normally as far as we can tell.
But then there will be a run of the tunnels dropping overnight and not restarting. Once the "Connection" dot is pressed it goes to green and connects perfectly again.
I have some charon & strongswan logs but I'm not too sure what I'm looking at to be honest and telephone support in UK takes forever to answer.
At the XG side the VPNs are Main Mode V1 and Initiate the Connection. DPD is enabled.
Note: the 2 Drayteks are also IPSec connected and NEVER go down!
Here is a section of a log, I've changed the public IPs slightly - the link seems to go dead at 01:05 until I physically reconnect at 08:02:
2019-10-10 01:05:21 31[NET] <Draytek-1|910> sending packet: from xx.xx.xx.22[500] to xx.xx.xx.38[500] (92 bytes)
2019-10-10 01:05:51 15[NET] <Draytek-1|910> sending packet: from xx.xx.xx.22[500] to xx.xx.xx.38[500] (92 bytes)
2019-10-10 01:06:01 25[IKE] <Draytek-1|910> looking for a route to xx.xx.xx.38 ...
2019-10-10 01:06:01 25[IKE] <Draytek-1|910> no route found to reach xx.xx.xx.38, MOBIKE update deferred
2019-10-10 01:06:01 17[IKE] <Draytek-1|910> looking for a route to xx.xx.xx.38 ...
2019-10-10 01:06:01 17[IKE] <Draytek-1|910> no route found to reach xx.xx.xx.38, MOBIKE update deferred
2019-10-10 01:06:09 22[APP] <Draytek-1|910> [COP-UPDOWN] (cop_updown_invoke_once) UID: 910 Net: Local xx.xx.xx.22 Remote xx.xx.xx.38 Connection: Draytek Fullname: Draytek-1
2019-10-10 01:06:09 22[NET] <Draytek-1|910> sending packet: from xx.xx.xx.22[500] to xx.xx.xx.38[500] (76 bytes)
2019-10-10 01:06:09 12[APP] <Draytek-1|910> [COP-UPDOWN] (cop_updown_invoke_once) UID: 910 Net: Local xx.xx.xx.22 Remote xx.xx.xx.38 Connection: Draytek Fullname: Draytek-1
2019-10-10 01:06:10 12[APP] <Draytek-1|910> [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"xx.xx.xx.22","peer":"xx.xx.xx.38","mynet":"192.168.1.0/24","peernet":"192.168.2.0/24","connop":"0","iface":"unknown","myproto":"0","myport":"0","peerproto":"0","peerport":"0","conntype":"ntn","actnet":"","compress":"0","conn_id":"1"}'': error returned 255
2019-10-10 01:06:11 12[NET] <Draytek-1|910> sending packet: from xx.xx.xx.22[500] to xx.xx.xx.38[500] (76 bytes)
2019-10-10 01:06:11 19[IKE] <Draytek-1|910> looking for a route to xx.xx.xx.38 ...
2019-10-10 01:06:11 19[IKE] <Draytek-1|910> no route found to reach xx.xx.xx.38, MOBIKE update deferred
2019-10-10 01:06:11 08[IKE] <Draytek-1|910> deleting IKE_SA Draytek-1[910] between xx.xx.xx.22[xx.xx.xx.22]...xx.xx.xx.38[xx.xx.xx.38]
2019-10-10 01:06:11 08[NET] <Draytek-1|910> sending packet: from xx.xx.xx.22[500] to xx.xx.xx.38[500] (92 bytes)
2019-10-10 01:06:13 30[CFG] loaded IKE secret for xx.xx.xx.22 xx.xx.xx.38
2019-10-10 01:12:48 21[CFG] loaded IKE secret for xx.xx.xx.22 xx.xx.xx.38
2019-10-10 01:12:52 14[CFG] loaded IKE secret for xx.xx.xx.22 xx.xx.xx.38
2019-10-10 08:02:39 12[CFG] loaded IKE secret for xx.xx.xx.22 xx.xx.xx.38
2019-10-10 08:02:40 10[IKE] <Draytek-1|913> initiating Main Mode IKE_SA Draytek-1[913] to xx.xx.xx.38
2019-10-10 08:02:40 10[NET] <Draytek-1|913> sending packet: from xx.xx.xx.22[500] to xx.xx.xx.38[500] (272 bytes)
2019-10-10 08:02:40 24[NET] <Draytek-1|913> received packet: from xx.xx.xx.38[500] to xx.xx.xx.22[500] (128 bytes)
2019-10-10 08:02:40 24[NET] <Draytek-1|913> sending packet: from xx.xx.xx.22[500] to xx.xx.xx.38[500] (372 bytes)
This thread was automatically locked due to age.
