some IKEv2 users loose connection after 10-30 minutes
Hello all. I've been working to try and track down an issue 2 out of my 40 users are having. It started about a month ago with one user, who never has an issue connecting, but the connection starts 'hanging' and becomes unresponsive. I noticed that when the 'issue' begins, Outlook and any browsing will fail, and access to network drives begins to become unstable. Since it was only one user, I swapped her computer out with a different one, but the problem stuck with her, but the computer was an exact similar setup hardware wise, so thought it may be hardware/firmware/driver related. Then a second person started showing same problem, with a different model of laptop. yesterday, I configured them both to use L2TP for VPN, and all problems went away, so I'm pretty sure it's a WG/IKEv2 issue. Anyone heard of this issue?
Comments
For the record, what Fireware version are you running?
Sorry about that. Version 12.7.2
Their IKE is so buggy I have moved everyone back to SSL - it is not really worth the trouble supporting IKE in WG land. WG will blame Windows (and they may be right). Far easier to use Open VPN client with SSL via AD and Duo or AuthPoint.
IKEv2 usually performs better. I have several clients running IKEv2 with no issues. The only time issues happen is when Windows updates it and breaks it causing the said clients to use SSLVPN as a backup until WG comes out with a patch to fix what they break.
12.8 did also add some IKEv2 bug fixes and support for MobIKE
You are correct that the performance is far higher with IKE as opposed to SSL, but slower performance is far more palatable than total lack of VPN function :-)
Plus, for me, in general, I am just hitting 3389 (RDP) and not having to map drives or access resources.
Thanks everyone. I was hoping this was a known issue. I will try updating, which is planned as we are about to implement Authpoint.
Well updated to 12.8 this past weekend, and still having issues with a few users with IKEv2. Temp workaround is them running L2TP..