BOVPN Randomly dies and only failover fix it.

Hi,
I have issue with s2s vpn to a checkpoint that drops after a while, some times it works for days and then dies. Now other VPNs also do the same. The other end are Meraki and Cisco ASA.
Rekey dose not help and only failing over the cluster fixes the issue.

Troubleshootins that been done so far:
First it was on Ikev1, changing it to Ikev2 did not help.
Used different SA Time, Hash,encryptions, Still problem.
Tried it with DPD On and OFF, not helped.
Changed the MTU on ext int to 1400, not helped.
Changed the Don't fragment (DF), tried all 3 options ( Copy, set, clear), still same issue.

WG support could not find the issue either. By this time i have gone thru the configuration 100 times everything matches.

I'm so close to lose my mind!

Comments

  • Have you tried asking support to escalate your case to the next level?
    Those higher up in the support chain may be able to help understand the issue better, especially with the appropriate logs.

    I, and many others, don't have experience with multiple other brand endpoints, so some of us can't help more.
    BOVPN stability issues such as this are beyond me.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Ari2x
    Taking a look at your case, your technician appears to be pointing out some errors they're seeing on your external interface that potentially means dropped traffic. I would suggest looking into that as it may provide more information about your issue.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.