BOVPN Watchguard M390 to Draytek

FlorianFlorian
in Firebox - VPN Branch Office

Hi,
I have a WatchGuard M390 at a branch office and a DrayTek 3910 router at the main site.
I've set up a Branch Office VPN using IKEv2.
Unfortunately, the VPN connection occasionally drops.

Today it ran fine for about 5 hours, but within the past hour, it has disconnected twice.
When I use “Rekey Selected BOVPN Tunnel” in WatchGuard System Manager, the tunnel comes back up and works again—for a while.

I couldn’t find anything helpful in the Traffic Monitor logs.
The firewall was just deployed at this location today.

Is there anything I might need to adjust or fine-tune?

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Florian

    Rekeying the tunnel from the WatchGuard side suggests that it works when the Firebox is the initiator. Do you see any logs on the Draytek side when it is attempting to bring the tunnel up, or if the tunnel is rekeyed from that side and does not work?

    The firebox may also show logs when the Draytek side is attempting to bring the tunnel up that might suggest the problem.

    If you can't find any information on either, I suggest opening a support case so one of our techs can assist you.

    -James Carson
    WatchGuard Customer Support

  • FlorianFlorian

    Hi James,
    Thanks for your reply.
    We found the issue.
    It was related to the Phase 2 settings.

    Draytek sets the Force Key Expiration to 1 hour, while WatchGuard defaults to 8 hours.
    We’ve now also set it to 1 hour on the WatchGuard side, and everything is working smoothly.

    Thanks :)

Sign In to comment.