Hello guys, good day!

I have 3 Vigor2830Ns setup for Site-to-Site VPN in a star config, 2 servers establish connection with 1 main site.
I have some trouble and hope that you kind guys could help me

Connection drops within a few hours, I have never seen the uptime more than 5 hours. The strange thing is
both will drop at the same time in the hour. For example, now the uptime for 1 site is 5:47, the other is 0:47.
And likewise they will drop at the same minute in the hour but they do not always drop at the same hour.
I read that the Ping to Keep Alive may be the issue, I am not sure which site to ping.
Since both are dial-out to the main site, I have set them to ping the main site router's VPN address.

Thank you so much

Oh yes i believe i see an entry
<129>Dec 7 17:16:45 FDHQVigor: IKE_RELEASE VPN : L2L Profile Index = 2, Name = PS to HQ

just before the connection is dropped and then re-established within 10 seconds

Hi guys,

sorry but just adding on to more information, i believe it's not a ping problem but rather related to authentication.
I used Medium level authentication AH mode and the connection is persistent for over 7 hours and GOING something which was impossible before.
So there seems to be a problem with using Higher levels like DES which will cause the connection to drop very regular.

Looking more carefully into the logs, after IKE_RELEASE VPN is issued, sometimes Quick mode is reestablished, sometimes Main mode,
does this mean that sometimes it is a problem at Phase 2, sometimes even Phase 1?

i hope someone can help me,
setting to Medium mode does not help , still getting frequent D/C

Could you double-check that the IKE advanced settings Key phase 1 lifetime and Key phase 2 lifetime are the same for each 2830 unit? Some users have reported various vpn issues with the 2830. It could be worth contacting Draytek UK support as I think there is a beta firmware which should improve VPN stability. Regards, Neal

nealuk wrote: Could you double-check that the IKE advanced settings Key phase 1 lifetime and Key phase 2 lifetime are the same for each 2830 unit? Some users have reported various vpn issues with the 2830. It could be worth contacting Draytek UK support as I think there is a beta firmware which should improve VPN stability. Regards, Neal

Hi Neal,
thanks for the response, much appreciated!

I have 28800 for Phase 1 and 3600 for Phase 2 on both the dialing out units. There is nothing to set for the dialing in unit. Is this what you mean by same settings?

I will get in contact with Draytek UK. Thank you !