[Openswan Users] Issue with Ipsec tunnel and connection to third party

Daniel Cave dan.cave at me.com
Fri Jan 22 05:14:38 EST 2016


Scenaro:

Amazon T2.small instance in AWS running ubuntu 14.04. (UK)
Standard OpenSwan 2.3.38

Peer, Third party, Cisco VPN 3000 series device in the USA/Massachusetts 

I've had this VPN up since June last year as part of a DR test, and we have an application setup locally in was connecting over the tunnel to the remote network  to two servers via TCP/IP - collecting data, initially, the application would drop the connection and time out quite often, which meant we had to restart it, but shortly after, we turned DPD off, on the tunnel and it seemed to stabilise - all the time, our application is running and ever so often times out connecting to two servers on the remote network and we re-start it every so often.

Last weekend, it had been running up until recently - we did a failover into Amazon - which in summary has gone very well, but since last Saturday, the application which connects over the VPN seems to randomly disconnect at least once a day for no apparent reason, where it connects to two of the servers, it reconnects to the first one, but fails to connect to the second even after timing out( as its designed to indefinitely re-try connecting)

I have had a ping session running continually to both servers since 3pm yesterday afternoon and seeing 0.1 % packet loss *using MTR* and an mtr to the External IP peer, yet last night the application timed out.

I spoke to the third party vendor who told me they can't see any issues with the tunnel or servers. Interestingly our 2nd production environment has a Cisco 1900 router connected to the same VPN peer in the USA and the application which runs over that in 2nd environment, we don't see any application time out issues at the same time when we have the ones in AWS.

When I checked the application server's CPU load for the times the application times out, the CPU load isn't massively high.

Can anyone suggest what to do  to fix this ?
https://docs.google.com/document/d/1xKDuckCPOEGzOV5hXKbKLswQUSzG49CluuFk8aSImdg/edit?usp=sharing

Thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160122/753107ce/attachment.html>


More information about the Users mailing list