Various random VPN reconnects

Batzn
Batzn Posts: 3
First Anniversary
Hi Everybody,

I'm lately encountering random reconnects on my VPN-Connection when transceiving large Files via SMB and/or HTTP.
It looks like the following example in the Zywall Log

My setup is as the following: IPSEC IKEv2 VPN with an IPv4only public WAN Adress using a native Win10 VPN Client. When using RDP Connection this behaviour is not occuring for some strange reason.

Has Anybody an Idea, what could be the root cause for this errors?

Many Thx in Advance
Batzn




Comments

  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022
    Hello @Batzn,
    Thanks for your feedback. 
    Which model/version do you use, we will clarify this problem.
    Could you provide the complete IKE logs and the debug log when the transmission, and how large is the transceiving file?
    For collecting debug logs, please turn on debug level log, go to Configuration > Log&Report > Log Settings > System log or Log Category Settings, then select debug level for IKE, IPsec.
    Thank you.

    James
  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @Batzn,
    May I know your scenario and the frequency of the problem?
    For example
    Win10 VPN client ------ ZyWall -----HFServer

    James
  • Batzn
    Batzn Posts: 3
    First Anniversary
    Hello James,

    thanks for helping me with my issue. I try to provide as many information as possible. My Firewall is an USG20VPN (Firmware is up-to-date). The reconnects are happening every 3-5 Minutes when uploading 3-4GB of data to the remote NAS. When RDPing the reconnects delay to about 60-70 minutes.

    I lately was RDPing for 4 hours, the connection is stable and performance is absolutely OK. Users don't recognize the rekeying issue, troughput for SMB and FTP is maxing out the line!

    My scenario is Win10/11native VPN Client === WAN === USG20VPN === NAS

    By setting logging to debug (this was the missing element) I found out that obviously rekeying the Tunnel is the problem. For me it seems that there must not only be a time-based rekeying trigger but also an amount-based one(you cannot see in the WebIF but in CLI). I'm providing the logs later because right now I cannot access them.

    Thx a lot
    Batzn

Security Highlight