Business Community > Routers > ER8411 L2TP LAN-LAN VPN Intermittent Connection (Server -> Client)
< Routers

ER8411 L2TP LAN-LAN VPN Intermittent Connection (Server -> Client)

ER8411 L2TP LAN-LAN VPN Intermittent Connection (Server -> Client)

ER8411 L2TP LAN-LAN VPN Intermittent Connection (Server -> Client)
ER8411 L2TP LAN-LAN VPN Intermittent Connection (Server -> Client)
Monday - last edited Tuesday
Tags: #VPN #Network Connectivity
Model: ER8411  
Hardware Version: V1
Firmware Version: 1.2.2

I have two ER8411s in a LAN-LAN L2TP VPN configuration. The server has a public IP, the client is behind a NAT. The VPN is in a LAN-LAN configuration with route mode. The server router has a LAN IP of 172.18.0.1 and the client router has a LAN IP of 172.19.0.1.

 

From the client subnet, I can access anything on the server subnet as expected.

 

From the server subnet, I can intermittently access anything on the client subnet. Here's an example of a `ping` from a device on the server subnet to the client router:

```

$ ping 172.19.0.1

PING 172.19.0.1 (172.19.0.1) 56(84) bytes of data.
64 bytes from 172.19.0.1: icmp_seq=27 ttl=62 time=8.17 ms
64 bytes from 172.19.0.1: icmp_seq=28 ttl=62 time=8.92 ms
64 bytes from 172.19.0.1: icmp_seq=29 ttl=62 time=8.14 ms
64 bytes from 172.19.0.1: icmp_seq=30 ttl=62 time=7.61 ms
64 bytes from 172.19.0.1: icmp_seq=31 ttl=62 time=7.82 ms
64 bytes from 172.19.0.1: icmp_seq=32 ttl=62 time=8.39 ms
64 bytes from 172.19.0.1: icmp_seq=33 ttl=62 time=8.39 ms
64 bytes from 172.19.0.1: icmp_seq=34 ttl=62 time=8.94 ms
64 bytes from 172.19.0.1: icmp_seq=35 ttl=62 time=8.46 ms
64 bytes from 172.19.0.1: icmp_seq=60 ttl=62 time=192 ms
64 bytes from 172.19.0.1: icmp_seq=61 ttl=62 time=7.54 ms
64 bytes from 172.19.0.1: icmp_seq=62 ttl=62 time=8.26 ms
64 bytes from 172.19.0.1: icmp_seq=63 ttl=62 time=8.40 ms
64 bytes from 172.19.0.1: icmp_seq=64 ttl=62 time=8.54 ms
64 bytes from 172.19.0.1: icmp_seq=65 ttl=62 time=10.4 ms
64 bytes from 172.19.0.1: icmp_seq=66 ttl=62 time=8.57 ms
64 bytes from 172.19.0.1: icmp_seq=67 ttl=62 time=8.05 ms
64 bytes from 172.19.0.1: icmp_seq=68 ttl=62 time=7.47 ms
64 bytes from 172.19.0.1: icmp_seq=93 ttl=62 time=384 ms
64 bytes from 172.19.0.1: icmp_seq=94 ttl=62 time=8.39 ms
64 bytes from 172.19.0.1: icmp_seq=95 ttl=62 time=8.35 ms
64 bytes from 172.19.0.1: icmp_seq=96 ttl=62 time=9.32 ms
64 bytes from 172.19.0.1: icmp_seq=97 ttl=62 time=8.03 ms
64 bytes from 172.19.0.1: icmp_seq=98 ttl=62 time=8.22 ms
64 bytes from 172.19.0.1: icmp_seq=99 ttl=62 time=8.34 ms
64 bytes from 172.19.0.1: icmp_seq=100 ttl=62 time=7.72 ms
64 bytes from 172.19.0.1: icmp_seq=101 ttl=62 time=8.30 ms
64 bytes from 172.19.0.1: icmp_seq=138 ttl=62 time=2112 ms
64 bytes from 172.19.0.1: icmp_seq=139 ttl=62 time=1088 ms
64 bytes from 172.19.0.1: icmp_seq=140 ttl=62 time=64.3 ms
64 bytes from 172.19.0.1: icmp_seq=141 ttl=62 time=7.76 ms
64 bytes from 172.19.0.1: icmp_seq=142 ttl=62 time=8.53 ms
64 bytes from 172.19.0.1: icmp_seq=143 ttl=62 time=8.54 ms
64 bytes from 172.19.0.1: icmp_seq=144 ttl=62 time=7.71 ms
64 bytes from 172.19.0.1: icmp_seq=145 ttl=62 time=7.66 ms
64 bytes from 172.19.0.1: icmp_seq=146 ttl=62 time=8.36 ms
64 bytes from 172.19.0.1: icmp_seq=147 ttl=62 time=8.98 ms
64 bytes from 172.19.0.1: icmp_seq=148 ttl=62 time=8.52 ms
64 bytes from 172.19.0.1: icmp_seq=173 ttl=62 time=256 ms
64 bytes from 172.19.0.1: icmp_seq=174 ttl=62 time=8.53 ms
64 bytes from 172.19.0.1: icmp_seq=175 ttl=62 time=7.71 ms
64 bytes from 172.19.0.1: icmp_seq=176 ttl=62 time=8.33 ms
64 bytes from 172.19.0.1: icmp_seq=177 ttl=62 time=8.66 ms
64 bytes from 172.19.0.1: icmp_seq=178 ttl=62 time=9.10 ms
64 bytes from 172.19.0.1: icmp_seq=179 ttl=62 time=7.97 ms
64 bytes from 172.19.0.1: icmp_seq=180 ttl=62 time=7.73 ms
64 bytes from 172.19.0.1: icmp_seq=181 ttl=62 time=8.40 ms
64 bytes from 172.19.0.1: icmp_seq=203 ttl=62 time=3009 ms
64 bytes from 172.19.0.1: icmp_seq=204 ttl=62 time=1985 ms
64 bytes from 172.19.0.1: icmp_seq=205 ttl=62 time=961 ms
64 bytes from 172.19.0.1: icmp_seq=206 ttl=62 time=7.75 ms
64 bytes from 172.19.0.1: icmp_seq=207 ttl=62 time=7.62 ms
64 bytes from 172.19.0.1: icmp_seq=208 ttl=62 time=9.13 ms
64 bytes from 172.19.0.1: icmp_seq=209 ttl=62 time=8.60 ms
64 bytes from 172.19.0.1: icmp_seq=210 ttl=62 time=8.19 ms
64 bytes from 172.19.0.1: icmp_seq=211 ttl=62 time=7.82 ms

```

 

You can see that sequences 68-92 failed, 102-137 failed, 182-202 failed, etc.

 

It seems that server->client pings succeed when I am accessing resources on the server subnet from the client subnet, and the pings fail when there isn't any client->server traffic. Almost like the client->server traffic creates a temporary routing rule on the server side, that temporarily allows the server->client traffic?

 

It's very odd behaviour, but I need to fix it so that devices on the server subnet can consistently access devices on the client subnet.

  0      
 
  0      
 
#1
Options
3 Reply
Re:ER8411 L2TP LAN-LAN VPN Intermittent Connection (Server -> Client)
Tuesday

Hi @SomeNetEngineer 

Thanks for posting in our business forum.

Do you verify this by the Wireshark to prove from the other side it is lost in the tunnel?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:ER8411 L2TP LAN-LAN VPN Intermittent Connection (Server -> Client)
Yesterday

  @Clive_A Could you provide more detail on what, specifically, you'd like me to test?

  0  
  0  
#3
Options
Re:ER8411 L2TP LAN-LAN VPN Intermittent Connection (Server -> Client)
21 hours ago

Hi @SomeNetEngineer 

Thanks for posting in our business forum.

SomeNetEngineer wrote

  @Clive_A Could you provide more detail on what, specifically, you'd like me to test?

Wireshark while you were pinging them to verify that the packets were lost or not responded to.

Also, verify that ping to the public DNS servers.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#4
Options

Information

Helpful: 0

Views: 53

Replies: 3

Tags

VPN Network Connectivity
Related Articles
ER8411 - Stability issue when VPN L2TP to L2TP is activated?
603 0
L2TP LAN-LAN VPN in "Route" Working Mode
244 0
 ER8411 L2TP VPN Issues
1037 0
VPN lan to lan not ping
1611 0
 ER8411 VPN throughput in Wireguard & l2TP
1337 0
VPN LAN-LAN and LAN-USER at same time
487 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.