NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

BGy's avatar
BGy
Tutor
Nov 28, 2016

IPSec VPN Connection lost

My client is a Netgear Prosafe VPN Client Lite 6.4 (Windows 10 Prof x64) and I connect to a FVS336Gv3 firewall in the office.I can connect usually without any problem, I can open a Windows Remote Desktop and work on my PC in the office and I can ping any PC in the office LAN. After an non regular interval (abour one hour) the VPN Client loses the contact. When it happens the VPN Client Lite plays a little beep, it shows that I'm still connected, but RDP freeze and ping of remote LAN no longer works. When this happens I can't notice any failure in internet connection. After it I close the tunnel and re-connect, but I can't. If I issue a "Reset IKE"

  • sometimes I can reconnect and I can continue my work,
  • sometimes although connection established I can see DPD_R_U_THERE_ACK messages in console, but I can't access the remote LAN (neither ping nor RDP)
  • sometimes I can't reconnect, phase 1 fails.

I saved the console output, see below. The connection established at 09:29 it worked up to 10:24.

 

 

20161126 09:29:23:030 [VPNCONF] TGBIKE_STOPPED received
20161126 09:29:27:656 Reading configuration...
20161126 09:29:27:670 IKEv1 configuration detected
20161126 09:29:27:670 No IKEv2 configuration
20161126 09:29:27:671 No SSL configuration
20161126 09:29:27:754 [VPNCONF] TGBIKE_STARTED received
20161126 09:29:35:014 Default (SA CTC-ctc-P2) is opening.
20161126 09:29:36:060 Default (SA CTC-P1) SEND phase 1 Main Mode  [SA] [VID] [VID] [VID] [VID] [VID]
20161126 09:29:36:172 Default (SA CTC-P1) RECV phase 1 Main Mode  [SA] [VID] [VID] [VID]
20161126 09:29:36:178 Default (SA CTC-P1) SEND phase 1 Main Mode  [KEY_EXCH] [NONCE] [NAT_D] [NAT_D]
20161126 09:29:36:399 Default (SA CTC-P1) RECV phase 1 Main Mode  [KEY_EXCH] [NONCE] [NAT_D] [NAT_D] [VID]
20161126 09:29:36:402 Default (SA CTC-P1) SEND phase 1 Main Mode  [HASH] [ID] [NOTIFY]
20161126 09:29:36:625 Default (SA CTC-P1) RECV phase 1 Main Mode  [HASH] [ID]
20161126 09:29:36:625 Default phase 1 done: initiator id local.com, responder id xxxxxxxxxx.dnsalias.com
20161126 09:29:36:626 Default (SA CTC-P1) renewal in 3103 seconds (10:21:19)
20161126 09:29:36:628 Default (SA CTC-ctc-P2) SEND phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20161126 09:29:36:642 Default (SA CTC-P1) RECV Transaction Mode  [HASH] [ATTRIBUTE]
20161126 09:29:36:643 Default (SA CTC-P1) SEND Transaction Mode  [HASH] [ATTRIBUTE]
20161126 09:29:36:660 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY]
20161126 09:29:37:002 Default (SA CTC-ctc-P2) RECV phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20161126 09:29:37:002 Default (SA CTC-ctc-P2) SEND phase 2 Quick Mode  [HASH]
20161126 09:29:37:004 Default (SA CTC-ctc-P2) renewal in 1125 seconds (09:48:22)
20161126 09:29:37:006 Default [VirtualItf] ConfigureVirtualItf: Physical IP Address specified in configuration for CTC-P1.

20161126 09:29:37:052 Default (SA CTC-ctc-P2) [VirtualItf] Virtual Interface properly configured for instance 1 and ItfIndex 23.
20161126 09:30:06:062 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 09:30:06:107 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 09:30:36:119 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 09:30:36:156 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 09:31:06:169 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 09:31:06:211 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK

...


20161126 09:47:07:812 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 09:47:07:850 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 09:47:37:859 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 09:47:37:901 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 09:48:07:916 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 09:48:07:954 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 09:48:22:961 Default (SA CTC-ctc-P2) SEND phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20161126 09:48:23:171 Default (SA CTC-ctc-P2) RECV phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20161126 09:48:23:171 Default (SA CTC-ctc-P2) SEND phase 2 Quick Mode  [HASH]
20161126 09:48:23:172 Default (SA CTC-ctc-P2) renewal in 1069 seconds (10:06:12)
20161126 09:48:23:174 Default (SA CTC-ctc-P2) [VirtualItf] Virtual Interface properly reused for instance 1 (CTC-ctc-P2).
20161126 09:48:37:181 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 09:48:37:221 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 09:49:07:234 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 09:49:07:274 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 09:49:37:289 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 09:49:37:328 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK

...

20161126 10:05:38:961 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:05:39:002 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:06:09:013 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:06:09:053 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:06:12:055 Default (SA CTC-ctc-P2) SEND phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20161126 10:06:12:258 Default (SA CTC-ctc-P2) RECV phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20161126 10:06:12:258 Default (SA CTC-ctc-P2) SEND phase 2 Quick Mode  [HASH]
20161126 10:06:12:259 Default (SA CTC-ctc-P2) renewal in 1108 seconds (10:24:40)
20161126 10:06:39:271 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:06:39:311 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:07:09:321 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:07:09:358 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:07:39:369 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:07:39:407 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK

...

20161126 10:20:10:681 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:20:10:719 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:20:40:739 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:20:40:782 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:21:10:801 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:21:10:840 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:21:19:883 Default (SA CTC-P1) SEND phase 1 Main Mode  [SA] [VID] [VID] [VID] [VID] [VID]
20161126 10:21:19:999 Default (SA CTC-P1) RECV phase 1 Main Mode  [SA] [VID] [VID] [VID]
20161126 10:21:20:009 Default (SA CTC-P1) SEND phase 1 Main Mode  [KEY_EXCH] [NONCE] [NAT_D] [NAT_D]
20161126 10:21:20:234 Default (SA CTC-P1) RECV phase 1 Main Mode  [KEY_EXCH] [NONCE] [NAT_D] [NAT_D] [VID]
20161126 10:21:20:244 Default (SA CTC-P1) SEND phase 1 Main Mode  [HASH] [ID]
20161126 10:21:20:446 Default (SA CTC-P1) RECV phase 1 Main Mode  [HASH] [ID]
20161126 10:21:20:446 Default phase 1 done: initiator id local.com, responder id xxxxxxxxxx.dnsalias.com
20161126 10:21:20:447 Default (SA CTC-P1) renewal in 3355 seconds (11:17:15)
20161126 10:21:20:465 Default (SA CTC-P1) RECV Transaction Mode  [HASH] [ATTRIBUTE]
20161126 10:21:20:466 Default (SA CTC-P1) SEND Transaction Mode  [HASH] [ATTRIBUTE]
20161126 10:21:49:483 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:21:49:523 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:22:19:541 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:22:19:580 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:22:49:594 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:22:49:633 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:23:19:642 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:23:19:684 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:23:49:692 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:23:49:732 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:24:19:741 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:24:19:790 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:24:40:805 Default (SA CTC-ctc-P2) SEND phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20161126 10:24:41:031 Default (SA CTC-ctc-P2) RECV phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20161126 10:24:41:031 Default (SA CTC-ctc-P2) SEND phase 2 Quick Mode  [HASH]
20161126 10:24:41:032 Default (SA CTC-ctc-P2) renewal in 1112 seconds (10:43:13)
20161126 10:24:41:074 Default [VirtualItf] ConfigureVirtualItf: Physical IP Address specified in configuration for CTC-P1.

20161126 10:24:42:113 Default (SA CTC-ctc-P2) [VirtualItf] Virtual Interface properly configured for instance 2 and ItfIndex 9.
20161126 10:24:49:116 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:24:49:153 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:25:05:207 Default (SA CTC-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20161126 10:25:05:207 Default (SA CTC-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20161126 10:25:09:321 Default (SA CTC-P1) SEND Informational  [HASH] [DELETE]
20161126 10:25:09:322 Default <CTC-ctc-P2> deleted
20161126 10:25:09:351 Default [VirtualItf] Virtual Interface properly deconfigured for instance 2 and ItfIndex 9.
20161126 10:25:09:352 Default (SA CTC-P1) SEND Informational  [HASH] [DELETE]
20161126 10:25:09:353 Default <CTC-P1> deleted

 

Any ideas would be greatly appreciated. Thanks, Gyula

 

 

 

Troubleshooting

12 Replies

  • Dan_Z's avatar
    Dan_Z
    NETGEAR Expert
    Nov 29, 2016

    Hi,

    Welcome to the community!

    Please make sure the Netgear Prosafe VPN Client Lite and FVS336Gv3 is lastest version (VPN Lite v6.40.004,FVS336Gv3 4.3.4-2).
    You may download lastest version from netgear download center.

    IPSec VPN connection lost may be due to network reasons,so suggest check the network.

     

    Thanks.

    • BGy's avatar
      BGy
      Tutor
      Dec 02, 2016

      Hi Dan_Z,

       

      I use latest versions as you listed. Previously I used L2TP/Ipsec and I found it's very stable, my connection survived the whole working day, but it's throughput is poor.

      Because the planned higher number of VPN users we'd like to use IPsec VPN which offer higher throughput.

      With FVS336Gv3 we got one license of VPN Client, currently I make tests with it, but before I recommend to management buying licenses for other employees, I should find a sollution to make it stable.

      Would you give me an advice, how to catch network problem you mentioned or how to get a detailed info about the problem?

       

      BR

       

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More