NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
PR60X Site to Site IPSEC Site to Site VPN frequently drops and will not restart automatically
I have two PR60X routers with an IPSEC Site to Site VPN set up. The WAN links are AT&T fiber. 2 Gig on one end and 500 Gig on the other. When the VPN is up, it works OK. Unfortunately it frequent...
I'm finally reporting back with my solution. It did take some time for the engineers to figure this one out.
I had two IPSec ports for Client to Site forwarded to my Synology NAS to do Client to Site VPN because there was not licensed needed for their VPN service. And that VPN did work as long as I was on the internal network, but it would never connect from the outside. Now I know that the Netgear PR60x firmware also needs these port for a reliable Site to Site VPN. Once I disabled those two port forwarding entries the Site to Site VPN was stable.
Then I still left with the need for a Client to Site VPN. the options for Client to Site VPN from Netgear at that time all needed a rather expensive, In My opinion, License.
Fortunately, shortly after we fixed the S2S VPN there was a firmware upgrade for the PR60x that included a VPN option from Wireguard, which is an open source no cost option.
Well the Wireguard solution was extreamly easy to setup and it is working very well for me. Thanks to the support tech for letting me know about it.
I am a happy network camper now.
Which firmware are your PR60X running? If it is not 2.4.x, please update to 2.4 firmware.
The 2.4 has IPsec DPD bug fix. In old firmware, if WAN port loses connection longer than DPD timeout, IPsec would stay disconnected even if DPD option is to restart.
If your routers are already running latest firmware, please open a help ticket with NETGEAR tech support, go to PR60X maintenance menu, enable SDM and let support agent know the SDM port number, engineering should be able to find out why IPsec tunnel stays broken.
My current firmware is 2.4.0.104
I will have to open a support ticket.
Thanks
Please also download logs from both sites, and provide it to support team so that we can analyze what was the cause of tunnel disconnection and why it stayed disconnected. Thanks!
Hello,
Once the support case has been opened, can you please send me a private message with the support case number and I can have someone reach out to assist.
Hello PaulKulessa
And welcome to the NETGEAR Community! 🙂
Looks like you were advised to open a support ticket on this thread. Make sure you have provided the ticket to MrJoshW so you could get help further with your issue. If this is an issue with our device it needs to be rectified.
Have a lovely day,
Erwin
Netgear TeamHi PaulKulessa
How's everything? We are looking forward for your update and hope you were able to get some support over the phone. Please keep us posted and let us know the progress in resolving your issue.
Have a lovely day,
Erwin
Netgear TeamI'm finally reporting back with my solution. It did take some time for the engineers to figure this one out.
I had two IPSec ports for Client to Site forwarded to my Synology NAS to do Client to Site VPN because there was not licensed needed for their VPN service. And that VPN did work as long as I was on the internal network, but it would never connect from the outside. Now I know that the Netgear PR60x firmware also needs these port for a reliable Site to Site VPN. Once I disabled those two port forwarding entries the Site to Site VPN was stable.
Then I still left with the need for a Client to Site VPN. the options for Client to Site VPN from Netgear at that time all needed a rather expensive, In My opinion, License.
Fortunately, shortly after we fixed the S2S VPN there was a firmware upgrade for the PR60x that included a VPN option from Wireguard, which is an open source no cost option.
Well the Wireguard solution was extreamly easy to setup and it is working very well for me. Thanks to the support tech for letting me know about it.
I am a happy network camper now.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
