Hello,
We own a CRS125-24G-1S-2HnD-IN cloud router switch. We have configured IPsec VPN. Our issue is that somehow some specific IPsec identities keep getting disabled without user interaction. We reenable them but after a couple of days, the same identity is disabled again. Can you please help us? Thank you.
Re: IPsec identities keep getting disabled
Can somebody help us ? Thank you.
Re: IPsec identities keep getting disabled
Hi,
Sorry I don't know what the problem might be, apart from that I don't think you shouldn't be attempting this in the first place.
The CPU isn't very powerful, has no ipsec hardware offload and when you overload it, the switching management functionality will likely suffer.
You could try wireguard (at least cpu usage will be less for same amount of VPN traffic).
Or maybe get a different product for the vpn.
The following all have IPSec hardware and all have more processing power than the switch.
They are somewhat in price and performance order.
(I would still use Wireguard rather than ipsec)
Note: HapAX3 has Level 6 license if that is useful.
Hex,
HapAC2
HapAX2
HapAX3
RB4011
RB5009
Sorry I don't know what the problem might be, apart from that I don't think you shouldn't be attempting this in the first place.
The CPU isn't very powerful, has no ipsec hardware offload and when you overload it, the switching management functionality will likely suffer.
You could try wireguard (at least cpu usage will be less for same amount of VPN traffic).
Or maybe get a different product for the vpn.
The following all have IPSec hardware and all have more processing power than the switch.
They are somewhat in price and performance order.
(I would still use Wireguard rather than ipsec)
Note: HapAX3 has Level 6 license if that is useful.
Hex,
HapAC2
HapAX2
HapAX3
RB4011
RB5009
Re: IPsec identities keep getting disabled
Hi,
I thought about it some more, perhaps the following might be useful.
I thought about it some more, perhaps the following might be useful.
- Make a backup, and export of your current config.
- Trawl through the export from 1, and make sure there are no dubious scripting entries (system scripts, system scheduler, perhaps dhcp/pppoe scripts) either unknown or (now) incorrect.
- Early versions of Ros7 had many many bugs, probably worth upgrading to something recent if not already.
- Perhaps some flash corruption/bad blocks, A netinstall apparently helps with this (maps out bad blocks)
** Ideally install new config from the export rather than from the backup, (take care, easy to lock yourself out) - Power supply issues can cause many problems, (but likely would be much more visible than just this)
Re: IPsec identities keep getting disabled
Thank you so much for your reply. I will follow the above steps and will inform you with the result. Thank you.Hi,
I thought about it some more, perhaps the following might be useful.
- Make a backup, and export of your current config.
- Trawl through the export from 1, and make sure there are no dubious scripting entries (system scripts, system scheduler, perhaps dhcp/pppoe scripts) either unknown or (now) incorrect.
- Early versions of Ros7 had many many bugs, probably worth upgrading to something recent if not already.
- Perhaps some flash corruption/bad blocks, A netinstall apparently helps with this (maps out bad blocks)
** Ideally install new config from the export rather than from the backup, (take care, easy to lock yourself out)- Power supply issues can cause many problems, (but likely would be much more visible than just this)