Page 1 of 1

EOIP tunnels - one auto recovers, one won't

Posted: Wed Oct 09, 2019 7:56 pm
by NotAnITGuy
I have EOIP tunnels set up between 3 remote locations using LTE Cellular as the WAN provider. Currently we have tunnels between sites A and B and between B and C.

Everything seems to run fine for a random period of time, then the Tunnels drop, like Site B loses WAN connectivity or there is a quick drop in power at the site, Tunnel A-B auto recovers pretty quickly but tunnel B-C doesn't auto recover.

We have tried reloading the default config and rebuilding the firewall rules and tunnels on both A and C routerboards, but I am hesitant to attempt that at Site B since it is a 2 hour drive out to the site.

I can't see anything different in the set-up of the two tunnels on B other than the src, dst addressing and the Tunnel ID's, the rest appears to be the same. Is there anything that I can look at that would help explain why one tunnel will recover but the second one stays down. (both sites continue to have WAN connections and both ends of the tunnel will show TX traffic but no RX.

Rebooting Both B and C ends has brought the tunnel back to life, rebooting site C alone doesn't, just waiting for the next failure to see if rebooting site B alone will bring it back up.

Edit: When Site B has a hiccup and the WAN drops, tunnel A-B recovers but B-C won't recover, rebooting HAP AC Lite B brings the tunnel back to life.

Re: EOIP tunnels - one auto recovers, one won't

Posted: Wed Oct 09, 2019 10:08 pm
by Zacharias
What does the log say ? Any info there ?
Is the EoIP tunnel over a VPN ?

Re: EOIP tunnels - one auto recovers, one won't

Posted: Wed Oct 09, 2019 10:58 pm
by NotAnITGuy
When Lose the Wan connection at site B

The log shows the Wan going down and ETH1 dropping killing the Tunnels
Then when modem recovers WAN connection the Tunnels both attempt to initiate new phase 1, Tunnel A-B successfully comes up and Tunnel B-C negotiation fails due to time up, and it repeats this cycle.

Until the RouterOS is rebooted

I see a few failed attempts due to send error on both Tunnels, but as soon as the routerOS brings up all the interface's the ISAKMP-SA established shows up for both tunnels and they both say "tunnel name" link up.

We are using Off the Shelf Cellular LTE modems with IP pass through Enabled for the WAN connections, no other special setup other than the EOIP tunnels to create a Multi site LAN.

At some point I may need to get an assist on Loop issues and OSPF routing as we expand but while I am still learning the ropes I just need to make sure both tunnels we have now will self recover when there is a hiccup.