HELP: Site-to-Site VPN Dropping Connection

I have two EdgeRouters connected via Site-to-Site VPN. The connection is great but it drops 1-2 times an hour and the downtime usually lasts 1-5 minutes. This doesn’t sound like a big deal but it is painful when personnel are using VoIP or transferring data. I have attached the logs from both sides when the connection drops as well as the config for both sides. Any input or recommendations would be greatly appreciated.

EdgeRouter PoE5

Firmware Release version: v1.8.5.4884695.160608.1057

Site A Log

Joe@ubnt:~$ sudo swanctl --log

06[IKE] sending address list update using MOBIKE

06[ENC] generating INFORMATIONAL request 0 [ N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]

06[NET] sending packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (124 bytes)

05[IKE] retransmit 1 of request with message ID 0

05[NET] sending packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (124 bytes)

14[IKE] retransmit 2 of request with message ID 0

14[NET] sending packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (124 bytes)

06[IKE] retransmit 3 of request with message ID 0

06[NET] sending packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (124 bytes)

06[IKE] retransmit 4 of request with message ID 0

06[NET] sending packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (124 bytes)

03[IKE] retransmit 5 of request with message ID 0

03[NET] sending packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (124 bytes)

15[NET] received packet: from 70.111.111.111[500] to 50.121.121.111[500] (304 bytes)

15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]

15[IKE] 70.111.111.111 is initiating an IKE_SA

15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]

15[NET] sending packet: from 50.121.121.111[500] to 70.111.111.111[500] (312 bytes)

05[NET] received packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (300 bytes)

05[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]

05[CFG] looking for peer configs matching 50.121.121.111[Location_SiteA]...70.111.111.111[Location_SiteB]

05[CFG] selected peer config 'peer-Location_SiteB-tunnel-1'

05[IKE] authentication of 'Location_SiteB' with pre-shared key successful

05[IKE] peer supports MOBIKE

05[IKE] authentication of 'Location_SiteA' (myself) with pre-shared key

05[IKE] IKE_SA peer-Location_SiteB-tunnel-1[387] established between 50.121.121.111[Location_SiteA]...70.111.111.111[Location_SiteB]

05[IKE] CHILD_SA peer-Location_SiteB-tunnel-1{301} established with SPIs c81cefac_i cee48a73_o and TS 172.16.0.0/17 === 172.16.214.0/24

05[ENC] generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]

05[NET] sending packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (284 bytes)

14[NET] received packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (380 bytes)

14[ENC] parsed CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ]

14[IKE] CHILD_SA peer-Location_SiteB-tunnel-2{302} established with SPIs c0e9b9b3_i cbe5e396_o and TS 172.16.150.0/24 === 172.16.214.0/24

14[ENC] generating CREATE_CHILD_SA response 2 [ SA No KE TSi TSr ]

14[NET] sending packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (348 bytes)

09[IKE] sending DPD request

Site B Log

Joe@VPN:~$ sudo swanctl --log

01[IKE] sending DPD request

01[ENC] generating INFORMATIONAL request 2 [ ]

01[NET] sending packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (76 bytes)

09[IKE] retransmit 1 of request with message ID 2

09[NET] sending packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (76 bytes)

06[IKE] retransmit 2 of request with message ID 2

06[NET] sending packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (76 bytes)

09[IKE] retransmit 3 of request with message ID 2

09[NET] sending packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (76 bytes)

01[IKE] retransmit 4 of request with message ID 2

01[NET] sending packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (76 bytes)

03[IKE] retransmit 5 of request with message ID 2

03[NET] sending packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (76 bytes)

01[IKE] giving up after 5 retransmits

01[IKE] restarting CHILD_SA peer-50.121.121.111-tunnel-1

01[IKE] initiating IKE_SA peer-50.121.121.111-tunnel-1[2] to 50.121.121.111

01[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]

01[NET] sending packet: from 70.111.111.111[500] to 50.121.121.111[500] (304 bytes)

04[NET] received packet: from 50.121.121.111[500] to 70.111.111.111[500] (312 bytes)

04[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]

04[IKE] authentication of 'Location_SiteB' (myself) with pre-shared key

04[IKE] establishing CHILD_SA peer-50.121.121.111-tunnel-1{1}

04[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]

04[NET] sending packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (300 bytes)

01[NET] received packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (284 bytes)

01[ENC] parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]

01[IKE] authentication of 'Location_SiteA' with pre-shared key successful

01[IKE] IKE_SA peer-50.121.121.111-tunnel-1[2] established between 70.111.111.111[Location_SiteB]...50.121.121.111[Location_SiteA]

01[IKE] scheduling reauthentication in 28180s

01[IKE] maximum IKE_SA lifetime 28720s

01[IKE] CHILD_SA peer-50.121.121.111-tunnel-1{1} established with SPIs cee48a73_i c81cefac_o and TS 172.16.214.0/24 === 172.16.0.0/17

01[IKE] peer supports MOBIKE

16[KNL] creating acquire job for policy 172.16.214.139/32[tcp/51794] === 172.16.150.13/32[tcp/http] with reqid {2}

07[IKE] establishing CHILD_SA peer-50.121.121.111-tunnel-2{2}

07[ENC] generating CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ]

07[NET] sending packet: from 70.111.111.111[4500] to 50.121.121.111[4500] (380 bytes)

14[NET] received packet: from 50.121.121.111[4500] to 70.111.111.111[4500] (348 bytes)

14[ENC] parsed CREATE_CHILD_SA response 2 [ SA No KE TSi TSr ]

14[IKE] CHILD_SA peer-50.121.121.111-tunnel-2{2} established with SPIs cbe5e396_i c0e9b9b3_o and TS 172.16.214.0/24 === 172.16.150.0/24

HELP: Site-to-Site VPN Dropping Connection

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112