In my case it would resolve the problem. The Problem is on the Remote-Side where we have the VPN-Server installed, it is behind an existing Barracuda Firewall. When we clear here the UDP Session on the Barracuda-Firewall the connection works immediately.
The Problem is, that the session does not expires because the client always sends the handshake, but the response back doesn’t get received (probably because of a session-id issue).
Currently we have resolved it with a temporary script what runs every X minutes via crontab:
#!/bin/bash
# Packets Loss Watch
# Simple SHELL script for Linux and UNIX system monitoring with
# ping command
#
# Copyright (c) 2006 nixCraft project <http://www.cyberciti.biz/fb/>
# Copyleft 2013 Stephen Larroque
# This script is licensed under GNU GPL version 2.0 or above
#
# This script was inspired by a nixCraft script http://www.cyberciti.biz/tips/simple-linux-and-unix-system-monitoring-with-ping-command-and-scripts.html
#
# For more complex needs, take a look at:
# - SmokePing: http://oss.oetiker.ch/smokeping/
# - DropWatch: http://humblec.com/dropwatch-to-see-where-the-packets-are-dropped-in-kernel-stack/
# - sjitter: http://www.nicolargo.com/dev/sjitter/
# - iperf: http://iperf.fr/
# -------------------------------------------------------------------------
#=== PARAMETERS change them here
# add ip / hostname separated by while space
HOSTS="192.168.50.70"
# no ping request
COUNT=8
#=== Local vars (do not change them)
# Cron-friendly: Automaticaly change directory to the current one
cd $(dirname "$0")
# Current script filename
SCRIPTNAME=$(basename "$0")
# Current date and time
today=$(date '+%Y-%m-%d')
currtime=$(date '+%H:%M:%S')
#=== Help message
if [[ "$@" =~ "--help" ]]; then
echo "Usage: bash $SCRIPTNAME
Check the rate of packets loss and output the result in a file named plwatch.txt in the same directory as this script.
Note: this script is cron-friendly, so you can add it to a cron job to regularly check your packets loss.
"
exit
fi
#=== Main script
for myHost in $HOSTS
do
msg=$(ping -c $COUNT $myHost | grep 'loss')
echo "[$today $currtime] ($myHost $COUNT) $msg" >> /root/plwatch.txt
count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
if [ $count -eq 0 ]; then
# 100% failed
echo "Host : $myHost is down (ping failed) at $(date)"
echo "[$today $currtime] ($myHost $COUNT) Host is down, restart gl_s2s tunnel" >> /root/plwatch.txt
/etc/init.d/gl_s2s restart
echo "gl_s2s tunnel restarted"
ubus call mqtt pub '{"api":"/user/data", "data":"gl_s2s tunnel restarted"}'
else
echo "tunnel is up - succedded $count pings - so do not do anything"
fi
done