.titleBar { margin-bottom: 5px!important; }

[Frage] Maximum of 2 site2site VPN's

Dieses Thema im Forum "Freetz" wurde erstellt von frater, 6 März 2018.

Schlagworte:
  1. frater

    frater Mitglied

    Registriert seit:
    23 Nov. 2008
    Beiträge:
    397
    Zustimmungen:
    0
    Punkte für Erfolge:
    16
    Only recently I started to use the AVM VPN.

    On 1 location I created 2 VPN links to other Fritzboxes.
    After adding a 3rd VPN and succesfully linking it to a 3rd Fritzbox I noticed that the link to the 2nd one was gone.

    After I re-entered the credentials for the 2nd one that link was re-established but the 3rd one was broken.

    Is this to be expected?
    Never read anything about those kind of limitations.

    Does this mean I need to switch to OpenVPN?
     
  2. PeterPawn

    PeterPawn IPPF-Urgestein

    Registriert seit:
    10 Mai 2006
    Beiträge:
    10,921
    Zustimmungen:
    512
    Punkte für Erfolge:
    113
    Beruf:
    IT-Freelancer
    Ort:
    Berlin
    No, the AVM VPN can smoothly manage more than two connections ... if the sum of active connections (do not confuse this with an "established" connection) is somehow limited, I don't know the number, because I myself switch such connections to "active" and back to "inactive" on the fly as needed. My maximum of parallel established and (heavily) used connections was five at a time - my upstream and the processor power of the box had set the limits.

    The overall count of defined (but usually inactive) connections in my edge-routers is above 20 (per device) ... but I do not use the GUI based assistant/editor to manage them. As long as you use different "name" values for each connection, importing will not override any other entry - no matter, which IP address segments are used. As long as only a single connection for the same IP address segment is active, everything works fine.

    Maybe the count depends on the used model (my edge routers are a 7490, a 6490 and a 7580) ... but I don't believe this really. And as far as I recall, there were no problems with a 7390 in the past, too.

    I would diagnose (or better "guess"), that your problem with the second and third connection comes from a "settings clash" - this would answer the question too, why the first connection isn't involved here. You should provide the detailed settings (best from an export file or support data) with the lowest possible "masquerading" of real values - in most cases it will point us to your error (if any).
     
  3. frater

    frater Mitglied

    Registriert seit:
    23 Nov. 2008
    Beiträge:
    397
    Zustimmungen:
    0
    Punkte für Erfolge:
    16
    #3 frater, 6 März 2018
    Zuletzt bearbeitet: 6 März 2018
    Thanks for your info...
    I wanted to take some screenshot and other info only to find out that all 3 VPN's were up.
    I'm going to add another one this week ;-)

    They are all 7490's

    The 3 satellite sites need to connect to another 7490.
    The central 7490 is not even the default gateway so I added static routes in the server and its DHCP-server (option 121). All that is working for months with 2 satellites. Merely added a 3rd which I thought I could configure in 2 minutes.

    upload_2018-3-6_23-19-21.png
     
  4. frater

    frater Mitglied

    Registriert seit:
    23 Nov. 2008
    Beiträge:
    397
    Zustimmungen:
    0
    Punkte für Erfolge:
    16
    I currently have 4 site-2-site VPN's connected to 1 7490 and these are up 99.9% of the time.
    The VPN's are constantly monitored by the Zabbix Agent on the 7490's. These check every minute if they can ping the other side.

    When a site is down it's sufficient to disable/enable the VPN on the "satellite" to bring it up again.
    I just wanted to give this info here for those that are considering to use it and to downplay my own initial post.