Difference between revisions of "Hosted Core VPN Trouble-shooting"

From YateBTS
Jump to: navigation, search
(Created page with "This page describes how to diagnose and correct problems related to the VPN connection between YateBTS products (LabKit, SatSite) and the [https://yatebts.com/products/hosted_...")
 
(Signs of VPN Problems)
Line 16: Line 16:
 
** "S1-MME SCTP link DOWN"
 
** "S1-MME SCTP link DOWN"
 
* [[Basestation Monitoring with Zabbix|Zabbix monitoring]] for the product shows the trigger "S1AP Link Down"
 
* [[Basestation Monitoring with Zabbix|Zabbix monitoring]] for the product shows the trigger "S1AP Link Down"
 +
* Some older or cheaper handsets work, but newer, more complex handsets cannot connect to the network.
  
 
If you can ping 8.8.8.8 but cannot ping 100.127.0.1 or 100.127.128.1, you definitely have a VPN problem.
 
If you can ping 8.8.8.8 but cannot ping 100.127.0.1 or 100.127.128.1, you definitely have a VPN problem.

Revision as of 14:35, 12 December 2018

This page describes how to diagnose and correct problems related to the VPN connection between YateBTS products (LabKit, SatSite) and the Hosted Core.

The VPN

YateBTS products connect to the Hosted Core through a VPN, using OpenVPN.

In the VPN:

  • The Hosted Core YateUCN server has IP addresses 100.127.0.1 and 100.127.128.1.
  • The product IP address is in the range 100.127.0.x or 100.127.128.x.

The two parts of the product IP address range use different MTU sizes.

Signs of VPN Problems

A bad VPN connection will produce these symptoms:

  • phones see the network in and shows it in the network list, but cannot connect to it
  • log shows messages at the WARN level about lost S1 connections
    • "S1-MME SCTP link DOWN"
  • Zabbix monitoring for the product shows the trigger "S1AP Link Down"
  • Some older or cheaper handsets work, but newer, more complex handsets cannot connect to the network.

If you can ping 8.8.8.8 but cannot ping 100.127.0.1 or 100.127.128.1, you definitely have a VPN problem.

If you cannot ping 8.8.8.8, you have a more general problem with your IP connection that must be resolved first.

Causes of VPN Problems

These are the common causes of VPN problems:

  • Slow DHCP service. The VPN tries to start before the network interface has been configured by the local DHCP server.
  • Failed DNS. Some older products may require DNS to access the VPN.
  • Firewalls. An IP firewall between the product and the HC is breaking your VPN.
    • This may be a local corporate firewall, or a government firewall (China, India, for example).
    • Some firewall problems are intermittent, where the VPN is allowed to start, but
      • gets terminated after a certain time , or
      • gets terminated if bandwidth exceeds a certain limit.
  • Poor IP connectivity. If the underlying IP connection is poor or intermitent, the VPN connection will be even worse.