Hosted Core VPN Trouble-shooting

From YateBTS
Revision as of 14:40, 12 December 2018 by Dburgess (Talk | contribs) (Causes of VPN Problems)

Jump to: navigation, search

This page describes how to diagnose and correct problems related to the VPN connection between YateBTS products (LabKit, SatSite) and the Hosted Core.


YateBTS products connect to the Hosted Core through a VPN, using OpenVPN.

In the VPN:

  • The Hosted Core YateUCN server has IP addresses and
  • The product IP address is in the range 100.127.0.x or 100.127.128.x.

The two parts of the product IP address range use different MTU sizes.

Signs of VPN Problems

A bad VPN connection will produce these symptoms:

  • phones see the network in and shows it in the network list, but cannot connect to it
  • log shows messages at the WARN level about lost S1 connections
    • "S1-MME SCTP link DOWN"
  • Zabbix monitoring for the product shows the trigger "S1AP Link Down"
  • Some older or cheaper handsets work, but newer, more complex handsets cannot connect to the network.

If you can ping but cannot ping or, you definitely have a VPN problem.

If you cannot ping, you have a more general problem with your IP connection that must be resolved first.

Causes of VPN Problems

These are the common causes of VPN problems:

  • Slow DHCP service. The VPN tries to start before the network interface has been configured by the local DHCP server.
  • Failed DNS. Some older products may require DNS to access the VPN.
  • Firewalls. An IP firewall between the product and the HC is breaking your VPN.
    • This may be a local corporate firewall, or a government firewall (China, India, for example).
    • Some firewall problems are intermittent, where the VPN is allowed to start, but
      • gets terminated after a certain time , or
      • gets terminated if bandwidth exceeds a certain limit.
  • Poor IP connectivity. If the underlying IP connection is poor or intermitent, the VPN connection will be even worse.
  • MTU problems. Somewhere between the product and the HC, the network has an smaller-than-expected MTU size and some network segment is failing to return the ICMP packets required for path MTU discovery.