User VPN connections on failover?

We run a small WISP and use the Peplink Balance 305 to bond 2 WAN lines for redundancy. We have several users that VPN (Cisco Anywhere Connect, Cisco Soft VPNs) to connect over our system to their home offices. When our primary line has issues, they go through constant disconnect / reconnects.

Does anyone know of a way to continue the VPN sessions over the failover without a disconnect or a way to reduce the occurrence of disconnects?

Any help is appreciated.

Just to confirm that you are bonding and not just load balancing, as the B305 by itself requires SpeedFusion License so that you can achieve bonding along with session persistence.

Pretty sure we are just load balancing. We are running the Peplink Balance 305 in Drop-in mode for our original link (cable) and have added another on WAN 2 (DSL) for capacity and for failover.

Hi,

VPN fail-over are considered for IPSEC Gateway devices (Networking) more that the IPSEC client (Software) unless the IPSEC client (Cisco Anywhere Connect, Cisco Soft VPNs) build in with propriety feature to gather the fail-over feature. If the IPSEC client doesn’t support such feature, it’s very difficult to using networking way to gather the client fail-over. For example, you may consider using hostname for the client to gateway VPN connection, but again this is not guarantee that the fail-over will happen without disconnection as the DNS cache issue for the client PC may cause DNS resolve issue when primary WAN down.

For your case, i would recommend to install a Surf Soho/Max device at the home office & let the device handle the VPN connection fail-over between the home office & the central site.

I suspected there was no good way to handle this issue. I think I will force my VPN users to my more dependable line and hope for the best. Appreciate the answers.

I know this is old, but any changes on this?

The Dynamic DNS option would be enough for our use-case, I can find plenty of dyndns services that set records with a sub-15 minute TTL.

The problem I have is that the Peplink has DynDNS settings for each WAN connection, but not one overall DynDNS setting that would reflect which of the WAN connections is currently up and running. Any clever workarounds there?

Clients are all windows using stock MS IPSEC client.

1 Like