Restarting IPSec VPN on Ubiquiti Edge Router

The Ubiquiti Edge Routers are powerful and affordable routers. The software they run is a modified version of Vyatta OS/VyOS to run on the Ubiquiti mips processors.

For those that have not heard of Vyatta or the forked version VyOS, take a quick peak here. The software was acquired by Brocade and later sold to ATT. ATT’s new 5G mobile networks will be using the newly acquired software to build and route the next generation wireless networks. So the Ubiquiti Edgerouter is in good company.

The Edgerouter adds a GUI on top of the otherwise command line only software, and while it offers plenty of power, you may find yourself needing to use the CLI to accomplish some tasks. The edgerouter is not an average consumer level product, it is designed for advanced users, like you.

That being said one of the most annoying attributes is that from time to time, if a IPSec tunnel goes down, or on startup, you may find that the Tunnel does not come up and you must manually connect it.

I have yet to find a good solution to this, but below are the common steps needed to re-establish a connection to an existing IPSec tunnel.

First login via SSH or the CLI in the gui.

Next check your status of the ipsec tunnels.

show vpn ipsec status
show vpn ipsec sa

If your cursor returns to a command prompt then you have not established any IPSec connections.

Next let’s clear the state of the IPSec tunnel so that the system will re-establish the connection.

clear vpn ipsec <connection-name>

Make sure to set the Dead Peer Detection (DPD) to an action of restart, and set the interval and timeout to your needs.

Unfortunately, while this should keep the connection open, it sometimes still fails to start on a reboot.

Hopefully this issue will be addressed in future firmwares, as Ubiquiti regularly updates firmware for devices.

If you know of a way to assure the tunnels start on boot reliably, drop a line.

One thought on “Restarting IPSec VPN on Ubiquiti Edge Router

  1. Pingback:Disabling IPSec on Ubiquiti Edgerouter devices | VOICE1 LLC

Comments are closed.