Central Manager (CMC) to Sensor VPN connection drops periodically

book

Article ID: 168630

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

A Central Management configuration where connections are going across VPN's can cause an issue where the MTU is too large.  A VPN over a VPN may require a reduced MTU value.  The MTU can be reduced to improve the connection quality.  This change is harmless and does not affect anything other than connectivity between the Central Manager and the sensor.  

Cause

Typical cause is a VPN created for CMC connection is over a VPN or WAN traffic that uses more space in the header of the packet than expected.

Environment

7.x

Resolution

On the sensor that is failing to connect, modify /etc/openvpn/client0.conf and change the value of "mssfix 1450" to "mssfix 1200". Then save the file and run "service solera-openvpn restart"  OR "dsvpn --restart" to restart the VPN service and use the changes made.

The sensor may appear disconnected for a bit but should reappear after a few minutes.  This is the first step to fixing any MTU / VPN issues and it can be done on the sensor alone without making changes to the Central Manager server.

 

If this does not resolve the issue please see TECH256770