Soon after initial setup VPN connection is not stable between CMC and Sensor

book

Article ID: 176305

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

The VPN connection gets reset and connects multiple times a minute. 

Cause

NTP server is not setup properly on CMC or Sensor.  Commands and results should be as follows: 

Command: 

# ntpq -p

Good Result: 

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+xx.xx.xx.xx   xx.xx.xx.xx      5 u   34   64  377    2.869    3.409   2.459
*xx.xx.xx.xx   xx.xx.xx.xx      5 u   11   64  377   20.309    1.110   0.380

Incorrect Result: 

# ntpq -p
x.x.x.x         XX            16 u    - 1024    0    0.000    0.000   0.00
x.x.x.x         XX            16 u    - 1024    0    0.000    0.000   0.00


​Command:

# ps -ef | grep ntp

Good Result:

ntp        651     1  0 15:04 ?        00:00:00 /usr/sbin/ntpd -u ntp:ntp -g -I eth0
root     13997 13646  0 15:22 pts/0    00:00:00 grep --color=auto ntp

Incorrect Result:

root     13997 13646  0 15:22 pts/0    00:00:00 grep --color=auto ntp

(usr/sbin/ntpd process is not running)

Resolution

Situation 1: NTP service is not configured properly: When the ntpq -p command returns 0's instead of values, then the NTP service is not communicating with the NTP server.  Please validate that the NTP settings are correct in the Console (Settings > Date / Time).  It may help if the CMC and Sensor are on the same VLAN so that they can utilize the same NTP server.

 

Situation 2: NTP service is not running.  Execute one of the following commands to restart the service. 

sudo service ntp restart
sudo systemctl restart ntp

 

If this does not resolve the issue please see TECH245297