Overview
This article provides information on how to resolve Kerio VPN tunnel issues when establishing a connection.
Diagnosis
The following error shows in the VPN Debug logs:
[09/Oct/2019 10:29:31] {vpntunnel} Tunnel[0001]('VPN tunel z Ostravy') - UDP
packets not coming from the other side, VPN tunnel probably broken, disconnecting
[09/Oct/2019 10:29:31] {vpntunnel} Tunnel[0001]('VPN tunel z Ostravy') - SSL_free
ID:2
[09/Oct/2019 10:29:31] {vpncore} Refcount for IP address 10.235.254.1 decremented
to 1
[09/Oct/2019 10:29:31] {vpncore} oldapi: KVpnConnectionDelete(2) -> SUCCESS
[09/Oct/2019 10:29:31] {vpntunnel} Tunnel[0001]('VPN tunel z Ostravy') - connection
deleted in driver
[09/Oct/2019 10:29:31] {vpnippool} IP 10.235.254.3 freed
[09/Oct/2019 10:29:31] {vpntunnel} Tunnel[0001]('VPN tunel z Ostravy') - tunnel
deregistered
[09/Oct/2019 10:29:31] {vpncore} oldapi: KVpnGetVpnAdapterIndex() -> SUCCESS
[09/Oct/2019 10:29:31] {vpntunnel} Tunnel[0001]('VPN tunel z Ostravy') - flushing
ARP cache for adapter 0xC, IP 10.235.254.3
[09/Oct/2019 10:29:31] {vpntunnel} TUNNEL_STATUS_CHANGE 'VPN tunel z Ostravy'
- 0:0
[09/Oct/2019 10:29:31] {vpntunnel} Tunnel[0001]('VPN tunel z Ostravy') - tunnel
closed
[09/Oct/2019 10:29:36] {vpncore} UdpSocket: socket 0x15A closed
Root Cause
One of the remote parts has a problem with the fragmentation of IP-packets.
Workaround
-
Log in to Kerio Control Administration.
-
Manually set the MTU value (for WAN interface) for both ends to 1500:
Additional Information
VPN tunnel is broken when opening RDP-Client