Oracle Cloud Infrastructure Documentation

VPN Connect Troubleshooting

This topic covers troubleshooting techniques for an IPSec VPN that has issues.

Some of the troubleshooting techniques assume that you are a network engineer with access to your CPE device's configuration.

General Issues

IPSec tunnel is DOWN
IPSec tunnel is UP, but no traffic is passing through
IPSec tunnel is UP, but traffic is passing in only one direction

For an IPSec VPN with a Policy-Based Configuration

IPSec tunnel is DOWN
IPSec tunnel is UP but keeps flapping
IPSec tunnel is UP but traffic is unsteady

BGP Session Troubleshooting

BGP status is DOWN
BGP status is flapping
BGP status is UP, but no traffic is passing through
BGP status is UP, but traffic is passing in only one direction

Redundant Connections

Keep in mind these important notes:

  • FastConnect uses BGP dynamic routing. IPSec connections can use either static routing or BGP, or combination.
  • For important details about routing and preferred routes when using redundant connections, see Routing Preferences When You Have Redundant Connections.
  • You can use two IPSec connections for redundancy. If both IPSec connections have only a default route (0.0.0.0/0) configured, traffic will route to either of those connections because Oracle uses asymmetric routing. If you want one IPSec connection as primary and another one as backup, configure more-specific routes for the primary connection and less-specific routes (or the default route of 0.0.0.0/0) on the backup connection.
IPSec and FastConnect are both set up, but traffic is only passing through IPSec
Two on-premises data centers each have an IPSec connection to Oracle, but only one is passing traffic