NAT Errors

MW_WISP · October 12, 2015, 7:18am

I've the following errors on some SM working in NAT mode, in this case (probably) the errors have been caused by an IPSEC VPN.

10/12/2015 : 07:00:55 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 07:00:56 UTC : :Delete Public Entry Protocol 17 Failed

I've also noticed that the radio lose the session from the AP, without a valid reason, when these errors appears.

Chitrang · October 12, 2015, 8:08am

Hi, Can you please try with 13.4.1 beta release or 13.4 official release, we added a few more debug prints to debug root cause. Thanks,

MW_WISP · October 12, 2015, 1:37pm

Hi Chitrang,

This is the error log with release 13.4 (I cannot use BETA on production environment)

10/12/2015 : 12:48:37 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:48:38 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23353 Failed
10/12/2015 : 12:48:38 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:48:38 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:48:38 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23352 Failed
10/12/2015 : 12:48:38 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:48:38 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:48:38 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23351 Failed
10/12/2015 : 12:48:38 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:48:38 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:48:38 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23350 Failed
10/12/2015 : 12:48:38 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:48:38 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:48:38 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23349 Failed
10/12/2015 : 12:48:38 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:48:38 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:48:38 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23348 Failed
10/12/2015 : 12:48:38 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:48:38 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:50:37 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23722 Failed
10/12/2015 : 12:50:37 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:50:37 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:51:37 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23798 Failed
10/12/2015 : 12:51:37 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:51:37 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:51:37 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23797 Failed
10/12/2015 : 12:51:37 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:51:37 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:51:37 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23795 Failed
10/12/2015 : 12:51:37 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:51:37 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:51:37 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23794 Failed
10/12/2015 : 12:51:37 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:51:37 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:51:37 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23793 Failed
10/12/2015 : 12:51:37 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:51:37 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:51:37 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23785 Failed
10/12/2015 : 12:51:37 UTC : :FailInsertHashCnts: 0 0
10/12/2015 : 12:51:37 UTC : :Delete Private Entry Protocol 17 Failed
10/12/2015 : 12:51:37 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3e4d394e FinalTransportID 23781 Failed
10/12/2015 : 12:51:37 UTC : :FailInsertHashCnts: 0 0

Chitrang · October 14, 2015, 5:48am

Thanks,

I will debug this but can you spare one SM which has this problem?, may be I will give you some test load to get more debug info on this.

MW_WISP · October 14, 2015, 9:35am

We have already replaced the SM of this customer for the same problem, when the previous radio come back to my office I'll be able to do some tests.

MW_WISP · October 16, 2015, 2:12pm

@Chitrang wrote:
Thanks,

I will debug this but can you spare one SM which has this problem?, may be I will give you some test load to get more debug info on this.

I've the radio, can you please tell me which tests I have to do?

Thanks

Chitrang · October 16, 2015, 2:18pm

Please load 13.4.1 open beta on SM and do the same test, VPN over NAT

MW_WISP · October 16, 2015, 2:36pm

Any VPN type? I've a PPTP server, can I use this protocol?

Chitrang · October 16, 2015, 2:41pm

Kindly do exact same test case which caused NAT errors in earlier versions.

MW_WISP · October 16, 2015, 4:29pm

Ok, I'll set up a L2TP/IPSEC server in the next days.

However, I've just tried generating some p2p traffic using μTorrent and some errors has been logged:

01/01/2011 : 08:43:12 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0xbfb6a80e FinalTransportID 18646 Failed
01/01/2011 : 08:43:12 UTC : :FailInsertHashCnts: 0 0
01/01/2011 : 08:43:12 UTC : :Delete Private Entry Protocol 17 Failed

I'm using CANOPY 13.4.1 (Build 6) SM-DES

Chitrang · October 16, 2015, 4:33pm

Thanks for confirming, So all your did have AP-SM in session and SM has NAT enabled , SM has internet access and you tried to download some torrent file using uTorrent , no vpn or anything in between , Right?

MW_WISP · October 16, 2015, 5:43pm

@Chitrang wrote:
Thanks for confirming, So all your did have AP-SM in session and SM has NAT enabled , SM has internet access and you tried to download some torrent file using uTorrent , no vpn or anything in between , Right?

Yep, exactly.

As shown by the logs, the error occurs using applications that are UDP-based (that's why I did a test with uTorrent).

After one hour of torrent transfers, another error has been logged

10/16/2015 : 17:32:43 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0xbfb6a80e FinalTransportID 18663 Failed
10/16/2015 : 17:32:43 UTC : :FailInsertHashCnts: 0 0
10/16/2015 : 17:32:43 UTC : :Delete Private Entry Protocol 17 Failed

Chitrang · October 16, 2015, 5:53pm

Thanks, We will try this test case in our lab.

Chitrang · November 2, 2015, 9:40am

We have identified the root cause. This will be fixed in next build. Thanks,

Chitrang · November 13, 2015, 1:28pm

Hi, This issue has been fixed in 13.4.1 build 9 open beta. https://support.cambiumnetworks.com/files/pmp100/beta Thanks,

MW_WISP · November 13, 2015, 1:32pm

@Chitrang wrote:
Hi, This issue has been fixed in 13.4.1 build 9 open beta. https://support.cambiumnetworks.com/files/pmp100/beta Thanks,

This build is only for PMP 100, PTP 100, PTP 230, and PMP 430, I've this issue only on PMP450 radios

Chitrang · November 13, 2015, 1:58pm

It’s fixed for PMP 450 as well, please try out.
Will update release notes.

MW_WISP · November 13, 2015, 2:30pm

However the beta file (13.4.1 Build 9) is not available in PMP450 section.

J_Mandziara · November 13, 2015, 2:37pm

@NW_WISP wrote:
However the beta file (13.4.1 Build 9) is not available in PMP450 section.

Hello,

14.1/14.1.1 is right around the corner. Please use the 14.1B14 Open Beta for your 450 and 450i radios.

https://support.cambiumnetworks.com/files/pmp450/beta

Best,

Cambium Jonathan

MW_WISP · November 16, 2015, 7:33am

Using CANOPY 14.1 (Build 14) SM-DES on PMP450 with some torrent traffic:

11/13/2015 : 16:06:40 UTC : :user=none; *System Log Cleared*;
11/15/2015 : 11:07:14 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3b350733 FinalTransportID 20940 Failed
11/15/2015 : 11:07:14 UTC : :FailInsertHashCnts: 0 0
11/15/2015 : 11:07:14 UTC : :Delete Private Entry Protocol 17 Failed
11/15/2015 : 11:32:14 UTC : :Delete Public Entry Protocol 17 IsIsakmp 1 RmtHostIP 0x3b350733 FinalTransportID 31195 Failed
11/15/2015 : 11:32:14 UTC : :FailInsertHashCnts: 0 0
11/15/2015 : 11:32:14 UTC : :Delete Private Entry Protocol 17 Failed