Back to All Scenarios
PASSEDdatabase / vpn_down
Neo4j 5.18 Unreachable — VPN Tunnel Down on Fedora 40 Server
Neo4j 5.18 is unreachable because the site-to-site VPN tunnel providing connectivity has gone down.
Pattern
VPN_TUNNEL_DOWN
Severity
CRITICAL
Confidence
72%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | VPN_TUNNEL_DOWN | VPN_TUNNEL_DOWN | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | N/A | None | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
Fedora 40 Server. Neo4j 5.18 on remote site behind VPN. VPN tunnel down since 18 minutes ago. No alternative path. All remote services unreachable.
Injected Error Messages (1)
Neo4j 5.18 unreachable on Fedora 40 Server — vpn tunnel down, site-to-site vpn connection lost, tunnel keepalive failed, neo4j connection timeout, all remote connectivity lost
Neural Engine Root Cause Analysis
VPN tunnel failure detected — an IPSec, SSL, or WireGuard VPN tunnel has gone down, disrupting site-to-site connectivity or remote user access. This can be caused by expired IKE security associations, mismatched pre-shared keys, ISP-level issues blocking UDP 500/4500, or a keepalive timeout indicating the remote peer is unreachable.
Remediation Plan
1. Check VPN tunnel status on both ends — verify Phase 1 (IKE) and Phase 2 (IPSec) SA status.
2. For IKE failures, verify pre-shared keys or certificates match on both peers and check for IP address changes on dynamic endpoints.
3. For keepalive timeouts, verify the remote peer is online and reachable (check ISP connectivity).
4. Review firewall rules to ensure UDP 500, UDP 4500 (NAT-T), and ESP (IP protocol 50) are permitted.
5. If the tunnel was working previously, check for ISP or routing changes that may be blocking VPN traffic.
Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnwea904vylijg1o6i9m8d