L2TP VPN get disconnected after few minutes with [COOKIE] Invalid cookie, no sa found

Hawaii

Hi,

I've just setup an USG 110 and its L2TP VPN Server-Client role and am trying it.

It works well until the connection from my Mac gets disconnected with the following message in the logs of the USG : [COOKIE] Invalid cookie, no sa found [count = 2]


I've haven't tried with a Windows client yet. Anyone encountered this ?

Note : using VPN SSL it seems to work fine.

Thanks for your hints.

Edit 1 : have just tried on a Windows client for longer than my mac and it doesn't get disconnected, so there must be something on Apple devices.

lalaland

Just curious about 09:06:50 Peer not reachable. Is this log generated by MAC L2TP client connection?

Hawaii

lalaland said:

Just curious about 09:06:50 Peer not reachable. Is this log generated by MAC L2TP client connection?

Yes, those logs are Mac client only.

Zyxel_Cooldia

@Hawaii,
I am unable to reproduce it on local lab with MAC os, please sent me your configuration file by private message.

warwickt

Hi Hawaii, 

the key message that is the probable error in your log is at:

21-04-02 09-06-50 Peer not reachable     ... (usually source:ipv4:500 dest_peer ipv4:4500 )??

.... as a result of the previous [NOTIFY:R_U_THERE] ... request of the VPN peer 

Would suggest you disable the Dead Peer Detection (DPD) on the VPN Gateway .

DPD is somewhat ye-olde-teck perhaps    and is set by default.. good however for multiple WANs... 

Refer here in these forums as someone else seems to have this issue.. follow the directions...:

https://businessforum.zyxel.com/discussion/1297/connection-lost-when-sending-big-files#latest

This should give you the stability you're looking for.

hth

warwick
Hong Kong