L2TP VPN get disconnected after few minutes with [COOKIE] Invalid cookie, no sa found

Hawaii
Hawaii Posts: 2  Freshman Member
First Comment
edited April 2021 in Security
Hi,

I've just setup an USG 110 and its L2TP VPN Server-Client role and am trying it.

It works well until the connection from my Mac gets disconnected with the following message in the logs of the USG : [COOKIE] Invalid cookie, no sa found [count = 2]


I've haven't tried with a Windows client yet. Anyone encountered this ?

Note : using VPN SSL it seems to work fine.

Thanks for your hints.

Edit 1 : have just tried on a Windows client for longer than my mac and it doesn't get disconnected, so there must be something on Apple devices.

Comments

  • lalaland
    lalaland Posts: 90  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary
    Just curious about 09:06:50 Peer not reachable. Is this log generated by MAC L2TP client connection?


  • Hawaii
    Hawaii Posts: 2  Freshman Member
    First Comment
    lalaland said:
    Just curious about 09:06:50 Peer not reachable. Is this log generated by MAC L2TP client connection?


    Yes, those logs are Mac client only.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    @Hawaii,
    I am unable to reproduce it on local lab with MAC os, please sent me your configuration file by private message.
  • warwickt
    warwickt Posts: 111  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    Hi Hawaii, 

    the key message that is the probable error in your log is at:

    21-04-02 09-06-50 Peer not reachable     ... (usually source:ipv4:500 dest_peer ipv4:4500 )??

    .... as a result of the previous [NOTIFY:R_U_THERE] ... request of the VPN peer 

    Would suggest you disable the Dead Peer Detection (DPD) on the VPN Gateway B) .

    DPD is somewhat ye-olde-teck perhaps   :s  and is set by default.. good however for multiple WANs... 

    Refer here in these forums as someone else seems to have this issue.. follow the directions...:

    https://businessforum.zyxel.com/discussion/1297/connection-lost-when-sending-big-files#latest

    This should give you the stability you're looking for.

    hth

    warwick
    Hong Kong 




Security Highlight