MacBook L2TP connection disconnects constantly
I’m having trouble with frequent disconnects when making an L2TP over IPSEC connection from a MacBook Pro. Here's some initial information about my environment:
- ZyWALL 110 running firmware 4.70 (AAAA.0)
- MacBook Pro running Monterey v12.0.1 (also happened on previous OS version)
Behavior
- MacBook successfully connects to the ZyWALL via L2TP over IPSEC. This works flawlessly.
- MacBook successfully can access the ZyWall web interface, as well as all assets on the remote network
- MacBook is disconnected after anywhere from 1 to 7 minutes (typically happens between 2 and 3 minutes, but I’ve seen it happen as short as 1 minute and as long as 7 minutes.
There was a time when this worked well, but there have been numerous releases of Mac OS and ZyWall firmware. I don't connect often from the MacBook, hence I can't pinpoint when it stopped working.
Note: Android clients are connecting successfully, and the connection is very stable over a long period of time (at least 1 hour)
- ZyWALL 110 running firmware 4.70 (AAAA.0)
- MacBook Pro running Monterey v12.0.1 (also happened on previous OS version)
Behavior
- MacBook successfully connects to the ZyWALL via L2TP over IPSEC. This works flawlessly.
- MacBook successfully can access the ZyWall web interface, as well as all assets on the remote network
- MacBook is disconnected after anywhere from 1 to 7 minutes (typically happens between 2 and 3 minutes, but I’ve seen it happen as short as 1 minute and as long as 7 minutes.
There was a time when this worked well, but there have been numerous releases of Mac OS and ZyWall firmware. I don't connect often from the MacBook, hence I can't pinpoint when it stopped working.
Note: Android clients are connecting successfully, and the connection is very stable over a long period of time (at least 1 hour)
0
All Replies
-
I see this in the Mac's ppp.log file. Not sure why it can't get the remote IP address...Fri Nov 26 10:55:06 2021 : sent [IPCP ConfReq id=0x2 <addr 192.168.YYY.YYY> <ms-dns1 192.168.XXX.XXX> <ms-dns3 192.168.XXX.XXX>]Fri Nov 26 10:55:06 2021 : rcvd [IPCP ConfReq id=0xc7]Fri Nov 26 10:55:06 2021 : ipcp: returning Configure-ACKFri Nov 26 10:55:06 2021 : sent [IPCP ConfAck id=0xc7]Fri Nov 26 10:55:06 2021 : rcvd [LCP ProtRej id=XXXXXXXXXXXX]Fri Nov 26 10:55:06 2021 : rcvd [IPCP ConfAck id=0x2 <addr 192.168.YYY.YYY> <ms-dns1 192.168.XXX.XXX> <ms-dns3 192.168.XXX.XXX>]Fri Nov 26 10:55:06 2021 : ipcp: upFri Nov 26 10:55:06 2021 : Could not determine remote IP address: defaulting to 10.64.64.64Fri Nov 26 10:55:06 2021 : local IP address 192.168.XXX.XXXFri Nov 26 10:55:06 2021 : remote IP address 10.64.64.64Fri Nov 26 10:55:06 2021 : primary DNS address 192.168.XXX.XXXFri Nov 26 10:55:06 2021 : secondary DNS address 192.168.XXX.XXXFri Nov 26 10:55:06 2021 : Received protocol dictionariesFri Nov 26 10:55:06 2021 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.YYY.YYY), current interface setting (name: ppp0, family: PPP, address: 192.168.ZZZ.ZZZ, subnet: 255.255.255.0, destination: 10.64.64.64).Fri Nov 26 10:55:06 2021 : Committed PPP store on install commandFri Nov 26 10:55:09 2021 : L2TP port-mapping update for en0 ignored: VPN is the Primary interface. Public Address: 0, Protocol: None, Private Port: 0, Public Port: 0Fri Nov 26 10:55:09 2021 : L2TP clearing port-mapping for en0Fri Nov 26 11:00:43 2021 : no echo-reply, start ppp_auxiliary_probe!Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: startingFri Nov 26 11:00:43 2021 : ppp_ip_probe_send: found goog-dns addressFri Nov 26 11:00:43 2021 : ppp_ip_probe_send: sent to goog-dns over scope 6Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: found peer addressFri Nov 26 11:00:43 2021 : ppp_ip_probe_send: sent to peer over scope 6Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: no alternate peer addressFri Nov 26 11:00:43 2021 : ppp_ip_probe_send: 2 probes sentFri Nov 26 11:00:43 2021 : ppp_auxiliary_probe[0] response!Fri Nov 26 11:00:43 2021 : ppp_auxiliary_probe[1] response!Fri Nov 26 11:01:03 2021 : no echo-reply, despite successful ppp_auxiliary_probe!Fri Nov 26 11:01:03 2021 : No response to 3 echo-requestsFri Nov 26 11:01:03 2021 : Serial link appears to be disconnected.Fri Nov 26 11:01:03 2021 : ipcp: downFri Nov 26 11:01:03 2021 : sent [LCP TermReq id=0x2 "Peer not responding"]Fri Nov 26 11:01:03 2021 : Connection terminated.Fri Nov 26 11:01:03 2021 : Connect time 6.1 minutes.Fri Nov 26 11:01:03 2021 : Sent 905423 bytes, received 8395469 bytes.Fri Nov 26 11:01:03 2021 : L2TP disconnecting...Fri Nov 26 11:01:03 2021 : L2TP sent CDNFri Nov 26 11:01:03 2021 : L2TP sent StopCCNFri Nov 26 11:01:03 2021 : L2TP clearing port-mapping for en0Fri Nov 26 11:01:03 2021 : L2TP disconnected0
-
I tried disabling Dead Peer Detection in the Phase 1 Settings on the ZyWall. After doing that, my connection has been stable for almost an hour.
Seems like this might be a workaround, but I don't know the implications of disabling DPD (other than the obvious fact that the ZyWall won't be able to detect dead peers). What I mean is that I don't know whether there are any significant side effects of disabling DPD.
0 -
Are you using an iPhone as router for your MacBook? The IP 10.64.64.64 seem a private A-Subnet IP address, so maybe... you're using a mobile provider?
0 -
No. The MacBook is either connected to a WiFi network with Internet access, or sometimes through a WiFi hotspot on an Android phone.
The logs I posted above were from when the MacBook was connected to a WiFi network with Internet access (Comcast, in this case).
I actually was wondering where the MacBook was coming up with that 10.64.64.64 address.
Note: Connected for 1:20 since disabling DPD on the ZyWall.
0 -
The address might be part of the L2TP pool?
0 -
The L2TP pool is a 192.168.13.* address.
I googled that error message, and it seems to be logged pretty frequently by the ppp daemon. Don't think it has anything to do with the Mac or ZyWall specifically.
0 -
Do you forward all the traffic through L2TP connection?0
-
Yes, network config on Mac is set to send all traffic through VPN
0 -
Hi @mhilbush,We'd like to use our MacBook to your ZyWALL 110 and check the symptom.Please send the web GUI access of ZyWALL 110 and login credentials to me in private message. Thanks!0
-
Oh, darn. Posting credentials in an online forum (even as a PM) is a big no-no for me.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight