MacBook L2TP connection disconnects constantly

mhilbush

I’m having trouble with frequent disconnects when making an L2TP over IPSEC connection from a MacBook Pro. Here's some initial information about my environment:

- ZyWALL 110 running firmware 4.70 (AAAA.0)
- MacBook Pro running Monterey v12.0.1 (also happened on previous OS version)

Behavior
- MacBook successfully connects to the ZyWALL via L2TP over IPSEC. This works flawlessly.
- MacBook successfully can access the ZyWall web interface, as well as all assets on the remote network
- MacBook is disconnected after anywhere from 1 to 7 minutes (typically happens between 2 and 3 minutes, but I’ve seen it happen as short as 1 minute and as long as 7 minutes.

There was a time when this worked well, but there have been numerous releases of Mac OS and ZyWall firmware. I don't connect often from the MacBook, hence I can't pinpoint when it stopped working.

Note: Android clients are connecting successfully, and the connection is very stable over a long period of time (at least 1 hour)

mhilbush

I see this in the Mac's ppp.log file. Not sure why it can't get the remote IP address...

Fri Nov 26 10:55:06 2021 : sent [IPCP ConfReq id=0x2 <addr 192.168.YYY.YYY> <ms-dns1 192.168.XXX.XXX> <ms-dns3 192.168.XXX.XXX>]

Fri Nov 26 10:55:06 2021 : rcvd [IPCP ConfReq id=0xc7]

Fri Nov 26 10:55:06 2021 : ipcp: returning Configure-ACK

Fri Nov 26 10:55:06 2021 : sent [IPCP ConfAck id=0xc7]

Fri Nov 26 10:55:06 2021 : rcvd [LCP ProtRej id=XXXXXXXXXXXX]

Fri Nov 26 10:55:06 2021 : rcvd [IPCP ConfAck id=0x2 <addr 192.168.YYY.YYY> <ms-dns1 192.168.XXX.XXX> <ms-dns3 192.168.XXX.XXX>]

Fri Nov 26 10:55:06 2021 : ipcp: up

Fri Nov 26 10:55:06 2021 : Could not determine remote IP address: defaulting to 10.64.64.64

Fri Nov 26 10:55:06 2021 : local  IP address 192.168.XXX.XXX

Fri Nov 26 10:55:06 2021 : remote IP address 10.64.64.64

Fri Nov 26 10:55:06 2021 : primary   DNS address 192.168.XXX.XXX

Fri Nov 26 10:55:06 2021 : secondary DNS address 192.168.XXX.XXX

Fri Nov 26 10:55:06 2021 : Received protocol dictionaries

Fri Nov 26 10:55:06 2021 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.YYY.YYY), current interface setting (name: ppp0, family: PPP, address: 192.168.ZZZ.ZZZ, subnet: 255.255.255.0, dest

ination: 10.64.64.64).

Fri Nov 26 10:55:06 2021 : Committed PPP store on install command

Fri Nov 26 10:55:09 2021 : L2TP port-mapping update for en0 ignored: VPN is the Primary interface. Public Address: 0, Protocol: None, Private Port: 0, Public Port: 0

Fri Nov 26 10:55:09 2021 : L2TP clearing port-mapping for en0

Fri Nov 26 11:00:43 2021 : no echo-reply, start ppp_auxiliary_probe!

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: starting

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: found goog-dns address

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: sent to goog-dns over scope 6

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: found peer address

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: sent to peer over scope 6

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: no alternate peer address

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: 2 probes sent

Fri Nov 26 11:00:43 2021 : ppp_auxiliary_probe[0] response!

Fri Nov 26 11:00:43 2021 : ppp_auxiliary_probe[1] response!

Fri Nov 26 11:01:03 2021 : no echo-reply, despite successful ppp_auxiliary_probe!

Fri Nov 26 11:01:03 2021 : No response to 3 echo-requests

Fri Nov 26 11:01:03 2021 : Serial link appears to be disconnected.

Fri Nov 26 11:01:03 2021 : ipcp: down

Fri Nov 26 11:01:03 2021 : sent [LCP TermReq id=0x2 "Peer not responding"]

Fri Nov 26 11:01:03 2021 : Connection terminated.

Fri Nov 26 11:01:03 2021 : Connect time 6.1 minutes.

Fri Nov 26 11:01:03 2021 : Sent 905423 bytes, received 8395469 bytes.

Fri Nov 26 11:01:03 2021 : L2TP disconnecting...

Fri Nov 26 11:01:03 2021 : L2TP sent CDN

Fri Nov 26 11:01:03 2021 : L2TP sent StopCCN

Fri Nov 26 11:01:03 2021 : L2TP clearing port-mapping for en0

Fri Nov 26 11:01:03 2021 : L2TP disconnected

mhilbush

I tried disabling Dead Peer Detection in the Phase 1 Settings on the ZyWall. After doing that, my connection has been stable for almost an hour.

Seems like this might be a workaround, but I don't know the implications of disabling DPD (other than the obvious fact that the ZyWall won't be able to detect dead peers). What I mean is that I don't know whether there are any significant side effects of disabling DPD.

mMontana

Are you using an iPhone as router for your MacBook? The IP 10.64.64.64 seem a private A-Subnet IP address, so maybe... you're using a mobile provider?

mhilbush

No. The MacBook is either connected to a WiFi network with Internet access, or sometimes through a WiFi hotspot on an Android phone.

The logs I posted above were from when the MacBook was connected to a WiFi network with Internet access (Comcast, in this case).

I actually was wondering where the MacBook was coming up with that 10.64.64.64 address.

Note: Connected for 1:20 since disabling DPD on the ZyWall.

mMontana

The address might be part of the L2TP pool?

mhilbush

The L2TP pool is a 192.168.13.* address.

I googled that error message, and it seems to be logged pretty frequently by the ppp daemon. Don't think it has anything to do with the Mac or ZyWall specifically.

mMontana

Do you forward all the traffic through L2TP connection?

mhilbush

Yes, network config on Mac is set to send all traffic through VPN

Zyxel_Emily

Hi @mhilbush,

We'd like to use our MacBook to your ZyWALL 110 and check the symptom.

Please send the web GUI access of ZyWALL 110 and login credentials to me in private message. Thanks!

mhilbush

Oh, darn. Posting credentials in an online forum (even as a PM) is a big no-no for me.