MacBook L2TP connection disconnects constantly

I’m having trouble with frequent disconnects when making an L2TP over IPSEC connection from a MacBook Pro. Here's some initial information about my environment:

- ZyWALL 110 running firmware 4.70 (AAAA.0)
- MacBook Pro running Monterey v12.0.1 (also happened on previous OS version)

Behavior
- MacBook successfully connects to the ZyWALL via L2TP over IPSEC. This works flawlessly.
- MacBook successfully can access the ZyWall web interface, as well as all assets on the remote network
- MacBook is disconnected after anywhere from 1 to 7 minutes (typically happens between 2 and 3 minutes, but I’ve seen it happen as short as 1 minute and as long as 7 minutes.

There was a time when this worked well, but there have been numerous releases of Mac OS and ZyWall firmware. I don't connect often from the MacBook, hence I can't pinpoint when it stopped working.

Note: Android clients are connecting successfully, and the connection is very stable over a long period of time (at least 1 hour)

«1

All Replies

  • I see this in the Mac's ppp.log file. Not sure why it can't get the remote IP address...

    Fri Nov 26 10:55:06 2021 : sent [IPCP ConfReq id=0x2 <addr 192.168.YYY.YYY> <ms-dns1 192.168.XXX.XXX> <ms-dns3 192.168.XXX.XXX>]
    Fri Nov 26 10:55:06 2021 : rcvd [IPCP ConfReq id=0xc7]
    Fri Nov 26 10:55:06 2021 : ipcp: returning Configure-ACK
    Fri Nov 26 10:55:06 2021 : sent [IPCP ConfAck id=0xc7]
    Fri Nov 26 10:55:06 2021 : rcvd [LCP ProtRej id=XXXXXXXXXXXX]
    Fri Nov 26 10:55:06 2021 : rcvd [IPCP ConfAck id=0x2 <addr 192.168.YYY.YYY> <ms-dns1 192.168.XXX.XXX> <ms-dns3 192.168.XXX.XXX>]
    Fri Nov 26 10:55:06 2021 : ipcp: up
    Fri Nov 26 10:55:06 2021 : Could not determine remote IP address: defaulting to 10.64.64.64
    Fri Nov 26 10:55:06 2021 : local  IP address 192.168.XXX.XXX
    Fri Nov 26 10:55:06 2021 : remote IP address 10.64.64.64
    Fri Nov 26 10:55:06 2021 : primary   DNS address 192.168.XXX.XXX
    Fri Nov 26 10:55:06 2021 : secondary DNS address 192.168.XXX.XXX
    Fri Nov 26 10:55:06 2021 : Received protocol dictionaries
    Fri Nov 26 10:55:06 2021 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.YYY.YYY), current interface setting (name: ppp0, family: PPP, address: 192.168.ZZZ.ZZZ, subnet: 255.255.255.0, dest
    ination: 10.64.64.64).
    Fri Nov 26 10:55:06 2021 : Committed PPP store on install command
    Fri Nov 26 10:55:09 2021 : L2TP port-mapping update for en0 ignored: VPN is the Primary interface. Public Address: 0, Protocol: None, Private Port: 0, Public Port: 0
    Fri Nov 26 10:55:09 2021 : L2TP clearing port-mapping for en0
    Fri Nov 26 11:00:43 2021 : no echo-reply, start ppp_auxiliary_probe!
    Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: starting
    Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: found goog-dns address
    Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: sent to goog-dns over scope 6
    Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: found peer address
    Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: sent to peer over scope 6
    Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: no alternate peer address
    Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: 2 probes sent
    Fri Nov 26 11:00:43 2021 : ppp_auxiliary_probe[0] response!
    Fri Nov 26 11:00:43 2021 : ppp_auxiliary_probe[1] response!
    Fri Nov 26 11:01:03 2021 : no echo-reply, despite successful ppp_auxiliary_probe!
    Fri Nov 26 11:01:03 2021 : No response to 3 echo-requests
    Fri Nov 26 11:01:03 2021 : Serial link appears to be disconnected.
    Fri Nov 26 11:01:03 2021 : ipcp: down
    Fri Nov 26 11:01:03 2021 : sent [LCP TermReq id=0x2 "Peer not responding"]
    Fri Nov 26 11:01:03 2021 : Connection terminated.
    Fri Nov 26 11:01:03 2021 : Connect time 6.1 minutes.
    Fri Nov 26 11:01:03 2021 : Sent 905423 bytes, received 8395469 bytes.
    Fri Nov 26 11:01:03 2021 : L2TP disconnecting...
    Fri Nov 26 11:01:03 2021 : L2TP sent CDN
    Fri Nov 26 11:01:03 2021 : L2TP sent StopCCN
    Fri Nov 26 11:01:03 2021 : L2TP clearing port-mapping for en0
    Fri Nov 26 11:01:03 2021 : L2TP disconnected

  • I tried disabling Dead Peer Detection in the Phase 1 Settings on the ZyWall. After doing that, my connection has been stable for almost an hour.

    Seems like this might be a workaround, but I don't know the implications of disabling DPD (other than the obvious fact that the ZyWall won't be able to detect dead peers). What I mean is that I don't know whether there are any significant side effects of disabling DPD.

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Are you using an iPhone as router for your MacBook? The IP 10.64.64.64 seem a private A-Subnet IP address, so maybe... you're using a mobile provider?
  • No. The MacBook is either connected to a WiFi network with Internet access, or sometimes through a WiFi hotspot on an Android phone.

    The logs I posted above were from when the MacBook was connected to a WiFi network with Internet access (Comcast, in this case).

    I actually was wondering where the MacBook was coming up with that 10.64.64.64 address.

    Note: Connected for 1:20 since disabling DPD on the ZyWall.

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    The address might be part of the L2TP pool?
  • mhilbush
    mhilbush Posts: 10
    edited November 2021
    The L2TP pool is a 192.168.13.* address.

    I googled that error message, and it seems to be logged pretty frequently by the ppp daemon. Don't think it has anything to do with the Mac or ZyWall specifically.

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Do you forward all the traffic through L2TP connection?
  • Yes, network config on Mac is set to send all traffic through VPN

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    We'd like to use our MacBook to your ZyWALL 110 and check the symptom.
    Please send the web GUI access of ZyWALL 110 and login credentials to me in private message. Thanks!
  • Oh, darn. Posting credentials in an online forum (even as a PM) is a big no-no for me.

Security Highlight