L2TP VPN disconnects on Android Phone in 2mins
ZyWALL 110 V4.33(AAAA.0)ITS-WK30-r89425
I'm sure this used to be stable the setup is fine the VPN connects and traffic goes down the VPN but only for 2mins then it disconnects.
Edit I'm back with bad news
So I rolled back the firmware...which was painful to do.
tried
4.33(AAAA.0)
then
V4.30(AAAA.0)
then!
V4.25(AAAA.1)C0
and ONLY then was the VPN stable, but this firmware has the MAC not set on reboot bug so maybe thats the reason?
I got
425AAAA1ITS-WK33-2017-08-24-170800167
to test which I think has the MAC problem fixed and if the VPN works stable on them.
Edit2
Tested 425AAAA1ITS-WK33-2017-08-24-170800167 that has the set interface MAC on reboot bug fixed and the VPN is stable so the problem happened between.
425AAAA1ITS-WK33-2017-08-24-170800167
and
V4.30(AAAA.0)
Comments
-
Hi PeterUK just a suggestion if you are using L2TP over IPSEC for these mobile devices to stop is logging out .
for L2TP that we use for our clients is to set the l2tp-over-ipsec keepalive timer to the maximum of 180 secs.
Router> show l2tp-over-ipsec L2TP over IPSec: activate : yes crypto : vpn_connection_testremote_l2tp address pool : test_remote_vpn_l2tp_subpool authentication : default certificate : default user : test_local_vpn_users keepalive timer : 180 first dns server : 10.236.119.1 second dns server : first wins server : second wins server:
as you probably know but for the benefit of others, simply set it via the cli as:
Router> configure terminal Router(config)# l2tp-over-ipsec keepalive-timer 180 Router(config)# exit
worth a try mate.
HTH
Warwick
Hong Kong
0 -
Thanks for the suggestion I changed the keepalive timer in the GUI to 180 but it did not help.
0 -
HI Pete, ah ok .. worth a try ..?
w
0 -
If anything a lower value would make it stable so tried 30 but same thing it disconnects around 2mins.
My Android Phone has version 7 with security patch level 5 December 2017.
0 -
Well things got worse I try a VPN on windows 10 all is fine on 425AAAA1ITS-WK33-2017-08-24-170800167 go to 4.33(AAAA.0) disconnects in 2mins!
0 -
Ok not sure if this is a bug or not but I had in User/Group.
vpn1 with
lease time to 2mins
and reauthentication time to 1440mins
If I change lease time to 1440mins same as reauthentication it will stay up past 2mins
if I change lease time to 2mins and reauthentication to 1min it only stays up for 1min
So should the reauthentication extend the lease time when the device is connected?
I'm going to do some tests with how V4.25(AAAA.1)ITS-WK33-2017-08-24-170800167 handles lease time and reauthentication but even then it might have a bug because its lease time is 2mins and reauthentication time is 1440mins which makes no sense.
edit
Ok so going by the help file reauthentication is how long the user can stay logged in for before needing to reconnect and lease time is the time the device has to renew the current session to stay connected? So that would mean there is a bug in the V4.33 that the device renews in 2mins but ZyWALL disconnects the device instead?
0 -
Hi @PeterUK
The one with a smaller value will be disconnected first in L2TP scenario.
In L2TP scenario, either timer will force the L2TP VPN disconnect when it expires. It will depend on which timer expires firstly. However, in web authentication scenario, both timers will have different purpose
Web authentication:
Lease time: It will disconnect the users, however, users can renew the timer by themselves.
Reauth timer: It will force to logout users when the timer expires.
0 -
"Lease time: It will disconnect the users, however, users can renew the timer by themselves."
Yes in SSL VPN with it set to 2mins it renews fine but with L2TP VPN it disconnects when set to 2mins with V4.33(AAAA.0)ITS-WK30-r89425 yet with 425AAAA1ITS-WK33-2017-08-24-170800167 it renews fine when set to 2mins.
0 -
Hi @PeterUK
Thanks for the information. I did the test on V4.33WK30 and V4.25WK33 to compare the behavior difference between both version.
The V4.33 is correct. In V4.25, no matter what value you set on lease time, it will auto renew every 30 seconds.
0 -
so its a bug in V4.33 for L2TP VPN?
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight