MacBook L2TP connection disconnects constantly

mhilbush · November 2021

I’m having trouble with frequent disconnects when making an L2TP over IPSEC connection from a MacBook Pro. Here's some initial information about my environment:

- ZyWALL 110 running firmware 4.70 (AAAA.0)
- MacBook Pro running Monterey v12.0.1 (also happened on previous OS version)

Behavior
- MacBook successfully connects to the ZyWALL via L2TP over IPSEC. This works flawlessly.
- MacBook successfully can access the ZyWall web interface, as well as all assets on the remote network
- MacBook is disconnected after anywhere from 1 to 7 minutes (typically happens between 2 and 3 minutes, but I’ve seen it happen as short as 1 minute and as long as 7 minutes.

There was a time when this worked well, but there have been numerous releases of Mac OS and ZyWall firmware. I don't connect often from the MacBook, hence I can't pinpoint when it stopped working.

Note: Android clients are connecting successfully, and the connection is very stable over a long period of time (at least 1 hour)

mhilbush · November 2021

I see this in the Mac's ppp.log file. Not sure why it can't get the remote IP address...

Fri Nov 26 10:55:06 2021 : sent [IPCP ConfReq id=0x2 <addr 192.168.YYY.YYY> <ms-dns1 192.168.XXX.XXX> <ms-dns3 192.168.XXX.XXX>]

Fri Nov 26 10:55:06 2021 : rcvd [IPCP ConfReq id=0xc7]

Fri Nov 26 10:55:06 2021 : ipcp: returning Configure-ACK

Fri Nov 26 10:55:06 2021 : sent [IPCP ConfAck id=0xc7]

Fri Nov 26 10:55:06 2021 : rcvd [LCP ProtRej id=XXXXXXXXXXXX]

Fri Nov 26 10:55:06 2021 : rcvd [IPCP ConfAck id=0x2 <addr 192.168.YYY.YYY> <ms-dns1 192.168.XXX.XXX> <ms-dns3 192.168.XXX.XXX>]

Fri Nov 26 10:55:06 2021 : ipcp: up

Fri Nov 26 10:55:06 2021 : Could not determine remote IP address: defaulting to 10.64.64.64

Fri Nov 26 10:55:06 2021 : local IP address 192.168.XXX.XXX

Fri Nov 26 10:55:06 2021 : remote IP address 10.64.64.64

Fri Nov 26 10:55:06 2021 : primary DNS address 192.168.XXX.XXX

Fri Nov 26 10:55:06 2021 : secondary DNS address 192.168.XXX.XXX

Fri Nov 26 10:55:06 2021 : Received protocol dictionaries

Fri Nov 26 10:55:06 2021 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.YYY.YYY), current interface setting (name: ppp0, family: PPP, address: 192.168.ZZZ.ZZZ, subnet: 255.255.255.0, dest

ination: 10.64.64.64).

Fri Nov 26 10:55:06 2021 : Committed PPP store on install command

Fri Nov 26 10:55:09 2021 : L2TP port-mapping update for en0 ignored: VPN is the Primary interface. Public Address: 0, Protocol: None, Private Port: 0, Public Port: 0

Fri Nov 26 10:55:09 2021 : L2TP clearing port-mapping for en0

Fri Nov 26 11:00:43 2021 : no echo-reply, start ppp_auxiliary_probe!

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: starting

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: found goog-dns address

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: sent to goog-dns over scope 6

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: found peer address

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: sent to peer over scope 6

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: no alternate peer address

Fri Nov 26 11:00:43 2021 : ppp_ip_probe_send: 2 probes sent

Fri Nov 26 11:00:43 2021 : ppp_auxiliary_probe[0] response!

Fri Nov 26 11:00:43 2021 : ppp_auxiliary_probe[1] response!

Fri Nov 26 11:01:03 2021 : no echo-reply, despite successful ppp_auxiliary_probe!

Fri Nov 26 11:01:03 2021 : No response to 3 echo-requests

Fri Nov 26 11:01:03 2021 : Serial link appears to be disconnected.

Fri Nov 26 11:01:03 2021 : ipcp: down

Fri Nov 26 11:01:03 2021 : sent [LCP TermReq id=0x2 "Peer not responding"]

Fri Nov 26 11:01:03 2021 : Connection terminated.

Fri Nov 26 11:01:03 2021 : Connect time 6.1 minutes.

Fri Nov 26 11:01:03 2021 : Sent 905423 bytes, received 8395469 bytes.

Fri Nov 26 11:01:03 2021 : L2TP disconnecting...

Fri Nov 26 11:01:03 2021 : L2TP sent CDN

Fri Nov 26 11:01:03 2021 : L2TP sent StopCCN

Fri Nov 26 11:01:03 2021 : L2TP clearing port-mapping for en0

Fri Nov 26 11:01:03 2021 : L2TP disconnected

mhilbush · November 2021

I tried disabling Dead Peer Detection in the Phase 1 Settings on the ZyWall. After doing that, my connection has been stable for almost an hour.

Seems like this might be a workaround, but I don't know the implications of disabling DPD (other than the obvious fact that the ZyWall won't be able to detect dead peers). What I mean is that I don't know whether there are any significant side effects of disabling DPD.

mMontana · November 2021

Are you using an iPhone as router for your MacBook? The IP 10.64.64.64 seem a private A-Subnet IP address, so maybe... you're using a mobile provider?

mhilbush · November 2021

No. The MacBook is either connected to a WiFi network with Internet access, or sometimes through a WiFi hotspot on an Android phone.

The logs I posted above were from when the MacBook was connected to a WiFi network with Internet access (Comcast, in this case).

I actually was wondering where the MacBook was coming up with that 10.64.64.64 address.

Note: Connected for 1:20 since disabling DPD on the ZyWall.

mMontana · November 2021

The address might be part of the L2TP pool?

mhilbush · November 2021

The L2TP pool is a 192.168.13.* address.

I googled that error message, and it seems to be logged pretty frequently by the ppp daemon. Don't think it has anything to do with the Mac or ZyWall specifically.