VPN - frequent disconnects

dlondon
Contributor III

We have a Microsoft VPN server and people connect using L2TP

Some of our student residences connect to the wired network using the VPN. A couple of students who have Mac's have reported frequent dropouts (every 8 minutes for one). Whilst I have had disconnects they are usually variable enough that I put them down to my home wifi or all the other network pieces on the way back to the VPN server. Because these students are on our wired network it would seem like they have a more reliable connection.

At least one student is on Big Sur. Need to find out more about the other.

One of our Network Team has tried a Big Sur Macbook and was able to reproduce the behavior both over at the residence and back here on the main campus

Any suggestions on what might be causing the disconnects?

We are going to try some packet captures at both client and server to see if anything stands out but at this point we are just poking around

4 REPLIES 4

sdagley
Honored Contributor II

@dlondon Is the VPN connection dropping while the Mac is being actively used, or when it's idle? If the latter, the default Energy Saver (or Battery on macOS Big Sur) setting for a Mac connected to a power adapter is to put the machine to sleep when the screen turns off and that will cause the VPN connection to drop. You can disable that behavior by checking the "Prevent computer from sleeping automatically when the display is off" in the Energy Saver/Batter preferences panel.

dlondon
Contributor III

@sdagley at least for the Network Team Macbook, the machine is set to "Prevent computer from sleeping automatically when the display is off" and that is replicating the problem. I'll check with the students.

dlondon
Contributor III

Hi @user-EvCnJgCljg - Do you mean on the server to change Maximum Ports? We are actually using L2TP over IPsec as the VPN Type not IKEv2 so does that come into the picture?

dlondon
Contributor III

This is what we see on a machine where the VPN disconnects. It's from /var/log/ppp.log The first block below is the end of the connect sequence.

Tue May 25 11:31:43 2021 : lcp_reqci: returning CONFACK. Tue May 25 11:31:43 2021 : sent [LCP ConfAck id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x76ff7e86> <pcomp> <accomp> <endpoint 13 17 01 da e4 84 c0 e6 ff 42 70 a9 3e cb ff 0a 60 83 00 00 00 00 00>] Tue May 25 11:31:43 2021 : sent [LCP EchoReq id=0x0 magic=0x50899419] Tue May 25 11:31:43 2021 : rcvd [CHAP Challenge id=0x0 <451bc6b1b5ebffd40d6847fc6e8a12b9>, name = "IS-WIN-P1VPN"] Tue May 25 11:31:43 2021 : sent [CHAP Response id=0x0 <31701a062ab9ed9289092e068f58c22c0000000000000000ad9f66db741f7fb1bb6ba66453ea6b891aaffb7d470a529d00>, name = "00068802"] Tue May 25 11:31:43 2021 : rcvd [LCP EchoRep id=0x0 magic=0x76ff7e86] Tue May 25 11:31:46 2021 : sent [CHAP Response id=0x0 <31701a062ab9ed9289092e068f58c22c0000000000000000ad9f66db741f7fb1bb6ba66453ea6b891aaffb7d470a529d00>, name = "00068802"] Tue May 25 11:31:46 2021 : L2TP port-mapping for en6, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 0, Public Port: 0, TTL: 0. Tue May 25 11:31:46 2021 : L2TP port-mapping for en6 inconsistent. is Connected: 1, Previous interface: 17, Current interface 0 Tue May 25 11:31:49 2021 : sent [CHAP Response id=0x0 <31701a062ab9ed9289092e068f58c22c0000000000000000ad9f66db741f7fb1bb6ba66453ea6b891aaffb7d470a529d00>, name = "00068802"] Tue May 25 11:31:52 2021 : sent [CHAP Response id=0x0 <31701a062ab9ed9289092e068f58c22c0000000000000000ad9f66db741f7fb1bb6ba66453ea6b891aaffb7d470a529d00>, name = "00068802"] Tue May 25 11:31:55 2021 : sent [CHAP Response id=0x0 <31701a062ab9ed9289092e068f58c22c0000000000000000ad9f66db741f7fb1bb6ba66453ea6b891aaffb7d470a529d00>, name = "00068802"] Tue May 25 11:31:58 2021 : sent [CHAP Response id=0x0 <31701a062ab9ed9289092e068f58c22c0000000000000000ad9f66db741f7fb1bb6ba66453ea6b891aaffb7d470a529d00>, name = "00068802"] Tue May 25 11:32:01 2021 : sent [CHAP Response id=0x0 <31701a062ab9ed9289092e068f58c22c0000000000000000ad9f66db741f7fb1bb6ba66453ea6b891aaffb7d470a529d00>, name = "00068802"] Tue May 25 11:32:03 2021 : sent [LCP EchoReq id=0x1 magic=0x50899419] Tue May 25 11:32:03 2021 : rcvd [LCP EchoRep id=0x1 magic=0x76ff7e86] Tue May 25 11:32:04 2021 : sent [CHAP Response id=0x0 <31701a062ab9ed9289092e068f58c22c0000000000000000ad9f66db741f7fb1bb6ba66453ea6b891aaffb7d470a529d00>, name = "00068802"] Tue May 25 11:32:07 2021 : sent [CHAP Response id=0x0 <31701a062ab9ed9289092e068f58c22c0000000000000000ad9f66db741f7fb1bb6ba66453ea6b891aaffb7d470a529d00>, name = "00068802"] Tue May 25 11:32:07 2021 : rcvd [CHAP Success id=0x0 "S=5D3439BEF240F13265ED5ED5C0F48DC96F7FC945"] Tue May 25 11:32:07 2021 : sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>] Tue May 25 11:32:07 2021 : sent [IPV6CP ConfReq id=0x1 <addr fe80::3af9:d3ff:fedd:d8a8>] Tue May 25 11:32:07 2021 : rcvd [LCP ProtRej id=0x5 80 57 01 01 00 0e 01 0a 3a f9 d3 ff fe dd d8 a8] Tue May 25 11:32:07 2021 : rcvd [CCP ConfReq id=0x3 <mppe +H -M -S -L -D +C>] Tue May 25 11:32:07 2021 : Unsupported protocol 'Compression Control Protocol' (0x80fd) received Tue May 25 11:32:07 2021 : sent [LCP ProtRej id=0x2 80 fd 01 03 00 0a 12 06 01 00 00 01] Tue May 25 11:32:07 2021 : rcvd [IPCP ConfReq id=0x4 <addr 10.4.192.0>] Tue May 25 11:32:07 2021 : ipcp: returning Configure-ACK Tue May 25 11:32:07 2021 : sent [IPCP ConfAck id=0x4 <addr 10.4.192.0>] Tue May 25 11:32:07 2021 : rcvd [IPCP ConfNak id=0x1 <addr 10.4.192.50> <ms-dns1 130.95.61.171> <ms-dns3 130.95.61.172>] Tue May 25 11:32:07 2021 : sent [IPCP ConfReq id=0x2 <addr 10.4.192.50> <ms-dns1 130.95.61.171> <ms-dns3 130.95.61.172>] Tue May 25 11:32:07 2021 : rcvd [IPCP ConfAck id=0x2 <addr 10.4.192.50> <ms-dns1 130.95.61.171> <ms-dns3 130.95.61.172>] Tue May 25 11:32:07 2021 : ipcp: up Tue May 25 11:32:07 2021 : local IP address 10.4.192.50 Tue May 25 11:32:07 2021 : remote IP address 10.4.192.0 Tue May 25 11:32:07 2021 : primary DNS address 130.95.61.171 Tue May 25 11:32:07 2021 : secondary DNS address 130.95.61.172 Tue May 25 11:32:07 2021 : Received protocol dictionaries Tue May 25 11:32:07 2021 : l2tp_wait_input: Address added. previous interface setting (name: en6, address: 10.203.32.59), current interface setting (name: ppp0, family: PPP, address: 10.4.192.50, subnet: 255.255.254.0, destination: 10.4.192.0). Tue May 25 11:32:07 2021 : Committed PPP store on install command

The next block follows directly after the previous block and shows the MacBook detecting the loss of connection.

Tue May 25 12:35:04 2021 : no echo-reply, start ppp_auxiliary_probe! Tue May 25 12:35:04 2021 : ppp_ip_probe_send: starting Tue May 25 12:35:04 2021 : ppp_ip_probe_send: found goog-dns address Tue May 25 12:35:04 2021 : ppp_ip_probe_send: sent to goog-dns over scope 17 Tue May 25 12:35:04 2021 : ppp_ip_probe_send: found peer address Tue May 25 12:35:04 2021 : ppp_ip_probe_send: sent to peer over scope 17 Tue May 25 12:35:04 2021 : ppp_ip_probe_send: no alternate peer address Tue May 25 12:35:04 2021 : ppp_ip_probe_send: 2 probes sent Tue May 25 12:35:07 2021 : ppp_ip_probe_send: starting Tue May 25 12:35:07 2021 : ppp_ip_probe_send: found goog-dns address Tue May 25 12:35:07 2021 : ppp_ip_probe_send: sent to goog-dns over scope 17 Tue May 25 12:35:07 2021 : ppp_ip_probe_send: found peer address Tue May 25 12:35:07 2021 : ppp_ip_probe_send: sent to peer over scope 17 Tue May 25 12:35:07 2021 : ppp_ip_probe_send: no alternate peer address Tue May 25 12:35:07 2021 : ppp_ip_probe_send: 2 probes sent Tue May 25 12:39:24 2021 : No response to 15 echo-requests Tue May 25 12:39:24 2021 : Serial link appears to be disconnected. Tue May 25 12:39:24 2021 : ipcp: down Tue May 25 12:39:24 2021 : sent [LCP TermReq id=0x3 "Peer not responding"] Tue May 25 12:39:24 2021 : Connection terminated. Tue May 25 12:39:24 2021 : Connect time 67.7 minutes. Tue May 25 12:39:24 2021 : Sent 1109530 bytes, received 36801922 bytes. Tue May 25 12:39:24 2021 : L2TP disconnecting... Tue May 25 12:39:24 2021 : L2TP sent CDN Tue May 25 12:39:24 2021 : L2TP sent StopCCN Tue May 25 12:39:24 2021 : ppp_auxiliary_probe stopped Tue May 25 12:39:24 2021 : L2TP clearing port-mapping for en6 Tue May 25 12:39:24 2021 : L2TP disconnected

I was worried that the Network Admin's MacBook which this log came from could have been slightly messed up with the installation of Wireshark to do packet capturing. So, I wiped it and rebuilt it with Big Sur and then set up the VPN again. He did several attempts - the best he got was about 20 minutes before he was disconnected. Sometimes it was as little as 8 minutes and then a disconnect.

It's still puzzling that the M1 MacBook Air is not having these issues at all. It goes for many hours (well we wanted to go home). When I tested my M1 at home it can quite happily go 12 hours plus overnight.