I am experiencing an odd set of circumstances. I have an L2TP/IPSEC that I use for Site-To-Site connections, general windows VPN, as well as mobile VPN connections. I have absolutely no issues when it comes to the windows VPN or the Site-To-Site connections. They establish and everything works correctly.
Site-To-Site connections (non-restricted) are on the 172.16.0.0/24 subnet
Site-To-Site connections (restricted) are on the 172.48.0.0/24 subnet
Windows VPN connections fall within 172.32.0.10 - 172.32.0.50
Mobile VPN connections fall within 172.32.0.51 - 172.32.0.100
The mobile VPN connection will establish and connect to the system. Then all of my VPN functionalities will work perfectly for 15-45 seconds. Then all of the sudden nothing will load. The connection remains established/connected. And since it is a gateway connection all functionality on the phone is lost. If I disconnect the VPN and reconnect, same thing, I will have 15-45 seconds of successful ability to use anything I would normally be able to use before the connection drops again.
Any thoughts you have would be appreciated. Thanks!
Re: L2TP/IPSEC on mobile drops connection
Did you check the log on your router for any errors ?
-
-
JordanReich
Frequent Visitor
- Posts: 91
- Joined:
Re: L2TP/IPSEC on mobile drops connection
Sounds real familiar to this ...
viewtopic.php?f=2&t=153955
But I cannot confirm that it is the same. In terms of logging do you have a recommendation on how to isolate logging for one individual device?
The standard logging is passing details from multiple site locations at once. Nearly impossible to dig through all the traffic to pick out the bits associated with this one device. Before it clears the screen.
Update: Upon checking the issue appears to be very similar. When connecting on the mobile device the interface is shown on the interface list. For about 15-35 seconds before the interface drops off of the list which is the exact same time I loose connectivity on the phone. Even though the phone still says connected and it is no longer listed as an active connection under PPP. But under the IPsec policies I can see the PH2 state as established for the destination address the phone is coming from and listed as a remote peer.
viewtopic.php?f=2&t=153955
But I cannot confirm that it is the same. In terms of logging do you have a recommendation on how to isolate logging for one individual device?
The standard logging is passing details from multiple site locations at once. Nearly impossible to dig through all the traffic to pick out the bits associated with this one device. Before it clears the screen.
Update: Upon checking the issue appears to be very similar. When connecting on the mobile device the interface is shown on the interface list. For about 15-35 seconds before the interface drops off of the list which is the exact same time I loose connectivity on the phone. Even though the phone still says connected and it is no longer listed as an active connection under PPP. But under the IPsec policies I can see the PH2 state as established for the destination address the phone is coming from and listed as a remote peer.
Re: L2TP/IPSEC on mobile drops connection
It's not nearly impossible, it's absolutely impossible. The way isNearly impossible to dig through all the traffic to pick out the bits associated with this one device. Before it clears the screen.
/log print follow-only file=ipsec-l2tp-log where topics~"ipsec|l2tp"
Now switch the VPN on the mobile, wait until the connection succeeds and drops, break the /log print command, download the file, and use a text editor to search for the client IP address. And yes, it's a PITA to read it if several clients are connected as it's full of keepalive messages.
-
-
JordanReich
Frequent Visitor
- Posts: 91
- Joined:
Re: L2TP/IPSEC on mobile drops connection
That was highly helpful - thank you!
With that logging I would say we are looking at the same issue.
As a side note this is also an Android phone. Running 10 on a Pixel 3.
Code: Select all
# nov/18/2019 14:33:51 by RouterOS 6.44.5
# software id = 1SBQ-KUIK
#
14:33:55 ipsec,info respond new phase 1 (Identity Protection): REMOVED-PRIVATE[500]<=>REMOVED-PRIVATE[16186]
14:33:55 ipsec,info ISAKMP-SA established REMOVED-PRIVATE[4500]-REMOVED-PRIVATE[54294] spi:ab0fc199b48d074b:4e952075cdf09c15
14:33:57 l2tp,info first L2TP UDP packet received from REMOVED-PRIVATE
14:33:57 l2tp,ppp,info,account admin_bypass logged in, 172.32.0.100
14:33:57 l2tp,ppp,info <l2tp-admin_bypass-1>: authenticated
14:33:57 l2tp,ppp,info <l2tp-admin_bypass-1>: connected
14:35:09 l2tp,ppp,info <l2tp-admin_bypass>: terminating... - hungup
14:35:09 l2tp,ppp,info,account admin_bypass logged out, 84 13986 62438 69 350
14:35:09 l2tp,ppp,info <l2tp-admin_bypass>: disconnected
14:35:21 l2tp,ppp,info <l2tp-admin_bypass-1>: terminating... - hungup
14:35:21 l2tp,ppp,info,account admin_bypass logged out, 84 579775 13370106 7052 11270
14:35:21 l2tp,ppp,info <l2tp-admin_bypass-1>: disconnectedAs a side note this is also an Android phone. Running 10 on a Pixel 3.
-
-
JordanReich
Frequent Visitor
- Posts: 91
- Joined:
Re: L2TP/IPSEC on mobile drops connection [SOLVED]
For the record please follow this issue here:
viewtopic.php?f=2&t=153955&p=761562#p761562
I will mark this as the correct answer for this post.
viewtopic.php?f=2&t=153955&p=761562#p761562
I will mark this as the correct answer for this post.
Re: L2TP/IPSEC on mobile drops connection
Am i the only one that cant see what the solution was ?
Re: L2TP/IPSEC on mobile drops connection
There is no solution yet, and still a long way is ahead. Stay tuned there but it's a bit like traditional Japanese theatre so far.
Who is online
Users browsing this forum: megabytenet and 181 guests