Periodic connection drop over L2TP/IPSec connection

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
Arin
Posts: 3
Joined: Mon Sep 18, 2017 1:28 am

Periodic connection drop over L2TP/IPSec connection

Post by Arin » Mon Sep 18, 2017 2:34 am

Hi, I am new to SoftEther VPN, and while the server is working, I am experiencing a problem.

So far I have set up a server with L2TP/IPSec (and only that) at home, on a Windows 10 machine behind a router with NAT enabled. Encryption was set to AES256-SHA. I have configured the router with appropriate port-forwarding (500, 1701, 4500) with L2TP-passthrough option enabled, and tested the connection is working gracefully (received correct IP from DHCP server, can ping, can file-transfer, can etc., etc...). The server is running in standalone mode with a NIC bridged, and the options are mostly unchanged from the default ones (turned off serverside keepalive and DDNS, I don't need them. Also turned off packet header logging to save up spaces and resource usage.).

At this point I was satisfied, but then when I woke up in the next morning, I found that the connection has dropped. I first thought there may had been some problems in ISP or something, and just re-connected. Then, after about 8 hours, I again found the connection had mysteriously dropped again. Curious, I checked the client's event log (Windows 10, connecting via Windows native UI/VPN client function).

I was able to deduce that for some yet unknown reason to me the connection would drop in exactly 7 hours 37 minutes (to be more specific, between 7:37:46~7:37:48) after it was established, regardless of any activities during that period. The error code returned was 829 (so that I first thought there had been a problem with ISP). Before using SoftEther my old (broken) router supported embedded PPTP server and it had no connection drop problem.

A forum search resulted in somebody with very similar problem with me (http://www.vpnusers.com/viewtopic.php?f=15&t=6307) but with no answer to this date.

My network topology is simple:
[Win10/SoftEther VPN Server, 192.168.1.x]====[Home router]====[Client, with public IP]
[Other computers of family members]====|

My goal is to have a stable and (semi-)permanent VPN connection that does not require my manual intervention once it is set up. I may just configure a task scheduler to execute reconnect after event 829, but I have found that this too was unreliable in some cases. Will changing the protocol to other type (such as OpenVPN or SSTP) help with this issue? Or is there some configuration that I might have missed? I really have no idea why this is happening.

Thank you in advance.

Summary:
1. The connection (L2TP/IPSec) itself is working fine.
2. The connection would drop automatically in 7 hours 37 minutes. <-Issue.
3. Is there any workarounds or solutions to this problem?
4. Is there a reason for this behavior? I am quite new to this field.

P.S.
Attaching excerpted serverside logs just in case someone needs them. All private information has been masked (or at least I tried to.)
Connection is dropped after reauthentication attempt is made.
You do not have the required permissions to view the files attached to this post.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Periodic connection drop over L2TP/IPSec connection

Post by thisjun » Tue Oct 17, 2017 5:36 am

When IKE SA key expired, it seems key re-exchange failed.

2017-09-17 22:49:46.398 IPsec IKE Session (IKE SA) 6 (Client: 11) (<Client IP>:500 -> <Server Internal IP>:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x0000000000000000, Responder Cookie: 0x0000000000000000, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-1, Cipher Algorithm: 3DES-CBC, Cipher Key Size: 192 bits, Lifetime: 4294967295 Kbytes or 28800 seconds

What client do you use?

Arin
Posts: 3
Joined: Mon Sep 18, 2017 1:28 am

Re: Periodic connection drop over L2TP/IPSec connection

Post by Arin » Wed Mar 14, 2018 5:48 pm

Sorry for the late reply; I thought my post would not get answered after I waited for 3 weeks.

In anyway, I used Windows 10's native client - the one accessible by network setting. However, since the posting I migrated over to MS-SSTP, which initially required more hassle to set up properly (certificates -_-), but it maintains the connection far better (almost no drops).

Could it have been due to Windows 10's native VPN client's problem? Unfortunately, installing a separate VPN client software is not desirable in this situation.

Thank you for your reply.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Periodic connection drop over L2TP/IPSec connection

Post by thisjun » Thu Mar 29, 2018 4:46 am

I have never connect so long time.
I don't know about the Win10 native client problem.

Post Reply