SoftEther+iOS+Linux Connects Once, Fails to Reconnect

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
sinkr
Posts: 3
Joined: Thu Feb 15, 2018 2:11 am

SoftEther+iOS+Linux Connects Once, Fails to Reconnect

Post by sinkr » Thu Feb 15, 2018 7:22 pm

Ubuntu: 16.04.3
ISP: Verizon FiOS Gigabit through Verizon Quantum Gateway, firewall disabled, Linux router w/ SoftEther set as DMZ host w/ full pass-through
iPhone X L2TP client, iOS version: 11.2.5
iPhone 6 Plus L2TP client, iOS version: 11.2.5
SoftEther: 4.23 Build 9647 (Developer Edition) also previously tried pre-built and git stable versions

Remote Networks Attempted:
* AT&T Wireless 4G/LTE
* xfinitwifi
* (and any other wifi I have been able to join)

The behavior I'm seeing is *odd*. On a fresh restart of SoftEther, with a fresh iptables reload, and a refresh on the iOS device going from airplane mode to airplane mode disabled, I can connect to SoftEther no issues AND reach internal resources. During a timeframe, while the iPhone is unlocked, I can connect and disconnect as many times as I want from SoftEther with no issues.

At some point, if I disconnect from SoftEther and put the phone down for a time period greater than 5 minutes, and try and reconnect, it does not connect, however following the above recipe of firewall refresh, vpnserver restart, and phone toggled through airplane mode (all 3 of these have to occur), I can usually reconnect and reach the internal resources.

I am at a loss, given multiple iOS devices, wifi, and LTE networks, as to why I can connect sometimes and cannot after some period of time. When SoftEther fails to negotiate a connection, it fails across multiple iOS devices, on differing networks (LTE vs. an external wireless network).

Does anyone have any ideas of why restarting the firewall, vpnserver, and toggling the iOS devices in and out of airplane mode works, and is there a cache/server-side setting I can lower to avoid this?

This is a great little VPN and I really hope to hash out this issue so I can use it. Thanks in advance for any help!


Here are the SoftEther logs of what happens when the connection *does not work*:

2018-02-15 11:09:07.705 IPsec Client 3 (<IP_REDACTED>:59128 -> 0.0.0.0:500): A new IPsec client is created.
2018-02-15 11:09:07.705 IPsec IKE Session (IKE SA) 3 (Client: 3) (<IP_REDACTED>:59128 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x7919810582938E92, Responder Cookie: 0x7DBE49659BF6A063, DH Group: MODP 2048 (Group 14), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2018-02-15 11:09:17.847 IPsec IKE Session (IKE SA) 3 (Client: 3) (<IP_REDACTED>:59128 -> 0.0.0.0:500): This IKE SA is deleted.
2018-02-15 11:09:17.847 IPsec Client 3 (<IP_REDACTED>:59128 -> 0.0.0.0:500): This IPsec Client is deleted.



Here are the SoftEther logs of what happens the one time the connection *does work* and I can reach internal resources:

2018-02-15 13:59:43.743 IPsec IKE Session (IKE SA) 1 (Client: 1) (<IP REDACTED>:8118 -> 0.0.0.0:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x2A1DCD6997E67F89, Responder Cookie: 0x1F3262E436378B35, DH Group: MODP 2048 (Group 14), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2018-02-15 13:59:44.006 IPsec Client 1 (<IP REDACTED>:34696 -> 0.0.0.0:4500): The port number information of this client is updated.
2018-02-15 13:59:44.006 IPsec Client 1 (<IP REDACTED>:34696 -> 0.0.0.0:4500):
2018-02-15 13:59:44.006 IPsec IKE Session (IKE SA) 1 (Client: 1) (<IP REDACTED>:34696 -> 0.0.0.0:4500): This IKE SA is established between the server and the client.
2018-02-15 13:59:44.826 IPsec IKE Session (IKE SA) 1 (Client: 1) (<IP REDACTED>:34696 -> 0.0.0.0:4500): The client initiates a QuickMode negotiation.
2018-02-15 13:59:44.826 IPsec ESP Session (IPsec SA) 1 (Client: 1) (<IP REDACTED>:34696 -> 0.0.0.0:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xAE734439, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2018-02-15 13:59:44.826 IPsec ESP Session (IPsec SA) 1 (Client: 1) (<IP REDACTED>:34696 -> 0.0.0.0:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0xE95D804, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2018-02-15 13:59:44.876 IPsec ESP Session (IPsec SA) 1 (Client: 1) (<IP REDACTED>:34696 -> 0.0.0.0:4500): This IPsec SA is established between the server and the client.
2018-02-15 13:59:44.887 IPsec Client 1 (<IP REDACTED>:34696 -> 0.0.0.0:4500): The L2TP Server Module is started.
2018-02-15 13:59:45.008 L2TP PPP Session [<IP REDACTED>:1701]: A new PPP session (Upper protocol: L2TP) is started. IP Address of PPP Client: 166.170.32.162 (Hostname: "iPhoneX"), Port Number of PPP Client: 1701, IP Address of PPP Server: 0.0.0.0, Port Number of PPP Server: 1701, Client Software Name: "L2TP VPN Client", IPv4 TCP MSS (Max Segment Size): 1314 bytes
2018-02-15 13:59:45.294 On the TCP Listener (Port 0), a Client (IP address <IP REDACTED>, Host name "<HOSTNAME_REDACTED>.mycingular.net", Port number 1701) has connected.
2018-02-15 13:59:45.294 For the client (IP address: <IP REDACTED>, host name: "<HOSTNAME_REDACTED>.mycingular.net", port number: 1701), connection "CID-1" has been created.
2018-02-15 13:59:45.294 SSL communication for connection "CID-1" has been started. The encryption algorithm name is "(null)".
2018-02-15 13:59:45.294 [HUB "Main"] The connection "CID-1" (IP address: <IP REDACTED>, Host name: <HOSTNAME_REDACTED>.mycingular.net, Port number: 1701, Client name: "L2TP VPN Client", Version: 4.23, Build: 9647) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "sinkr".
2018-02-15 13:59:45.294 [HUB "Main"] Connection "CID-1": Successfully authenticated as user "sinkr".
2018-02-15 13:59:45.294 [HUB "Main"] Connection "CID-1": The new session "SID-<USER-REDACTED>-[L2TP]-2" has been created. (IP address: <IP REDACTED>, Port number: 1701, Physical underlying protocol: "Legacy VPN - L2TP")
2018-02-15 13:59:45.294 [HUB "Main"] Session "SID-<USER-REDACTED>-[L2TP]-2": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2018-02-15 13:59:45.294 [HUB "Main"] Session "SID-<USER-REDACTED>-[L2TP]-2": VPN Client details: (Client product name: "L2TP VPN Client", Client version: 423, Client build number: 9647, Server product name: "SoftEther VPN Server Developer Edition (64 bit) (Open Source)", Server version: 423, Server build number: 9647, Client OS name: "L2TP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "iPhoneX", Client IP address: "<IP REDACTED>", Client port number: 1701, Server host name: "0.0.0.0", Server IP address: "0.0.0.0", Server port number: 1701, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "Main", Client unique ID: "E5F9EF9295A1BD2AF75FA24974922E2B")
2018-02-15 13:59:45.354 L2TP PPP Session [<IP REDACTED>:1701]: Trying to request an IP address from the DHCP server.
2018-02-15 13:59:48.184 [HUB "Main"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "00-1B-21-D3-10-3E" (192.168.168.1) on this session allocated, for host "SID-<USER-REDACTED>-[L2TP]-2" on another session "CA-77-FD-2A-84-E0", the new IP address 192.168.168.40.
2018-02-15 13:59:48.194 L2TP PPP Session [<IP REDACTED>:1701]: An IP address is assigned. IP Address of Client: 192.168.168.40, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.168.1, Domain Name: "xenolith.org", DNS Server 1: 192.168.168.1, DNS Server 2: 0.0.0.0, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0, IP Address of DHCP Server: 192.168.168.1, Lease Lifetime: 3600 seconds
2018-02-15 13:59:48.194 L2TP PPP Session [<IP REDACTED>:1701]: The IP address and other network information parameters are set successfully. IP Address of Client: 192.168.168.40, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.168.1, DNS Server 1: 192.168.168.1, DNS Server 2: 0.0.0.0, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0

sinkr
Posts: 3
Joined: Thu Feb 15, 2018 2:11 am

Re: SoftEther+iOS+Linux Connects Once, Fails to Reconnect

Post by sinkr » Mon Feb 19, 2018 5:35 pm

Good talk, guys!

thisjun
Posts: 2231
Joined: Mon Feb 24, 2014 11:03 am

Re: SoftEther+iOS+Linux Connects Once, Fails to Reconnect

Post by thisjun » Wed Mar 07, 2018 7:07 am

Can iPhone reconnect to the server after only re-start router?

sinkr
Posts: 3
Joined: Thu Feb 15, 2018 2:11 am

Re: SoftEther+iOS+Linux Connects Once, Fails to Reconnect

Post by sinkr » Wed Mar 07, 2018 3:01 pm

No,

SoftEther must be re-started, the firewall rules must be flushed and re-applied, and sometimes, but more times than not, the iPhone needs to go in and out of airplane mode for me to reconnect. At no point does the router (a Linux box) or the upstream device (FiOS Quantum Gateway) have to be rebooted to reconnect with SoftEther.

thisjun
Posts: 2231
Joined: Mon Feb 24, 2014 11:03 am

Re: SoftEther+iOS+Linux Connects Once, Fails to Reconnect

Post by thisjun » Thu Mar 22, 2018 6:27 am

Must the iptables be reloaded?

Does the iptables have any dynamic entry?

Post Reply