Mac OS vpn disconnects

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
schwartzw
Posts: 4
Joined: Thu Sep 03, 2020 8:40 pm

Mac OS vpn disconnects

Post by schwartzw » Thu Sep 03, 2020 8:44 pm

I recently setup a vpn server ona raspberry pi, seems to work well enough internally using the SOftEther client on a PC btu when I try to connect with the built in L2TP on a Mac it connects, then after a short amount of time disconnects. Sometimes it stays open long enough for me to connect to things but generally it disconnects so soon it's not useful.

How can I go about trying to fix this disconnect issue?

thanks,
Bill

schwartzw
Posts: 4
Joined: Thu Sep 03, 2020 8:40 pm

Re: Mac OS vpn disconnects

Post by schwartzw » Thu Sep 03, 2020 9:00 pm

Sorry for replying to my own post. here's some information from the logs.

In the server logs.

2020-09-03 03:23:25.533 [HUB "VPN"] SecureNAT: The UDP session 314944 has been created. Connection source 192.168.250.30:42842, Connection destination 255.255.255.255:1900^M
2020-09-03 03:23:25.543 On the TCP Listener (Port 5555), a Client (IP address 1.1.1.1, Host name "1.1.1.1", Port number 35348) has connected.^M
2020-09-03 03:23:25.543 For the client (IP address: 1.1.1.1, host name: "1.1.1.1", port number: 35348), connection "CID-19" has been created.^M
2020-09-03 03:23:25.543 Connection "CID-19" has been terminated.^M
2020-09-03 03:23:25.543 The connection with the client (IP address 1.1.1.1, Port number 35348) has been disconnected.^M


In the security logs this line is repeating thousands of times

2020-09-03 03:31:25.455 SecureNAT: The UDP session 364806 has been created. Connection source 192.168.250.30:36563, Connection destination 255.255.255.255:1900

# wc -l sec_20200903*
2996395 sec_20200903.log

ok, make that millions of times....

And I see the packet count on the Hub going up really fast even when noone is connected. That seems wrong to me.

schwartzw
Posts: 4
Joined: Thu Sep 03, 2020 8:40 pm

Re: Mac OS vpn disconnects

Post by schwartzw » Fri Sep 04, 2020 5:44 am

I figured out more to the story but not sure how to fix it. The excessive traffic i'm seeing appears to be other stuff on my network. If i have a local bridge setup the MAC and IP tables for the hub get big fast, the CPU usage goes crazy and sessions get disconnected.

If I delete the local bridge the MAC and IP tables are just those devices that talk to the host, the CPU load stays low and sessions don't get disconnected. And I also can't access anything.....

How do I set this up so the HUB isn't dealing with all of the other traffic and bogging down? The CPU load is causing the server to reply slow giving dropped packets or high ping times.

Bill

schwartzw
Posts: 4
Joined: Thu Sep 03, 2020 8:40 pm

Re: Mac OS vpn disconnects

Post by schwartzw » Fri Sep 04, 2020 6:29 am

ok, found my problem. google searches back to this forum helped :)

https://www.vpnusers.com/viewtopic.php?t=8669

I had localbridge and SecureNAT both enabled which caused the storm.

I thought SecureNAT was needed to put the VPN server behind a NAT (typical home firewall) otherwise you couldn't NAT the ipsec/l2tp traffic?

Can someone lease explain to me better the use of SecureNAT and when would you use that vs the localbridge?

In any case, with just the localbridge enabled and SecureNAT disabled it seems I can connect from remote locations and access file servers and such inside.

thanks,
Bill

centeredki69
Posts: 313
Joined: Wed Sep 18, 2013 1:49 pm

Re: Mac OS vpn disconnects

Post by centeredki69 » Sun Sep 06, 2020 12:25 pm

"SecureNAT" creates a Basic "virtual Router" behind / inside the Local LAN Network. The VPN clients tunnel to the "SecureNAt network" where they can all communicate in a separate subnet and their traffic flows out via the "SecureNAT" gateway to the next upstream network which would be the Local Physicals LAN Network . It's like plugging a "SOHO NAT router" behind another router (double nated). " SecureNAT" was designed to be used when the "local bridge" option is not possible.

"Local Bridge" connects the SE client directly to the Physical network that the SE-server host is connected. As you discovered when both are turned on the "SecureNAT" and Physical Networks DHCP servers spill over into each others network.

Post Reply