Packet loss when connected to L2TP/IPsec VPn

Romo

Been playing for the value for a while and still no luck. I am still seeing packet loss.

Edge router logs have been showing:

May  7 18:00:48 office pppd[24483]: pppd 2.4.7 started by root, uid 0
May  7 18:00:48 office pppd[24483]: Connect: ppp0 <-->
May  7 18:00:48 office pppd[24483]: Overriding mtu 1500 to 1474
May  7 18:00:48 office pppd[24483]: Overriding mru 1500 to mtu value 1474
May  7 18:00:50 office pppd[24483]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
May  7 18:00:50 office pppd[24483]: Unsupported protocol 'Compression Control Protocol' (0x80fd) received
May  7 18:00:51 office pppd[24483]: Cannot determine ethernet address for proxy ARP
May  7 18:00:51 office pppd[24483]: local  IP address 10.255.255.0
May  7 18:00:51 office pppd[24483]: remote IP address 192.168.4.10
May  7 18:03:45 office pppd[24483]: Overriding mtu 1500 to 1474
May  7 18:03:45 office pppd[24483]: Overriding mru 1500 to mtu value 1474

Any other ideas?

JaredBusch

@Romo said in Packet loss when connected to L2TP/IPsec VPn:

Been playing for the value for a while and still no luck. I am still seeing packet loss.

Based on what @scottalanmiller said, I would not expect MTU to be involved.

Romo

Ok even weirder behavior now, currently I am getting steady pings for a very short period of time and then the connections just seems to die.

MTU is currently set to 1472

Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=87ms TTL=127
Reply from 10.10.10.1: bytes=32 time=89ms TTL=127
Reply from 10.10.10.1: bytes=32 time=87ms TTL=127
Reply from 10.10.10.1: bytes=32 time=89ms TTL=127
Reply from 10.10.10.1: bytes=32 time=90ms TTL=127
Reply from 10.10.10.1: bytes=32 time=88ms TTL=127
Reply from 10.10.10.1: bytes=32 time=87ms TTL=127
Reply from 10.10.10.1: bytes=32 time=88ms TTL=127
Reply from 10.10.10.1: bytes=32 time=93ms TTL=127
Reply from 10.10.10.1: bytes=32 time=93ms TTL=127
Reply from 10.10.10.1: bytes=32 time=94ms TTL=127
Reply from 10.10.10.1: bytes=32 time=91ms TTL=127
Reply from 10.10.10.1: bytes=32 time=88ms TTL=127
Reply from 10.10.10.1: bytes=32 time=87ms TTL=127
Reply from 10.10.10.1: bytes=32 time=93ms TTL=127
Reply from 10.10.10.1: bytes=32 time=95ms TTL=127
Reply from 10.10.10.1: bytes=32 time=91ms TTL=127
Reply from 10.10.10.1: bytes=32 time=90ms TTL=127
Reply from 10.10.10.1: bytes=32 time=101ms TTL=127
Reply from 10.10.10.1: bytes=32 time=89ms TTL=127
Reply from 10.10.10.1: bytes=32 time=88ms TTL=127
Reply from 10.10.10.1: bytes=32 time=88ms TTL=127
Reply from 10.10.10.1: bytes=32 time=89ms TTL=127
Reply from 10.10.10.1: bytes=32 time=106ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.

During that initial time, when the connection has just established web browsing also works close to normal speeds I would say. Really strange behavior.

JaredBusch

I never have a problem with my VPN on my iPhone.

May  7 19:42:34 bna-jared xl2tpd[4722]: Connection established to 172.58.142.195, 50961.  Local: 48550, Remote: 4 (ref=0/0).  LNS session is 'default'
May  7 19:42:34 bna-jared xl2tpd[4722]: Call established with 172.58.142.195, Local: 3582, Remote: 2938, Serial: 1
May  7 19:42:34 bna-jared pppd[8432]: pppd 2.4.7 started by root, uid 0
May  7 19:42:34 bna-jared pppd[8432]: Connect: ppp0 <-->
May  7 19:42:34 bna-jared pppd[8432]: Overriding mtu 1500 to 1492
May  7 19:42:34 bna-jared pppd[8432]: Overriding mru 1500 to mtu value 1492
May  7 19:42:34 bna-jared pppd[8432]: Overriding mtu 1500 to 1492
May  7 19:42:35 bna-jared pppd[8432]: Warning - secret file /etc/ppp/chap-secrets has world and/or group access
May  7 19:42:35 bna-jared pppd[8432]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
May  7 19:42:35 bna-jared pppd[8432]: local  IP address 10.255.255.0
May  7 19:42:35 bna-jared pppd[8432]: remote IP address 10.254.203.2
May  7 19:43:05 bna-jared pppd[8432]: Connection terminated: no multilink.
May  7 19:43:05 bna-jared pppd[8432]: Modem hangup

Here is my config.

set vpn l2tp remote-access authentication local-users username jbusch password 'SmegOff'
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication require mschap-v2
set vpn l2tp remote-access client-ip-pool start 10.254.203.2
set vpn l2tp remote-access client-ip-pool stop 10.254.203.10
set vpn l2tp remote-access dhcp-interface eth0
set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 8.8.4.4
set vpn l2tp remote-access idle 1800
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret SmegOff
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
set vpn l2tp remote-access ipsec-settings lifetime 3600
set vpn l2tp remote-access mtu 1492

The IP range is not used elsewhere in my router at all.

Romo

This was working properly until we switched to ATT. It is still properly reaching the router and also authenticating correctly to the radius server. It's just after connecting it completely craps out.

jt1001001

Switching to AT&T; what is the new carrier equipment? Did you go from cable modem to fiber?

scottalanmiller

@jt1001001 said in Packet loss when connected to L2TP/IPsec VPn:

Switching to AT&T; what is the new carrier equipment? Did you go from cable modem to fiber?

Yes

jt1001001

Whe we switched one of our sites from then Cox cable modem to AT&T fiber we had a similar issue with our Cisco ASA's (at the time) not establishing the tunnel consistently. We had to turn on WebVPN on the ASA (wasn't on before) and turn off NAT-T then it established fine. Not sure of similar setting on Ubiquiti devices. I'll check my notes was years ago may have another setting to try

Romo

So two further days of usage and the vpn has been working properly again. At the end the day, I had reverted back to original settings so everything just apparently started to work back on its own??

Really not sure what was causing the issue.

wrx7m

@Romo said in Packet loss when connected to L2TP/IPsec VPn:

So two further days of usage and the vpn has been working properly again. At the end the day, I had reverted back to original settings so everything just apparently started to work back on its own??

Really not sure what was causing the issue.

That is irritating that you don't know for sure what the fix was. Hopefully, it remains solid.

Romo

This same issue is happening today once again, VPN is connecting properly but I can't properly reach anything properly on the local lan or the internet.

1337

@Romo said in Packet loss when connected to L2TP/IPsec VPn:

This same issue is happening today once again, VPN is connecting properly but I can't properly reach anything properly on the local lan or the internet.

You should just buy a new edge router to exclude any hardware issues.

JaredBusch

@Pete-S said in Packet loss when connected to L2TP/IPsec VPn:

@Romo said in Packet loss when connected to L2TP/IPsec VPn:

This same issue is happening today once again, VPN is connecting properly but I can't properly reach anything properly on the local lan or the internet.

You should just buy a new edge router to exclude any hardware issues.

Valid option. The cost is minimal compared to the time you are spending.