Connection up and down once connected to VPN
DDRDiesel
Newbie ✭
We've recently run into an issue with the VPN set up on our NSA 2650. At times, when a user connects, they get a constant up/down connection like a sawtooth pattern. When they disconnect from the VPN, their internet connection is completely fine and a ping -t shows no drops whatsoever. But once they connect, this is their ping result:
C:\WINDOWS\system32>ping *redacted* -t
Pinging *redacted* [131.*.*.*] with 32 bytes of data:
Reply from 131.*.*.*: bytes=32 time=17ms TTL=64
Reply from 131.*.*.*: bytes=32 time=18ms TTL=64
Reply from 131.*.*.*: bytes=32 time=20ms TTL=64
Reply from 131.*.*.*: bytes=32 time=17ms TTL=64
Reply from 131.*.*.*: bytes=32 time=24ms TTL=64
Reply from 131.*.*.*: bytes=32 time=17ms TTL=64
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 131.*.*.*: bytes=32 time=24ms TTL=64
Reply from 131.*.*.*: bytes=32 time=24ms TTL=64
Reply from 131.*.*.*: bytes=32 time=17ms TTL=64
Reply from 131.*.*.*: bytes=32 time=17ms TTL=64
Reply from 131.*.*.*: bytes=32 time=31ms TTL=64
Reply from 131.*.*.*: bytes=32 time=19ms TTL=64
Reply from 131.*.*.*: bytes=32 time=19ms TTL=64
Reply from 131.*.*.*: bytes=32 time=20ms TTL=64
Reply from 131.*.*.*: bytes=32 time=23ms TTL=64
Reply from 131.*.*.*: bytes=32 time=17ms TTL=64
Reply from 131.*.*.*: bytes=32 time=23ms TTL=64
Reply from 131.*.*.*: bytes=32 time=17ms TTL=64
Reply from 131.*.*.*: bytes=32 time=23ms TTL=64
Reply from 131.*.*.*: bytes=32 time=18ms TTL=64
Reply from 131.*.*.*: bytes=32 time=19ms TTL=64
Reply from 131.*.*.*: bytes=32 time=15ms TTL=64
Reply from 131.*.*.*: bytes=32 time=23ms TTL=64
Reply from 131.*.*.*: bytes=32 time=24ms TTL=64
Reply from 131.*.*.*: bytes=32 time=16ms TTL=64
Reply from 131.*.*.*: bytes=32 time=16ms TTL=64
Reply from 131.*.*.*: bytes=32 time=25ms TTL=64
Reply from 131.*.*.*: bytes=32 time=21ms TTL=64
Reply from 131.*.*.*: bytes=32 time=19ms TTL=64
Reply from 131.*.*.*: bytes=32 time=25ms TTL=64
Reply from 131.*.*.*: bytes=32 time=16ms TTL=64
Reply from 131.*.*.*: bytes=32 time=20ms TTL=64
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 131.*.*.*: bytes=32 time=24ms TTL=64
Reply from 131.*.*.*: bytes=32 time=18ms TTL=64
Reply from 131.*.*.*: bytes=32 time=20ms TTL=64
Reply from 131.*.*.*: bytes=32 time=19ms TTL=64
Reply from 131.*.*.*: bytes=32 time=20ms TTL=64
Reply from 131.*.*.*: bytes=32 time=18ms TTL=64
Reply from 131.*.*.*: bytes=32 time=32ms TTL=64
Reply from 131.*.*.*: bytes=32 time=15ms TTL=64
Ping statistics for 131.*.*.*:
Packets: Sent = 54, Received = 40, Lost = 14 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 32ms, Average = 20ms
*Note that this is only a small sample, but it's this exact pattern over and over. Each dropped packet is a time of about ~3 seconds, whereas the returned pings are just under 1 second each. So it's an equivalent time of up and down connection
Not sure what would be causing this, and most users don't seem to have this issue at all. The users that are affected have all different setups regarding to how they connect to the internet. Some are wireless, others are wired. Desktop, laptop, tablet, different ISP, but always this issue. Is this something on the SonicWall that has to be configured? Hoping someone else has run into this at least once and can provide me some direction
Answers
@DDRDiesel Thank you for reaching out to us.
Our Subject Matter experts will help you on it.
Tagging @shiprasahu93 @Nevyaditha @Saravanan1990_V @John_Lasersohn
Thanks and Regards,
Sridevi G
Global Service Account Manager,Premier Services
Hi @DDRDiesel,
thanks for asking here in the community. I think the best approach here would be to have our Support to take a deeper look, here we can just provide some recommendations.
On a first look, it seems to be that packets are getting lost because most of the successful pings have a low latency and then traffic stops for a few seconds.
What type of VPN are you using (SSLVPN/Mobile Connect or GVC? What versions?) and what firmware are you currently running on your firewall?
Also it would be interesting to know what fails while they're connected via VPN - is it the internal traffic failing or their internet traffic? Is the VPN configured as Split Tunnel or Tunnel All Mode?
Thanks,
Francesco Madia
Hello @DDRDiesel,
Based on the pattern it looks like an IP conflict issue. Could you please check if the local network of the user is overlapping with the IP it receives from VPN adapter or the local network that it is accessing.
Also, please make sure that 'All Interface IP' or 'WAN Interface IP' is not added as the VPN access for this user. Also, it should not be inheriting those privileges somehow.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
I agree with Shipra, that is definitely something to look out for!
It's SSL VPN, not using the GVC client. Firmware revision 6.5.0.0-33n. While the ping example I used was for internal traffic, it's all traffic that's getting this result with dropped pings. Lastly, the VPN is configured to allow split tunnels
@DDRDiesel,
Can you confirm if you have tried the MTU test on the SonicWall ?
You can check the below KB for the MTU test
Lastly, I see that you are running on a older version of firmware and would suggest you to upgrade to the latest version.
Nevyaditha P
Technical Support Advisor, Premier Services
We check when every user connects and they're being given unique IP addresses every time, so there's no conflict, and they do not have either of those options in the VPN access
Hello @DDRDiesel,
Yes, I agree with @Nevyaditha. You can try the suggestions but please plan a maintenance window to upgrade the firmware as 6.5.0.0 was an initial release. You can either upgrade to our general release branch 6.5.1.5 or the latest maintenance release 6.5.4.6.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Funny enough, that was one of the first things we did when a majority of our users were having connection stability issues. Once we adjusted the size of out MTU, almost all users had smooth connection, save for this random occurrence of up/down patterns. I'll bring up updating the firmware with my director and sysadmin to see when we can plan a window for this
@DDRDiesel ,
Thank you for the update. Please schedule the ugrade window and then update us accordingly !
Nevyaditha P
Technical Support Advisor, Premier Services