Jump to content
TorGuard
  • 0
gilby

IKEv2 VPN disconnects after a few minutes

Rate this question

Question

I am running macOS 10.13.4 and attempting to use an IKEv2 connection.

The VPN connects just fine and works for about 5 to 10 minutes.  Then it disconnects.  I have to manually reconnect.

A web search finds that a few others have reported this problem with IKEv2 VPNs (not Torguard), but no solution.

Is this a known problem?  And is there a solution?

Share this post


Link to post
Share on other sites

7 answers to this question

Recommended Posts

  • 0

In short, no solution.

I had contact with Torguard support, they agreed there is an issue, but no timeframe for solution.

Reading about IKEv2, it does some renegotiating of keys (I may not have that precisely correct) after/every 8 minutes.  macOS does this slightly differently to Windows (and iOS) - not a bug, just differently.  To fix it requires some reconfiguration of the server to behave in the way macOS expects.  And doing this without messing up Windows and iOS.

I have not attempted to get deeper into the issue and gone back to using OpenVPN.

I use IKEv2 on my iPhone and it is much better at reconnection than other protocols.

Share this post


Link to post
Share on other sites
  • 0

In addition to the previous comment, the instructions on the page "How to setup IKEv2 VPN on Mac OS" https://torguard.net/knowledgebase.php?action=displayarticle&id=218 have changed since I used it in May last.

The current step 1 about adding a certificate to your login keychain did not exist when I last looked (I have a copy).  There is no explanation about how this will be used and it is not referred to again.

But, it makes no difference - the connection still drops after 8 minutes.  I also tried after adding the certificate to the system keychain - but that doesn't work.

Share this post


Link to post
Share on other sites
  • 0
On 11/20/2018 at 10:36 AM, gilby said:

In addition to the previous comment, the instructions on the page "How to setup IKEv2 VPN on Mac OS" https://torguard.net/knowledgebase.php?action=displayarticle&id=218 have changed since I used it in May last.

The current step 1 about adding a certificate to your login keychain did not exist when I last looked (I have a copy).  There is no explanation about how this will be used and it is not referred to again.

But, it makes no difference - the connection still drops after 8 minutes.  I also tried after adding the certificate to the system keychain - but that doesn't work.

 

Hi Gilby

Does it happen when using OpenVPN or any other protocol? do you have a firewall enabled on your modem by chance? it might be worth disabling just for testing.

Regards

Share this post


Link to post
Share on other sites
  • 0

Thanks for the input gilby. OpenVPN works fine, BUT the speed is MORE then twice as fast using Ikev2. 40Mbps vs 150Mbps download. I have a secondary vpn provider that ikev2 works with. I have to find another backup vpn if this issue remains. I hope they find a solution soon. Black Friday is when Usually renew my vpn’s.

Additional info:   No firewall on router or Mac. L2tp does work it occasionally disconnects.

Share this post


Link to post
Share on other sites
  • 0
3 hours ago, jtimmyf said:

Thanks for the input gilby. OpenVPN works fine, BUT the speed is MORE then twice as fact using Ikev2. 40Mbps vs 150Mbps download. I have a secondary vpn provider that ikev2 works with. I have to find another backup vpn if this issue remains. I hope they find a solution soon. Black Friday is when Usually renew my vpn’s.

Additional info:   No firewall on router or Mac. L2tp does work it occasionally disconnects.

 

Hey,

We know MAC OS had a bug, a similar bug and this just appeared recently.

We are looking into it.

Regards

Share this post


Link to post
Share on other sites
  • 0

As with jtimmyf, no firewall and OpenVPN works fine.  I don't see the speed difference that jtimmyf is getting - but I only have a 50/20 internet connection.

My discussion with support was Ticket ID: 944287, with the final comment (from Support) being:

"We are looking into it, we are able to reproduce - we will see if there's something we can do server side to remedy it for now."

This was after me providing some Wireshark captures of the interaction when it drops out at the 8 minute.  The interaction showed (and this is my interpretation) the client (my Mac) starting a new key exchange (ISAKMP on port 4500) at 8 minutes and the server (Torguard) replying with an ICMP unreachable message.  I believe the new key exchange is part of IKEv2 and that the Mac is correct in initiating this.  My interpretation is that there is something in the content of the ISAKMP message which the Torguard server fails to interpret - quite possibly because the Mac does it slightly differently to iOS or Windows.  I don't know whether this should be considered a bug in macOS or a configuration issue with Torguard - my understanding of IKEv2 is way too shallow to say either way.

I was using 10.13.5 (High Sierra) in May.  Now using 10.14.1 (Mojave).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×