VPN LT2P and MacOS

cmderr

I have pfSense 2.4.4. I'm running a Windows 2016 VPN server on internal VLAN 1. I am trying to access the SMB shares on a server in internal VLAN 2. If I'm on a Windows client outside the firewall, I can connect to the VPN and transfer files from my client to the SMB server without issue. If I'm on a Mac client outside the firewall, I can connect to the VPN, but the file transfers always stop right around 225 MB. Then the VPN connection drops. And this goes for any traffic actually to any server on the internal VLANs -- SFTP traffic, SMB traffic, etc.

However, if I try to connect to the VPN, then send data to a server outside the firewall, everything works fine -- the transfer finishes. So I'm guessing it's something to do with pfSense between VLANs. I have a floating rule that allows all traffic on the WAN, VLAN1 and VLAN2 to hit that server, including advanced options like Any Flags and Sloppy. Still no luck.

Hoping for some insight. And again, this only seems to affect MacOS (Sierra, High Sierra, Mojave so far).

stephenw10

I assume you're using L2TP over IPSec rather than unencrypted L2TP?

Did you ever see any hits in the firewall logs before adding those floating rules?

If the VPN is actually dropping rather then the connection across it that sounds more likely something timing out. And since the Windows client seems unaffected it's probably something specific the MacOS client is setting.
Do you see anything in the VPN logs at either end when the tunnel drops?

I would recommend switching to IKEv2 mobile IPSec or OpenVPN to be honest. Both if those work well with current MacOS (and most other things).

Steve