• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Client experiences access and ping dropout on local IP

Shou Miko

Shou Miko

Joined
Aug 29, 2005
Messages
7,524 (1.04/day)
Location
Stuck somewhere in the 80's Jpop era....
System Specs
System Name Lynni PS \ Lenowo TwinkPad L14 G2
Processor AMD Ryzen 7 7700 Raphael \ i5-1135G7 Tiger Lake-U
Motherboard ASRock B650M PG Riptide Bios v. 3.10 AMD AGESA 1.2.0.2a \ Lenowo BDPLANAR Bios 1.68
Cooling AMD Wraith Cooler \ Lenowo C-267C-2
Memory G.Skill Flare X5 2x16GB DDR5 6000MHZ CL36-36-36-96 AMD EXPO \ Willk Elektronik 2x16GB 2666MHZ CL17
Video Card(s) Sapphire PURE AMD Radeon™ RX 9070 Gaming OC 16GB | Intel® Iris® Xe Graphics
Storage Gigabyte M30 1TB|Sabrent Rocket 2TB| HDD: 10TB|1TB \ WD RED SN700 1TB
Display(s) KTC M27T20S 1440p@165Hz | LG 48CX OLED 4K HDR | Innolux 14" 1080p
Case Asus Prime AP201 White Mesh | Lenowo L14 G2 chassis
Audio Device(s) Steelseries Arctis Pro Wireless
Power Supply Be Quiet! Pure Power 12 M 750W Goldie | Cyberpunk GaN 65W USB-C charger
Mouse Logitech G305 Lightspeedy Wireless | Lenowo TouchPad & Logitech G305
Keyboard Ducky One 3 Daybreak Fullsize | L14 G2 UK Lumi
Software Win11 IoT Enterprise 24H2 UK | Win11 IoT Enterprise LTSC 24H2 UK / Arch (Fan)
Benchmark Scores 3DMARK: https://www.3dmark.com/3dm/89434432? GPU-Z: https://www.techpowerup.com/gpuz/details/v3zbr
I have deployed several Zyxel USG Flex 50 routers at customers but I have one with a little unique setup for me and here is a little back story on why I have set this up.

I have a customer with a couple of Mac computerens and 10 or so Windows 11 computers and the most annoying part is to get remote access to their 2 mac computers they even run different version of mac osx (Which doesn't make it any easier for me) and they all need to access their file server through a site-2-site vpn which is already running using ipsec.

So I decided to not have to manage all the computers when there is a change with the fileservers ip which may happen some day so I decided to use the Zyxel USG Flex 50 to setup a local ip for the fileserver and connect all the computer to this ip 192.168.x.2xx which do work on the mac and windows 11 computers.

So far I have this running on 2 clients and they experiences drop in ping and connectivity issues during the day a lot and special in the morning from 7-8AM the connecting issues cut out 4-5 times to the fileserver using this local ip where they have to keep retrying to connect.

I cannot see a connection issue with the ipsec with and the ping from the fileserver to the router at the customer is running without dropouts.

So I think it might be a issue in the Zyxel USG Flex 50 since using OpenVPN to connect directly to the fileserver using 10.10.2xx.1xx there is no issue at all.

Here is the setup I made in the Zyxel USG Flex 50:
NAT Setup
Port Mapping Type
Classification: Virtual Server

Mapping Rule
Incoming Interface: lan1
Source IP: any
External IP: User Defined
User-Defined External IP: 192.168.x.2xx
Internal IP: User Defined
User-Defined Internal IP: 10.10.2xx.1xx
Port Mapping Type: any

Related Settings
Enabled NAT Loopback: Enabled

I hope someone can help me understanding what's going on here because I find out why this ain't working a 100%.


I am not a big network person but I do now how to manage the router, setup vpns, port forwarding, nat and such but sometimes the routing hunts me it's something I never been good at but I manage to get things working.
 
Shou Miko said:
So far I have this running on 2 clients and they experiences drop in ping and connectivity issues during the day a lot and special in the morning from 7-8AM the connecting issues cut out 4-5 times to the fileserver using this local ip where they have to keep retrying to connect.
Click to expand...

Without reading the entire post and the fact that im exhausted 2 things stick out.

- Loss of connectivity

- Usually at the same time of day

- diff subnets over a VPN

You should check DHCP and make sure you are not leasing in that range and make sure none of the client machines are on a static IP. It seems like the issue occur when the DHCP server refreshed on the 24 hour lease cycle and it has a conflict but the switches ARP cache is already holding onto the MAC. The DHCP server sees the collision and force expires the IP but then you have to wait for cache expire on the switch. At which point everything works fine until 7am the next day when DHCP releases again.

Just a hunch though. Im going to sleep, and I wont touch Zyxal if you had a gun to my face, so I couldnt even begin to tell you where to diag. Ideally though I would start with address pool, then look for anything in regards to DNS/DHCP logging.
 
Solaris17 said:
Without reading the entire post and the fact that im exhausted 2 things stick out.

- Loss of connectivity

- Usually at the same time of day

- diff subnets over a VPN

You should check DHCP and make sure you are not leasing in that range and make sure none of the client machines are on a static IP. It seems like the issue occur when the DHCP server refreshed on the 24 hour lease cycle and it has a conflict but the switches ARP cache is already holding onto the MAC. The DHCP server sees the collision and force expires the IP but then you have to wait for cache expire on the switch. At which point everything works fine until 7am the next day when DHCP releases again.

Just a hunch though. Im going to sleep, and I wont touch Zyxal if you had a gun to my face, so I couldnt even begin to tell you where to diag. Ideally though I would start with address pool, then look for anything in regards to DNS/DHCP logging.
Click to expand...

Thanks I will look into it all.

I have 2 devices with static ip a printer and a unifi ap and I actually forgot I do not ping the router I ping the ap :banghead: but still no dropouts on the ping.

Lease time expiration is set to 1 day not saying it couldn't be lower.
Yeah I need to look into when the lease time expires because if this happens between 7-8AM it could be a problem.
If possible setting it to like 5AM when no one is at the office it could make a difference but I could also try to add the Windows 11 computer to a static outside the dhcp scope which is 100-199.
 
Ipsec could mean MTU mismatch somewhere.
 
kilo said:
Ipsec could mean MTU mismatch somewhere.
Click to expand...

When it's only local clients that have this issue and the vpn is stable?

I never got much time at work had to go out to a different customer and look at their mobile connection wasn't working turned out their hold Huawei router from late 2015/early 2016 was done for it so had to also order a new 5G router.
 
An update, I been in contact with Zyxel and they want me to setup a "Domain/FQDN" for this but why?

The lan's dns server is already the router so that shouldn't be an issue because if it was clients wouldn't have access to the server than the transmission would fail.

I tried to setup this NAT so clients would be easier to manage on their lan if their hosted fileserver changed ip or something else would cause a change but I guess this really ain't possible and I do not understand why :confused:
 
You must log in or register to reply here.
Back
Top