Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mbesen
Participant

Seemingly random disconnects from Checkpoint Remote Access VPN when using Fritzbox router

Jump to solution

Hello everyone!

I am facing a weird issue that, after lots of troubleshooting, seems to be narrowed down to something affecting Checkpoint Remote Access VPN and Fritzbox 7530 AX router.

I'm working from home, and my company uses Checkpoint VPN to tunnel into internal network. I noticed, after I replace ISP router to Fritzbox one in my local network, that every 15 minutes (it varies) my VPN disconnects and reconnects after 30-60 seconds.

At first I thought it has something to do with my laptop, so I did following troubleshooting:

- checked Checkpoint VPN site and authentication settings and confirmed those are correct;
- reinstalled Checkpoint VPN client, used several versions (E86.25, E86.40, E86.50, E86.60);
- reinstalled network adapter drivers, upgraded to latest ones on both laptop and docking station;
- reinstalled operating system (tried both Windows 10 and Windows 11, including the latest 22H2);
- as this didn't help, I tried replacing docking station with two different versions (Type-C and Thunderbolt 4) with different network adapters. I tried enabling and disabling MAC address pass-through in laptop BIOS);
- at last, I tried replacing my work laptop from Thinkpad T480 to Thinkpad T15 Gen2;
- tried connecting via both Ethernet and WiFi (both 2.4 and 5GHz).

All other devices on network are working properly, including the same work laptop when I'm disconnected from VPN. My desktop PC, other laptop, phones, TV, Xbox etc. all work properly.

When I'm back on my ISP router VPN seems to establish and keep connected for prolonged period. I tried to see if there's a setting in Fritzbox like IPS and, firewall rules, or ACLs set for my work laptop client, but nothing is set or everything is enabled properly.

I have checked with our network admin and he confirmed that settings are correct for both my client and server.

Wireshark log on my work laptop doesn't show anything useful as most of the traffic is encapsulated in ESP protocol.

However, I sometimes do get an error saying "Check Point Endpoint Security - VPN tunnel has disconnected: Internal erro: OS configuration with adapter required parameters failed: Failed to recover state.

I really don't have any other idea what to do. 

Thank you, and kind regards,

Mario

0 Kudos
1 Solution

Accepted Solutions

Hello Mario,

there is a known issue with the packet acceleration feature in Fritz!Box 7530AX current firmware which interferes with vpn traffic in .

This problem is confirmed by vendor AVM. Just ask AVM support about packet acceleration feature.

Here is the original support answer from their support (in German, because its a German company):

Klicken Sie in der Benutzeroberfläche der FRITZ!Box links unten auf "Inhalt" und dann unten auf "FRITZ!Box Support".
Etwas weiter unten finden Sie unter Paketbeschleunigung die Option die "Paketbeschleunigung deaktivieren". 

Wählen Sie dies aus und klicken Sie rechts auf die Schaltfläche "Einstellung übernehmen". 
Wichtig: Diese Einstellung bleibt nur bis zum nächsten Neustart der FRITZ!Box aktiv!

Summary / translation: Disable the packet acceleration feature using the support menu of Fritz!Box firmware webinterface. This will not survive reboot of the box.

They also confirmed that they are working on a fixed firmware. Unfortunately, it's not released yet.

View solution in original post

4 Replies

Is the Fritzbox firmware current, have you discussed the issue with their support at all?

0 Kudos
mbesen
Participant

Hi Chris,

Thanks for quick replies! Or is it slow day at work, could be both 🙂

Yes, I am in touch with their support, they're analysing Wireshark data I captured on gateway itself, but indications are that they don't think it's something at fault on their side.

Additional event logs aren't saying much either.

I'm on fiber optic, GPON, so connection reliability shouldn't be an issue. Fritzbox is updated to latest available stable firmware, 7.31.

Kind regards,

Mario

Hello Mario,

there is a known issue with the packet acceleration feature in Fritz!Box 7530AX current firmware which interferes with vpn traffic in .

This problem is confirmed by vendor AVM. Just ask AVM support about packet acceleration feature.

Here is the original support answer from their support (in German, because its a German company):

Klicken Sie in der Benutzeroberfläche der FRITZ!Box links unten auf "Inhalt" und dann unten auf "FRITZ!Box Support".
Etwas weiter unten finden Sie unter Paketbeschleunigung die Option die "Paketbeschleunigung deaktivieren". 

Wählen Sie dies aus und klicken Sie rechts auf die Schaltfläche "Einstellung übernehmen". 
Wichtig: Diese Einstellung bleibt nur bis zum nächsten Neustart der FRITZ!Box aktiv!

Summary / translation: Disable the packet acceleration feature using the support menu of Fritz!Box firmware webinterface. This will not survive reboot of the box.

They also confirmed that they are working on a fixed firmware. Unfortunately, it's not released yet.

mbesen
Participant

Hello Tobias,

This is splendid news, I am glad the cause has been found and that the solution is in works. I have contacted AVM too and they provided me with beta firmware (LabOS 7.39) and I can confirm that VPN is now working properly.

 

Thank you for your assistance, one frustrating item off the list! 🙂