Open Radar

 
Since macOS 10.15 (and including 10.15.1) any VPN connection established using the macOS built-in VPN client, drops ALL keep-alive packages.

This happens only for TCP keep-alive packages. The actual connection works fine and is stable but as soon as the connection goes into an idle state and SO_KEEPALIVE is enabled, all of the TCP keep-alive packages are dropped.
This has been verified using Wireshark and I'm attaching a sample trace files to compare a direct connection vs. a VPN connection to the same target host to this bug report.

I've been made aware to this issue by dozens of users of my Mac app, Royal TSX. They reported suddenly dropping RDP connections after upgrading to 10.15. I've done a lot of troubleshooting with those users and in the end was able to reproduce the issue myself by mirroring their environment (connections through macOS VPN client).

I've blogged in more detail about the issue here: https://www.royalapps.com/blog/rdp-connections-via-vpn-in-macos-10-15-catalina
And on FreeRDP's Github issue tracker: https://github.com/FreeRDP/FreeRDP/issues/5705

To reproduce the issue:
* Set up an (L2TP) VPN server
* Configure the VPN connection in macOS' Network Preferences and open the VPN connection
* Download and compile the following test app: https://gist.github.com/lemonmojo/1b7f957aed60a65c121e8067d5d93483 (source code also attached to this bug report)
* Launch the utility with ./keepalivetest HOSTNAME PORT
* Monitor the connection using Wireshark or similar software
* Wait for the keep-alive packages to be sent and finally the TCP Reset packet being received
* Repeat the test using a direct (non-VPN) connection
* In this case all keep-alive packages go through properly and the connection is not reset automatically