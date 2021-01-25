Geekzone: technology news, blogs, forums
wratterus

1500 posts

Uber Geek


#281013 25-Jan-2021 11:54
Got an odd issue at a client's location. They are on 2Degrees Fibre, were using a ER-Lite, now are using a USG, (issues are identical between the routers) and have issues where some users can not connect to their L2TP VPN from offsite. 

 

This is just the bog standard L2TP with PSK setup using the UniFi controller. 

 

I have never been able to fault it, coming from either Spark or 2Degrees, even hotspotting from a phone on Spark. They seem to have a lot of issues connecting to it from a vodafone mobile hotspot, and a few of their employees simply can't connect from home at all, bring the machine in question here (on 2Degrees) and it works perfectly. 

 

Any ideas what might be going on here?

 

 

 

 

lxsw20
2945 posts

Uber Geek


  #2641597 25-Jan-2021 12:06
Does it just not connect at all, or can they not access things on the VPN? Is the VPN subnet overlapping with their home subnet if the latter?

wratterus

1500 posts

Uber Geek


  #2641605 25-Jan-2021 12:26
Won't connect at all. Get various messages like no response from server, or misc other errors - seems quite random. I can always connect without issue from another 2Degrees connection. We use static routes in this case, it's essentially just for RDP so we just lock it down to a single IP. 

MadEngineer
3062 posts

Uber Geek

Trusted

  #2641681 25-Jan-2021 13:51
Vodafone were the first to rightly block PPTP many moons ago. You're not using the same ports?

 

 

 

Is this what you've set up?

 

UniFi - USG/UDM: Configuring L2TP Remote Access VPN – Ubiquiti Support and Help Center




wratterus

1500 posts

Uber Geek


  #2641714 25-Jan-2021 15:38
Yeah that's right - is that no good any more?

freitasm
BDFL - Memuneh
74167 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2641724 25-Jan-2021 15:59
Is your client using a static IP or is it behind the 2degrees CGNAT?




wratterus

1500 posts

Uber Geek


  #2641726 25-Jan-2021 16:02
The location where the router (VPN server) is located has a 2Degrees business Fibre connection with a static IP. Client ends - is a mix, one client in particular who seems to be unable to connect almost all the time is on Orcon copper. 

richms
25277 posts

Uber Geek

Trusted
Subscriber

  #2643046 27-Jan-2021 13:32
Outgoing routers seem to be the problem I find, seems to be some state held on them that takes time to timeout after a failure to connect before it will work again, constantly hammering the connect button makes it fail. Change router at the other end and problems go away. Sucks when you have to use the ISP supplied one to keep the oldperson phone service working but what can you do other than change to openvpn which seems to not have random nat problems on some routers.




nztim
2332 posts

Uber Geek

ID Verified
Trusted
TEAMnetwork
Subscriber

  #2643051 27-Jan-2021 13:37
CG-NAT at the client side can break this as some cant pass GRE properly




wratterus

1500 posts

Uber Geek


  #2643064 27-Jan-2021 14:11
Thanks for all the thoughts guys. Is rather annoying really - from a setup simplicity & management point of view, the built in L2TP VPN is just so easy to work with. 

 

 

 

 

