L2TP VPN issues

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › L2TP VPN issues

wratterus

1687 posts

Uber Geek
+1 received by user: 678

#281013 25-Jan-2021 11:54

Got an odd issue at a client's location. They are on 2Degrees Fibre, were using a ER-Lite, now are using a USG, (issues are identical between the routers) and have issues where some users can not connect to their L2TP VPN from offsite.

This is just the bog standard L2TP with PSK setup using the UniFi controller.

I have never been able to fault it, coming from either Spark or 2Degrees, even hotspotting from a phone on Spark. They seem to have a lot of issues connecting to it from a vodafone mobile hotspot, and a few of their employees simply can't connect from home at all, bring the machine in question here (on 2Degrees) and it works perfectly.

Any ideas what might be going on here?

lxsw20

3689 posts

Uber Geek
+1 received by user: 2174

Subscriber

#2641597 25-Jan-2021 12:06

Does it just not connect at all, or can they not access things on the VPN? Is the VPN subnet overlapping with their home subnet if the latter?

wratterus

1687 posts

Uber Geek
+1 received by user: 678

#2641605 25-Jan-2021 12:26

Won't connect at all. Get various messages like no response from server, or misc other errors - seems quite random. I can always connect without issue from another 2Degrees connection. We use static routes in this case, it's essentially just for RDP so we just lock it down to a single IP.

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#2641681 25-Jan-2021 13:51

Vodafone were the first to rightly block PPTP many moons ago. You're not using the same ports?

Is this what you've set up?

UniFi - USG/UDM: Configuring L2TP Remote Access VPN – Ubiquiti Support and Help Center

You're not on Atlantis anymore, Duncan Idaho.

wratterus

1687 posts

Uber Geek
+1 received by user: 678

#2641714 25-Jan-2021 15:38

Yeah that's right - is that no good any more?

freitasm

BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2641724 25-Jan-2021 15:59

Is your client using a static IP or is it behind the 2degrees CGNAT?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

wratterus

1687 posts

Uber Geek
+1 received by user: 678

#2641726 25-Jan-2021 16:02

The location where the router (VPN server) is located has a 2Degrees business Fibre connection with a static IP. Client ends - is a mix, one client in particular who seems to be unable to connect almost all the time is on Orcon copper.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

richms

29099 posts

Uber Geek
+1 received by user: 10211

Trusted

Lifetime subscriber

#2643046 27-Jan-2021 13:32

Outgoing routers seem to be the problem I find, seems to be some state held on them that takes time to timeout after a failure to connect before it will work again, constantly hammering the connect button makes it fail. Change router at the other end and problems go away. Sucks when you have to use the ISP supplied one to keep the oldperson phone service working but what can you do other than change to openvpn which seems to not have random nat problems on some routers.

Richard rich.ms

nztim

4013 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#2643051 27-Jan-2021 13:37

CG-NAT at the client side can break this as some cant pass GRE properly

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

wratterus

1687 posts

Uber Geek
+1 received by user: 678

#2643064 27-Jan-2021 14:11

Thanks for all the thoughts guys. Is rather annoying really - from a setup simplicity & management point of view, the built in L2TP VPN is just so easy to work with.