L2TP issue since last update



  • After making the last update, I was unable to connect from L2TP. I read the changes, but I don't think it will be related. I'm not logging in with Radius. There is no problem with the connection. I tried it in the old version, it works fine. As for the rules, it's normal.



  • No human beings to answer? All my services stopped now!



  • @erselbey
    Hi,

    the answer is probably hard to come by, because not many people already use L2TP...

    @erselbey "I tried it in the old version, it works fine. "

    -come back in the meantime to a working configuration until the problem is resolved

    not much is being said about L2TP really in the current change

    39f29270-2877-418c-9fc8-c1890a392539-image.png

    for the sake of curiosity
    why don't you use OpenVPN?

    PS:
    is there anything in the logs at all?
    (your starting post is very concise, no one can figure out what can happen to your system, if there is no data)
    share your logs and it is possible that someone has already encountered the issue...

    +++++edit: plus it’s a weekend and as you can see there’s not much movement on the forum 😉



  • @DaddyGo All of the employees are structured as L2TP and so on. The systems are completely macOS so we use L2TP.



  • @erselbey

    That makes sense ✋

    -so, have you ever considered IPsec?
    I personally hate the L2TP old and rigid protocol and it is no longer so secure.



  • @DaddyGo Actually I did not think but we are in a transition period now. That's why we manage it for now. Trying for a deep-rooted job because of a minor problem also requires effort. Otherwise, L2TP started to be troubled as you said.



  • @erselbey

    I understand...

    We have long been doing the following:

    central pfSense OpenVPN server (headquarter) and smaller pfSense-enabled devices at employee endpoints as OpenVPN clients
    https://pcengines.ch/apu4d4.htm (110-130USD)

    so it doesn't matter what OP system is running on the client side (employees) (macOS, Windows, Linux)
    since both endpoints have pfSense and OpenVPN



  • @erselbey

    don't worry, I rarely see L2TP posts on the forum, probably someone will come who has similar problems...

    now you have to wait a bit...



  • Unfortunately, it is now. By the way, I am looking for the solution. There is no problem with the Radius server either in the manual user. It's annoying.



  • Jun 27 19:25:09 l2tps L2TP: Control connection 0x80366a610 destroyed
    Jun 27 19:24:58 l2tps L2TP: Control connection 0x80366a610 terminated: 0 ()
    Jun 27 19:24:58 l2tps Incoming L2TP packet from x.x.x.x 50969
    Jun 27 19:24:45 l2tps L2TP: Control connection 0x80366a610 destroyed
    Jun 27 19:24:34 l2tps L2TP: Control connection 0x80366a610 terminated: 0 ()
    Jun 27 19:24:33 l2tps Incoming L2TP packet from x.x.x.x 61437
    Jun 27 19:24:24 l2tps L2TP: Control connection 0x80366a610 destroyed
    Jun 27 19:24:18 l2tps L2TP: Control connection 0x80366a310 destroyed
    Jun 27 19:24:13 l2tps L2TP: Control connection 0x80366a610 terminated: 0 ()
    Jun 27 19:24:13 l2tps Incoming L2TP packet from x.x.x.x 57154
    Jun 27 19:24:07 l2tps L2TP: Control connection 0x80366a310 terminated: 0 ()
    Jun 27 19:24:07 l2tps Incoming L2TP packet from x.x.x.x 51461

    Jun 27 19:26:40 charon 06[IKE] <con5000|3> nothing to initiate
    Jun 27 19:26:40 charon 06[IKE] <con5000|3> activating new tasks
    Jun 27 19:26:40 charon 06[ENC] <con5000|3> parsed INFORMATIONAL response 67 [ ]
    Jun 27 19:26:40 charon 06[NET] <con5000|3> received packet: from x.x.x.x[500] to x.x.x.x[500] (76 bytes)
    Jun 27 19:26:40 charon 06[NET] <con5000|3> sending packet: from x.x.x.x[500] to x.x.x.x[500] (76 bytes)
    Jun 27 19:26:40 charon 06[ENC] <con5000|3> generating INFORMATIONAL request 67 [ ]
    Jun 27 19:26:40 charon 06[IKE] <con5000|3> activating IKE_DPD task
    Jun 27 19:26:40 charon 06[IKE] <con5000|3> activating new tasks
    Jun 27 19:26:40 charon 06[IKE] <con5000|3> queueing IKE_DPD task
    Jun 27 19:26:40 charon 06[IKE] <con5000|3> sending DPD request
    Jun 27 19:26:30 charon 10[IKE] <con5000|3> nothing to initiate
    Jun 27 19:26:30 charon 10[IKE] <con5000|3> activating new tasks
    Jun 27 19:26:30 charon 10[ENC] <con5000|3> parsed INFORMATIONAL respons



  • @erselbey
    "the log shows that the connection is basically not working"

    I would do that:

    try to build a whole new test connection just for the sake of the test
    which is by no means related to previously configured L2TP connections

    of course on the updated system

    this basically filters out that importing existing settings into the newer environment is causing the error

    or L2TP really doesn't work on your system (under the new release) - +++I do not believe this ☺

    what L2TP client is on the other side software configured or hardware dependent?

    I am thinking of this here:
    https://www.thegreenbow.com/index.html
    (in the past we have used this client for L2TP)

    PS:
    the settings stored in XML may not be realized in the new environment

    +++edit:

    just notice the end of the description:
    https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/l2tp-ipsec.html

    +++edit: (pay close attention to this)
    https://forum.netgate.com/topic/154619/l2tp-control-connection-0x803859310-destroyed

    ✋ 👍



  • I now trying



  • This time it doesn't work with radius :(



  • @erselbey

    okay I'm running out of ideas...
    let's see @jimp can help you, if he are currently available...

    I note, I really used L2TP a long time ago, but now I'm interested in this theme (just for the sake of curiosity)

    I just see the despair in your writing, ergo I want to help...
    never give up, colleague...
    now I have to go, because my wife opened the weekend red wine



  • @DaddyGo Thank you very much for your help. Hope you have a happy time with your partner :) Take care.



  • @jimp ???



  • I think nobody else has any idea about the subject.





  • @erselbey

    I see help is on its way. 😉



  • I started to tamper with the problem and I could not understand what to do with this method. I understand that I just need to delete the secret key. Is it correct? If it is true, it does not work, unfortunately.


Log in to reply