subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,897 views 3 comments
by anonymous

I have spend about 2 days with Unifi engineers on this.  We have an RUT240 at the client location, using LTE Wan behind CNAT trying to connect to a Unifi USG L2TP Server.  Both devices are on the latest firmware.  The USG is accepting connections form other devices.  

We can establish a PPTP client connection to the same USG.

These are the guides that have already been followed.
by anonymous


Same issue here.

RUT240 VPN client L2TP/IPSec vs USG L2TP/IPSec Server

IPSec Established but no luck with the interface ppp.

rremote-access: #12, ESTABLISHED, IKEv1, 700e87e90449dd2f:c755927ae480e078

  local  'x.x.81.198' @ x.x.81.198

  remote '' @


  established 14s ago

  remote-access: #9, INSTALLED, TRANSPORT-in-UDP, ESP:AES_CBC-128/HMAC_SHA1_96

    installed 14 ago

    in  c50b49e4,    649 bytes,    13 packets,     6s ago

    out c51e3d6f,    725 bytes,    20 packets,     3s ago

    local  x.x.81.198/32[udp/l2f]


Aug 18 18:28:43 08[IKE] <12> is initiating a Main Mode IKE_SA

Aug 18 18:28:49 14[IKE] <remote-access|12> IKE_SA remote-access[12] established between x.x.81.198[x.x.81.198]...[]

Aug 18 18:28:50 06[IKE] <remote-access|12> CHILD_SA remote-access{9} established with SPIs c50b49e4_i c51e3d6f_o and TS[udp/l2f] ===[udp] 

Aug 18 18:28:57 08[KNL] interface ppp4 deleted

Note others VPN clients (Windows and OSX) are connecting without issues

by anonymous

(in response to @rodoroyo)


Analyzing the system log at RUT side, and with help of Teltonika team, we notice an error at PPP authentication:

EAP: peer reports authentication failure

The solution for this case is to append the line


in /etc/ppp/options

1 Answer

0 votes
by anonymous

To determine why devices aren't establishing L2TP connectivity it'll be needed to review the logs, could you PM me troubleshoot package of your RUT240? Troubleshoot can be downloaded in WebUI -> System -> Administration -> Troubleshoot.
by anonymous

Because L2TP is used over IPsec, need to be added IPsec as transport.

For this need to add IPSec and Pre-shared key on RUT240.

1.      “Add” new IPsec (menu Services > VPN > IPsec)

2.      Click “Edit

3.      Enable the instance.

4.      Authentication type – Pre-shared key

5.      Type – Transport

5.1 Remote VPN endpoint - L2TP server IP address

6.      Set Pre-shared key - must be same on server and server

7.      Secret’s IP selector - %any

8.      “Save” configuration


If you are using specific DNS server, you can add it on menu Network > WAN > Edit WAN > Use DNS servers advertised by peer.