FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,897 views 3 comments
by anonymous
Hi;

I have spend about 2 days with Unifi engineers on this.  We have an RUT240 at the client location, using LTE Wan behind CNAT trying to connect to a Unifi USG L2TP Server.  Both devices are on the latest firmware.  The USG is accepting connections form other devices.  

We can establish a PPTP client connection to the same USG.

These are the guides that have already been followed.

https://wiki.teltonika-networks.com/view/L2TP_configuration_examples

https://help.ui.com/hc/en-us/articles/115005445768-UniFi-USG-UDM-Configuring-L2TP-Remote-Access-VPN
by anonymous

Hi

Same issue here.

RUT240 VPN client L2TP/IPSec vs USG L2TP/IPSec Server

IPSec Established but no luck with the interface ppp.

rremote-access: #12, ESTABLISHED, IKEv1, 700e87e90449dd2f:c755927ae480e078

  local  'x.x.81.198' @ x.x.81.198

  remote '10.196.16.208' @ 186.12.68.205

  AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048

  established 14s ago

  remote-access: #9, INSTALLED, TRANSPORT-in-UDP, ESP:AES_CBC-128/HMAC_SHA1_96

    installed 14 ago

    in  c50b49e4,    649 bytes,    13 packets,     6s ago

    out c51e3d6f,    725 bytes,    20 packets,     3s ago

    local  x.x.81.198/32[udp/l2f]

    remote 186.12.68.205/32[udp]

Aug 18 18:28:43 08[IKE] <12> 186.12.68.205 is initiating a Main Mode IKE_SA

Aug 18 18:28:49 14[IKE] <remote-access|12> IKE_SA remote-access[12] established between x.x.81.198[x.x.81.198]...186.12.68.205[10.196.16.208]

Aug 18 18:28:50 06[IKE] <remote-access|12> CHILD_SA remote-access{9} established with SPIs c50b49e4_i c51e3d6f_o and TS 131.108.81.198/32[udp/l2f] === 186.12.68.205/32[udp] 

Aug 18 18:28:57 08[KNL] interface ppp4 deleted

Note others VPN clients (Windows and OSX) are connecting without issues

by anonymous

(in response to @rodoroyo)

Hi,

Analyzing the system log at RUT side, and with help of Teltonika team, we notice an error at PPP authentication:

EAP: peer reports authentication failure

The solution for this case is to append the line

refuse-eap

in /etc/ppp/options

1 Answer

0 votes
by anonymous
Hi,

To determine why devices aren't establishing L2TP connectivity it'll be needed to review the logs, could you PM me troubleshoot package of your RUT240? Troubleshoot can be downloaded in WebUI -> System -> Administration -> Troubleshoot.
by anonymous

Because L2TP is used over IPsec, need to be added IPsec as transport.

For this need to add IPSec and Pre-shared key on RUT240.

1.      “Add” new IPsec (menu Services > VPN > IPsec)

2.      Click “Edit

3.      Enable the instance.

4.      Authentication type – Pre-shared key

5.      Type – Transport

5.1 Remote VPN endpoint - L2TP server IP address

6.      Set Pre-shared key - must be same on server and server

7.      Secret’s IP selector - %any

8.      “Save” configuration

 

If you are using specific DNS server, you can add it on menu Network > WAN > Edit WAN > Use DNS servers advertised by peer.