FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12682 questions

15065 answers

24137 comments

47098 members

0 votes
585 views 10 comments
by
Hope someone could help. I am trying to use the RUTX11 as IPSec/l2tp client to connect to UDMPro server.

UDMPro vpn server can be accessed with iOS and macOS. So that side should be Setup ok.

The IPSec connection works but the l2tp connection fails with the error on port 1701 and closing tunnel.

I am on the latest firmware on both machines. I also followed the teltonika guides with no success.

After a week of trying I am now lost. Hope someone could give some support
by

I wanted to add my configuration for anybody who might have the similar setup: RUTX11 -- UDM Pro

And you need to enable on the l2tp configuration on the RUTX the Default Route option

1 Answer

0 votes
by
Hello,

Thank you for contacting.

May i know what is your whole solution how is everything connected. Could you draw a topology?

What IP addresses you acquire?

You already mentioned that you have followed the guide and it doesn't helped.

https://wiki.teltonika-networks.com/view/L2TP_over_IPsec#Client_.28RUT2.29

https://wiki.teltonika-networks.com/view/L2TP_over_IPsec#L2TP

But i still recommend to re-flash device firmware without keeping settings and start from the scratch if it helps.

Because some times little misconfigurations makes the whole solution not work.

Let me know.

Thanks.

Regards,

Ahmed
by
Thanks for the reply. I have managed to get a big step forward after doing a full factory reset on my UDM Pro and RUTX11 starting everything from scratch.

So now I managed to establish a connection via IPsec/l2tp to the UDM Pro.

I can Ping all machines connected behind the UDM Pro. And I can ping machines in the internet e.g. 8.8.8.8

But I cannot open any webpage behind the UDM pro nor internet. Which is super strange. With an iPhone connected to the UDM Pro via VPN (IPsec/L2tp) all works fine.

Any idea what might be now the problem?

Thanks in advance for the help
by
Hello,

So the issue is on UDM pro side configurations as everything is working fine on Rutx11 and tunnel is also established.

Try to define a gateway or DNS in the end device or UDM pro itself.

Thanks.
by
Hi, thanks. I don‘t think That is the Issue. To be more specific:

SSH into the RUTX and then ping the UDM, a machine behind the UDM and e.g. 8.8.8.8 works

Doing the same with a computer connected to the RUTX wifi network does not. I can only ping the RUTX. I cannot ping the UDM nor any other Maschine behind the UDM or the internet.

So I expect that there is an issue in the RUTX. I dont know if that is related but looking at other posts with similar issues I found out that they usually have a firewall rule for l2tp with which they play around. My firewall has no such rule configured automatically.

Connecting with any other vpn client to the same UDM VPN server I have no issues. So I am sure it must be the RUTX configuration.

Do you have any suggestions for a firewall rule or similar to try?
by
Hello,

May i know if you have configured the correct LAN network of Rutx11 in UDM VPN server and LAN network of UDM VPN server in Rutx11, also define the subnet .

Further you can see the scheme 2 here that how to access/ping the LAN side of the router:

https://wiki.teltonika-networks.com/view/IPsec_configuration_examples#Router_configuration

Thanks
Thanks.
by
Hi Ahmed,

I was out for couple of days. Thanks again for your answer.

The RUTX Lan is: 192.168.3.0/24

The UDM LAN is: 192.168.1.0/24

UDM VPN LAN: 192.168.10.0/24

Tried both UDM LANs without any change in the result.
by
I am trying to do the same,
Did you end up getting this setup working?
by
Hi askerman,

I kinda got it working. The RUTX as VPN client does still not work. So I set up a site2site with IPSec. That didn’t work at the beginning because the UDM somehow gets confused if there are two IPSec servers configured. In my case one ipsec/l2tp server and one site2site ipsec for the RUTX. So I turned off the UDM IPSec/L2TP server and left only the site2site on. That worked immediately like a charm. If you are interested I can post the confit on both sides.

Now I have just to find a way to get the IPSec/l2tp server working again on the UDM. Seems that both, unify and Teltonika, have their flaws making this simple task almost impossible.
by
Awesome, thank you for the info and a direction to go.
If you could post the config that would be amazing.
by

Sure, here you go! 

On UDM side:

On RURX side:

and proposal settings

Phase 1 and 2 are identical. I have nothing changed in the Advanced settings.

Hope that helps