USG FLEX 100 does not receive DPD_ACK from remote linux client l2tp
Options
sometimes_admin_2022
Posts: 1
in Security
Hello, any help solving the below problem is appreciated
1. usg flex 100 <->nat<->internet<->nat<->android 10 client (working)
2. usg flex 100 <->nat<->internet<->nat<->ubuntu 20.04 client (not working)
2.a. symptoms:
2.a.1 R_U_THERE (DPD) from usg flex 100 are received and answers are send (but never received)
1. usg flex 100 <->nat<->internet<->nat<->android 10 client (working)
2. usg flex 100 <->nat<->internet<->nat<->ubuntu 20.04 client (not working)
2.a. symptoms:
2.a.1 R_U_THERE (DPD) from usg flex 100 are received and answers are send (but never received)
Oct 10 20:49:37 Asteroid charon: 13[NET] received packet: from public server ip [4500] to client eth0 ip [4500] (84 bytes)
Oct 10 20:49:37 Asteroid charon: 13[ENC] parsed INFORMATIONAL_V1 request 289605295 [ HASH N(DPD) ]
Oct 10 20:49:37 Asteroid charon: 13[ENC] generating INFORMATIONAL_V1 request 587882178 [ HASH N(DPD_ACK) ]
Oct 10 20:49:37 Asteroid charon: 13[NET] sending packet: from client eth0 ip[4500] to public server ip[4500] (92 bytes)
2.a.2 port 4500 is forwarded trough nat to usg flex 100 and nmap resolve to:
2.a.2.a 4500/udp open|filtered nat-t-ike
2.a.2.b 4500/tcp filtered sae-urn
2.a.3 usg flex event log shows that no ack packages are received (but for the working android client the ack packages are received)
2.a.3 connection is aborted by usg flex because it believes peer is dead
2.a.4 there are also some problems with:
2.a.2 port 4500 is forwarded trough nat to usg flex 100 and nmap resolve to:
2.a.2.a 4500/udp open|filtered nat-t-ike
2.a.2.b 4500/tcp filtered sae-urn
2.a.3 usg flex event log shows that no ack packages are received (but for the working android client the ack packages are received)
2.a.3 connection is aborted by usg flex because it believes peer is dead
2.a.4 there are also some problems with:
2.a.4.a Oct 10 20:50:19 Asteroid NetworkManager[41945]: xl2tpd[41945]: check_control: Received out of order control packet on tunnel 19991 (got 3, expected 4)
2.a.4.b Oct 10 20:50:19 Asteroid NetworkManager[41945]: xl2tpd[41945]: handle_control: bad control packet!
0
All Replies
-
Hello @sometimes_admin_2022,We will check on this and keep you updated as soon as possible, please wait patiently, thank you.James0
-
Hello @sometimes_admin_2022,I'm able to connect to USG FLEX 100 V5.31 L2TP VPN with ubuntu 20.04
Please refer to my VPN configuration. As for USG FLEX 100, I set it up via Quick Setup Wizard.
root@lab:~# cat /etc/ipsec.conf
root@lab:~# cat /etc/ipsec.secrets
root@usg:~# cat /etc/xl2tpd/xl2tpd.conf
root@lab:~# cat /etc/ppp/options.l2tpd.client
Morever,
May I know your USG FLEX 100 firmware version?
Could you collect VPN logs from Monitor > Log > View Log, after referring to my l2tp configuration?
Thank you.
James0
Zyxel Employee
Categories
- All Categories
- 413 Beta Program
- 2.3K Nebula
- 192 Nebula Ideas
- 87 Nebula Status and Incidents
- 5.3K Security
- 142 USG FLEX H Series
- 253 Security Ideas
- 1.3K Switch
- 75 Switch Ideas
- 993 Wireless
- 51 Wireless Ideas
- 6.1K Consumer Product
- 231 Service & License
- 362 News and Release
- 74 Security Advisories
- 23 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 101 About Community
- 67 Security Highlight
