USG FLEX 100 does not receive DPD_ACK from remote linux client l2tp

Options
Hello, any help solving the below problem is appreciated

1. usg flex 100 <->nat<->internet<->nat<->android 10 client (working)
2. usg flex 100 <->nat<->internet<->nat<->ubuntu 20.04 client (not working)
2.a. symptoms:
2.a.1 R_U_THERE (DPD) from usg flex 100 are received and answers are send (but never received)
Oct 10 20:49:37 Asteroid charon: 13[NET] received packet: from public server ip [4500] to client eth0 ip [4500] (84 bytes)
Oct 10 20:49:37 Asteroid charon: 13[ENC] parsed INFORMATIONAL_V1 request 289605295 [ HASH N(DPD) ]
Oct 10 20:49:37 Asteroid charon: 13[ENC] generating INFORMATIONAL_V1 request 587882178 [ HASH N(DPD_ACK) ]
Oct 10 20:49:37 Asteroid charon: 13[NET] sending packet: from client eth0 ip[4500] to public server ip[4500] (92 bytes)
2.a.2 port 4500 is forwarded trough nat to usg flex 100 and nmap resolve to: 
2.a.2.a 4500/udp open|filtered nat-t-ike
2.a.2.b 4500/tcp filtered sae-urn
2.a.3 usg flex event log shows that no ack packages are received (but for the working android client the ack packages are received)
2.a.3 connection is aborted by usg flex because it believes peer is dead
2.a.4 there are also some problems with:
2.a.4.a Oct 10 20:50:19 Asteroid NetworkManager[41945]: xl2tpd[41945]: check_control: Received out of order control packet on tunnel 19991 (got 3, expected 4)
2.a.4.b Oct 10 20:50:19 Asteroid NetworkManager[41945]: xl2tpd[41945]: handle_control: bad control packet!


All Replies

  • Zyxel_James
    Zyxel_James Posts: 618  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    We will check on this and keep you updated as soon as possible, please wait patiently, thank you.

    James
  • Zyxel_James
    Zyxel_James Posts: 618  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    I'm able to connect to USG FLEX 100 V5.31 L2TP VPN with ubuntu 20.04


    Please refer to my VPN configuration. As for USG FLEX 100, I set it up via Quick Setup Wizard.

    root@lab:~# cat /etc/ipsec.conf


    root@lab:~# cat /etc/ipsec.secrets


    root@usg:~# cat /etc/xl2tpd/xl2tpd.conf


    root@lab:~# cat /etc/ppp/options.l2tpd.client



    Morever,
    May I know your USG FLEX 100 firmware version?
    Could you collect VPN logs from Monitor > Log > View Log, after referring to my l2tp configuration?
    Thank you.

    James

Security Highlight