nested user group not working for l2tp authentication

SiSZyComm

Hello

IMHO nested user groups do not work for L2TP authentication. Let me explain:

Say I have 4 users:

• l2tpUserHome1
• l2tpUserHome2
• l2tpUserWork1
• l2tpUserWork2

and the following groups:

• l2tpGroupHome containing users l2tpUserHome1, l2tpUserHome2
• l2tpGroupWork containing users: l2tpUserWork1, l2tpUserWork2
• l2tpGroupAllowed containing the groups l2tpGroupHome, l2tpGroupWork

If I set Configuration > VPN > L2TP VPN > "Allowed User:" to "l2tpGroupAllowed" the L2TP Authentication fails with an error message (for chronological order read from bottom to top):

Although I got before the following success message:
Dynamic Tunnel [XXXX:YYYY:0x124567a] built successfully

(same color = same text)

If I configure e.g. "l2tpGroupHome" or "l2tpGroupWork" for "Allowed User" in the L2TP VPN configuration the "authentication" works (vpn tunnel is established).As soon as I switch back to "l2tpGroupAllowed" there is no tunnel established. I doesn't matter which user I user - none work. 

We need those groups to block e.g. l2tp user from "l2tpGroupHome" to access LAN1 interface or a special IP-range.

Any idea what the problem is?

The firewall is a USG210 with V4.39(AAPI.0)
As client I use the built-in Windows 10 L2TP vpn client.

Zyxel_James

SiSZyComm
I cannot reproduce this behavior.
I have the same user group settings.

And create L2TP VPN configure via Quick Setup and then change the Allowed User to l2tpGroupAllowed

The result is a sccuess


Could you upgrade to the latest firmware version V4.73 and try again? thanks.

James