Problems connecting to L2TP on a USG40 through mobile connection

Posts: 40  Freshman Member
First Comment Friend Collector Sixth Anniversary
edited April 2021 in Security
I'm facing a strange issue with a USG40 and L2TP connection from multiple and different devices (computers, tablets, mobile phones...).
When a person tries to connect to the L2TP VPN with any compatible device connected to a WiFi network it works perfectly and the connection can be established but when it comes to use the same devices connected through mobile 3G or 4G connection it never works and if I look to the VPN connection log IKE Phase 1 stops at "Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID]". Is there any setting I can check on the USG to overcome this problem or it's a known limitation of mobile connections?

Thank you



It looks like you're new here. If you want to get involved, click on this button!

All Replies

  • Posts: 1,386  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @kaika313  

    Some of ISP may deny VPN connection in 3G/4G network.

    But for clarify the reason of connection fail, need to check the log on USG.

    Can you share screenshot of USG IKE logs?

    Maybe it will show connection fail reason.

  • Posts: 40  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Hi @Zyxel_Stanley

    I've also tried with different ISPs with the same result. So I thought that it could be that I've missed or made mistakes with settings. Attached you'll find the log with the comparison between WiFi connection where everything goes right and after the connection with the same device but using ISP connection. Red text is where the connection stuck.

    Thank you
  • Posts: 1,386  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @kaika313

    Thanks for shared the IKE log from USG.

    You can compare the log when client connecting the tunnel by 3G/4G connection.

    USG did not receive packets when negotiating the IKE in phase 1. (in step#5).

    The negotiation packets may lost in Internet or dropped by ISP.

  • Posts: 40  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Hi @Zyxel_Stanley,

    thank you for your reply. So, the short answer is that there's nothing I could do to overcome this problem...?

    Thank you
  • Posts: 1,386  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @kaika313  

    If the packet is lost in internet or ISP, then VPN is unable establish in this environment.

    You can double confirm with your ISP if L2TP VPN connection is allowed in 3G/4G network.

  • Posts: 40  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Hi @Zyxel_Stanley,

    ok, it happens with different ISPs so to overcome this issue we're testing SSL VPN when connecting through 3G/4G network as it seems to work without issues.

    Thank you for your support



It looks like you're new here. If you want to get involved, click on this button!


It looks like you're new here. If you want to get involved, click on this button!