Problems connecting to L2TP on a USG40 through mobile connection

kaika313
kaika313 Posts: 31  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Hello,
I'm facing a strange issue with a USG40 and L2TP connection from multiple and different devices (computers, tablets, mobile phones...).
When a person tries to connect to the L2TP VPN with any compatible device connected to a WiFi network it works perfectly and the connection can be established but when it comes to use the same devices connected through mobile 3G or 4G connection it never works and if I look to the VPN connection log IKE Phase 1 stops at "Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID]". Is there any setting I can check on the USG to overcome this problem or it's a known limitation of mobile connections?

Thank you

Kari

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @kaika313  

    Some of ISP may deny VPN connection in 3G/4G network.

    But for clarify the reason of connection fail, need to check the log on USG.

    Can you share screenshot of USG IKE logs?

    Maybe it will show connection fail reason.

  • kaika313
    kaika313 Posts: 31  Freshman Member
    First Anniversary Friend Collector First Comment
    Hi @Zyxel_Stanley

    I've also tried with different ISPs with the same result. So I thought that it could be that I've missed or made mistakes with settings. Attached you'll find the log with the comparison between WiFi connection where everything goes right and after the connection with the same device but using ISP connection. Red text is where the connection stuck.

    Thank you
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @kaika313

    Thanks for shared the IKE log from USG.

    You can compare the log when client connecting the tunnel by 3G/4G connection.

    USG did not receive packets when negotiating the IKE in phase 1. (in step#5).

    The negotiation packets may lost in Internet or dropped by ISP.


  • kaika313
    kaika313 Posts: 31  Freshman Member
    First Anniversary Friend Collector First Comment
    Hi @Zyxel_Stanley,

    thank you for your reply. So, the short answer is that there's nothing I could do to overcome this problem...?

    Thank you
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @kaika313  

    If the packet is lost in internet or ISP, then VPN is unable establish in this environment.

    You can double confirm with your ISP if L2TP VPN connection is allowed in 3G/4G network.

  • kaika313
    kaika313 Posts: 31  Freshman Member
    First Anniversary Friend Collector First Comment
    Hi @Zyxel_Stanley,

    ok, it happens with different ISPs so to overcome this issue we're testing SSL VPN when connecting through 3G/4G network as it seems to work without issues.

    Thank you for your support

    Kari

Security Highlight