VPN Connection not visible in L2TP VPN- config

kelmi
kelmi Posts: 29  Freshman Member
First Comment Friend Collector Sixth Anniversary
edited August 2022 in Security
Hello,

USG40, latest 4.72 AALA.0 firmware. L2TP VPN screen does not show the IPSec VPN connections. Even if those and VPN GW have been configured with Wizard. And they work. I'm able to make the VPN connection from my iPhone, data goes through VPN, no problems at all. Only the L2TP VPN screen is having this issue. Picture attached what I mean. The screen submit button is grey. I cannot enable or disable "L2TP over IPSec" Obviously, it seems to be enabled.  

Is this a bug in the Firmware or what? 

I have been masking the First DNS Sever out, that's why it's blank. 

Thank's for your help. 


Best Answers

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓
    Hi @kelmi,
    It is caused by selection of Mode Config. The symptom is the same as this discussion.

    Please go to IPSec VPN > VPN Connection > RemoteAccess_L2TP_Wiz > Mode Config.
    Turn off "Enable Mode Config". Mode Config is for software IPSec VPN client (the green bow client).


    Then you can find it appears on the drop-down list of L2TP > VPN Connection. On this page, IP Address Pool assigns IP addresses to L2TP VPN clients, so you don't need to configure Mode Config in VPN Connection > RemoteAccess_L2TP_Wiz.


  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓
    Please go to IPSec VPN > VPN Connection > [Your VPN Connection for L2TP VPN] > Mode Config.
    Make sure "Enable Mode Config" is turned off. Then you should be able to find it appears on the drop-down list of L2TP > VPN Connection. If it is still not working, please send the startup-config.conf of your ATP to me in private message. 

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @kelmi,
    I use wizard to create L2TP VPN configuration on USG40 with firmware 4.72(AALA.0) but the issue doesn't not happen. You can upgrade USG40 to 4.72WK28 and check if the issue is resolved. If the issue still exists, please send the startup-config.conf of USG40 to me in private message.  





  • kelmi
    kelmi Posts: 29  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Hello,

    I was making the update. No, it does not solve the issue. It is actually now worse, as L2TP over IPSec is now Disabled and I cannot enable it, because of missing VPN Connection from the drop menu. Hmmmmmmmm. Not good. 
  • kelmi
    kelmi Posts: 29  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Hello again,

    After the firmware update, when I run the Wizard again, L2TP VPN over IPSec is now in Enabled state. Even if the Apply- button is still grey and there is "none" in the VPN Connection- drop down menu.....


    Kelmi

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓
    Hi @kelmi,
    It is caused by selection of Mode Config. The symptom is the same as this discussion.

    Please go to IPSec VPN > VPN Connection > RemoteAccess_L2TP_Wiz > Mode Config.
    Turn off "Enable Mode Config". Mode Config is for software IPSec VPN client (the green bow client).


    Then you can find it appears on the drop-down list of L2TP > VPN Connection. On this page, IP Address Pool assigns IP addresses to L2TP VPN clients, so you don't need to configure Mode Config in VPN Connection > RemoteAccess_L2TP_Wiz.


  • kelmi
    kelmi Posts: 29  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Thank's

    This solves the problem. 
    However, I think, there is an issue in the GUI. The reason being, if the other window tick-in-the-box will create a situation
    a) You don't know which IPSec profile is used by L2TP VPN
    b) You don't know if the IPSec or L2TP profiles are active or not

    So, something to think about in the VPN GUI logic, I think.

    Regards 
    Kelmi

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @kelmi,
    Thanks for your suggestion. It is not quite clear for users to configure and select VPN connection in L2TP VPN. We will add extra note in the L2TP VPN setting of Web Help and User Guide (firmware version 5.32) to help users configure and select VPN connection for L2TP VPN correctly. 

    In the current design of VPN Connection of L2TP VPN, it only shows the VPN connection that meets the following requirements:
    - Remote Access (Server Role)
    - Use transport mode
    - Configuration Payload (Mode Config)/X-Auth is disable 

    New Description: 
    Select the IPSec VPN connection the Zyxel Device uses for L2TP VPN. It only shows the VPN connection that meets the following requirements:
    - Remote Access (Server Role)
    - Use transport mode
    - Configuration Payload/X-Auth is disable 

    In additional, you must to check your VPN setting to meet the requirements list in IPSec Configuration Required for L2TP VPN:
    - Be enabled
    - Remote Access (Server Role)
    - Use transport mode
    - Configuration Payload/X-Auth is disable 
    - Use Pre-shared key authentication
     
  • Same problem with ATP firewalls.
    Any suggestion?
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓
    Please go to IPSec VPN > VPN Connection > [Your VPN Connection for L2TP VPN] > Mode Config.
    Make sure "Enable Mode Config" is turned off. Then you should be able to find it appears on the drop-down list of L2TP > VPN Connection. If it is still not working, please send the startup-config.conf of your ATP to me in private message. 

Security Highlight