Support Center > Search Results > SecureKnowledge Details
After installation of R76 / upgrade to R76, users are unable to establish connection with L2TP to Security Gateway Technical Level
Symptoms
  • After upgrade to R76, VPN functionality (Site-to-Site, Client-to-Site) is fine, but L2TP does not work.

  • $FWDIR/log/vpn.elg file under debug shows a successful creation of IPSec SA (both Phase 1 and Phase 2 of IKE are completed), and If NAT is used, there will also be a failed Phase 2 coming from from Security Gateway towards the connecting client.

  • $FWDIR/log/ike.elg file under debug shows the following flow:

    MM started by client
    QM started by client (physical IP address of Client -> external IP address of the VPN Gateway)
    QM started by VPN Gateway (internal IP address of the VPN Gateway -> NATed IP address of the Client)
    MM Delete sent by the Client
    
Cause

Incorrect NAT occurs when returning packets to the client.

Quick Mode started by the VPN Gateway is incorrect, so client deletes the whole SA.

VPND daemon is listening on port 1701 on the first interface (eth0), which is internal. The issue is with a kernel table 'udp_response_nat', which is responsible for NATing the L2TP packets in case they are sent to an IP address, on which the VPND daemon is not listening.


Solution
Note: To view this solution you need to Sign In .