Business Community > Controllers > L2TP C2S Issues after updating OC200 to v6
< Controllers

L2TP C2S Issues after updating OC200 to v6

L2TP C2S Issues after updating OC200 to v6

L2TP C2S Issues after updating OC200 to v6
L2TP C2S Issues after updating OC200 to v6
Wednesday
Tags: #Controller #Firmware Update #VPN
Model: OC200  
Hardware Version: V1
Firmware Version: 1.37.11 Build 20251201 Rel.43290

Hi!

Just wanted to warn everyone with L2TP Client-to-Site VPN on v5 - we lost our VPN endpoint configuration and all users during update to v6.0.0.36 (hence we got VLAN for VPN autogenerated after update). No worries, we re-created endpoint and users - but we got another error: when client is trying to connect from native windows client, connection gets rejected with error "The PPP link control protocol was terminated". We got log entry:

Gateway PPP Module Information

WAN2: Can not get remote ip for peer: terminating link!

Tweaking auth protocols (and other client-sided settings) didn't affect success rate.

Out of curiosity, we changed client name, removing . (dot) so "surname.n" login became "surname" and - et voila - everything works fine. That's VERY frustrating, at first we stumbled upon lack of Windows AD support, now we lost our configuration during update and even after re-creation from scratch we are not allowed to use special characters anymore, which means we should reach out to every user to change their login (or to wait for fix). That's not handy at all :(

 

 

 

  1      
 
  1      
 
#1
Options
4 Reply
Re:L2TP C2S Issues after updating OC200 to v6
Yesterday

  @z0d1ac Would you be able to share your Client to Site settings (minimizing any sensitive information like public IP addresses) so we can try to replicate the issue? 

  0  
  0  
#2
Options
Re:L2TP C2S Issues after updating OC200 to v6
Yesterday

@NeilR_M sure, thanks for your interest!
Omada settings:
Network Settings -> VPN
Name: Example
Enabled: True
Purpose: Client-to-Site VPN
VPN type: VPN Server - L2TP
IPsec Encryption: Encrypted
Authentication Mode: Local
Local Network Type: Network
Local Networks: LAN
Pre-Shared Key: ••••••••••••••••••
WAN: WAN2
IP Pool Type: IP Address/Mask
IP Pool: 192.168.143.1/24
Primary DNS Server: 192.168.141.20
Secondary DNS Server: 192.168.141.10

Network Settings -> VPN User
Username: example.e
Password: ••••••••••
VPN Type: L2TP/PPTP
VPN Server: L2TP Server-Example
Local IP Address: . . .
Mode: Client
Maximum Connections: 2
(this user won't connect)
 

Username: second
Password: ••••••••••
VPN Type: L2TP/PPTP
VPN Server: L2TP Server-Example
Local IP Address: . . .
Mode: Client
Maximum Connections: 2
(this user works fine)

Windows 10/11 settings
Network & internet -> VPN
Connection name: Example

Server name or address: <WAN IP Address>
VPN type: L2TP/IPsec with pre-shared key
Pre-shared key: ••••••••••••••••••
Type of sign-in info: Username and password
Username: example.e
Password: ••••••••••

Network & internet -> VPN -> More VPN properties
Options: PPP Settings: Enable LCP extensions
Security: Data encryption: Require encryption (disconnect if server declines)
Authentication: Allow these protocols: Unencrypted password (PAP); Microsoft CHAP Version 2 (MS-CHAP v2)

Connection error on client side:
"The PPP link control protocol was terminated"
Omada log entries:
Gateway IPsec Module Information
WAN2: Phase 1 of IKE negotiation succeeded. (Peers=<WAN IP Address><-><Client NAT IP>)
Gateway IPsec Module Information
WAN2: IKE negotiation began in responder mode. (Mode=Main Mode, Peers=<WAN IP Address><-><Client NAT IP>)    
Gateway IPsec Module Information
WAN2: Phase 2 of IKE negotiation succeeded. (Peers=<WAN IP Address><-><Client NAT IP>)
Gateway PPP Module Information
WAN2: Can not get remote ip for peer: terminating link!

  0  
  0  
#3
Options
Re:L2TP C2S Issues after updating OC200 to v6
Yesterday

  @z0d1ac I tested on an ER7206 with software controller v6.0.0.25 and settings including special characters in the username had no issues. What Gateway are you using? Can you provide the firmware of the gateway as well? 

  0  
  0  
#4
Options
Re:L2TP C2S Issues after updating OC200 to v6
21 hours ago

  @NeilR_M sure!

ER7206 as well, running firmware 2.2.3 build 20250723 rel. 05551. 

  0  
  0  
#5
Options

Information

Helpful: 1

Views: 70

Replies: 4

Tags

Controller Firmware Update VPN
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.