Weird L2TP+IPsec VPN issue on ER605v1

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Weird L2TP+IPsec VPN issue on ER605v1

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Weird L2TP+IPsec VPN issue on ER605v1
Weird L2TP+IPsec VPN issue on ER605v1
2023-06-14 02:49:21 - last edited 2023-06-20 01:14:36
Hardware Version: V1
Firmware Version: 1.2.3beta

I've had some issues with my site-site connectivity recently, tunnel is up, IP based connections between sites are fine, but other connections (like local IOT to cloud) are not working.  I noticed this in the local logs:

 

Router-52-BE: L2TP Client XXX connected to the server successfully. (Local IP:10.10.10.1, peer:172.31.126.1, DNS1:0.0.0.0, DNS2:0.0.0.0, MTU:1400.) 

 

and I wondered if that's normal, having 0.0.0.0 set as the DNS servers in the logs?  I will do more debugging when I get back out to site, but it would explain a lot.

<< Paying it forward, one juicy problem at a time... >>
  0      
  0      
#1
Options
1 Accepted Solution
Re:Weird L2TP+IPsec VPN issue on ER605v1-Solution
2023-06-17 22:30:23 - last edited 2023-06-20 01:14:36
I was able to resolve by adding a static route at the VPN server end, for the subnet that had a policy route at the client end via the VPN tunnel. I didn't used to have to do that.
<< Paying it forward, one juicy problem at a time... >>
Recommended Solution
  0  
  0  
#5
Options
4 Reply
Re:Weird L2TP+IPsec VPN issue on ER605v1
2023-06-15 06:45:05

Hello @d0ugmac1

 

Could you describe simply your Network Layout? Did you use 2 ER605 V1 to set the site-site IPsec VPN?

Did you set one side to access the internet (full mode) through the L2TP VPN tunnel on the ER605 V1?

Where are the IOT devices located?

 

And it is normal that the DNS to show 0.0.0.0, it won't affect the data transmission.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:Weird L2TP+IPsec VPN issue on ER605v1
2023-06-15 20:23:57 - last edited 2023-06-15 20:24:21

ER605v1 (1.2.3beta, server) <--> ER605v1 (1.3.0, client)

 

Both modems are bridged, so WAN ports have public IPs. Both have second WAN ports configured, but no active connection at this time. General connectivity between them is fine, and everything worked for over a year with 1.2.2 or earlier firmwares.

 

Recently, and I don't know if it is firmware, or the fact that I'm running my 605 to the point that it runs out of memory, but I've lost one specific function. The function that stopped running is a client-side VLAN (port and SSID) with a policy route via the L2TP tunnel endpoint. It was configured as a guest network (I have changed that recently but no impact). I have reset the client router, no change.

 

Symptoms are that the client gets a suitable IP for the VLAN, but can no longer reach the internet via the far end router.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#3
Options
Re:Weird L2TP+IPsec VPN issue on ER605v1
2023-06-16 03:34:45

Hi @d0ugmac1,

 

To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID230624642 , please check your email box and ensure the support email is well received. Thanks!

Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.

 

Many thanks for your great cooperation and patience!

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#4
Options
Re:Weird L2TP+IPsec VPN issue on ER605v1-Solution
2023-06-17 22:30:23 - last edited 2023-06-20 01:14:36
I was able to resolve by adding a static route at the VPN server end, for the subnet that had a policy route at the client end via the VPN tunnel. I didn't used to have to do that.
<< Paying it forward, one juicy problem at a time... >>
Recommended Solution
  0  
  0  
#5
Options

Information

Helpful: 0

Views: 543

Replies: 4

Related Articles