Enabling L2TP VPN server breaks outbound L2TP

Enabling L2TP VPN server breaks outbound L2TP

Enabling L2TP VPN server breaks outbound L2TP
Enabling L2TP VPN server breaks outbound L2TP
2024-07-19 17:31:06 - last edited 2024-07-19 17:48:45
Model: Deco  
Hardware Version: V1
Firmware Version: 1.0.7 Build 20240322 Rel. 57053

Just got a Deco BE63 setup a couple days ago. (For some reason the BE63 wasn't in the Model dropdown on the forum.)

 

Running the latest firmware as of this writing.

 

I enabled L2TP VPN server since I used that solution with my past setup to VPN into my home. No issues with that, but this morning I discovered that while I'm at home behind my shiny new Deco, my laptop will no longer establish outbound L2TP VPN connections to other locations. I'm using the Windows-native VPN component, and connections fail with the message "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer."

 

If I disable the Deco's L2TP VPN server (switching Status to off, not deleting the whole config), I can immediately establish outbound L2TP connections successfully. When I re-enable the L2TP config on the Deco, the ability to start outbound L2TP connections stops working within a few minutes.

 

I do not want to switch to using a PPTP or OpenVPN server profile on the Deco, nor use the Deco's L2TP VPN client functionality to stand up VPN tunnels to remote sites that will be available to my whole network.

 

Please fix this. I've spent 15 years in IT, so I'm happy to provide any additional infoamtion or peform any requested tests to help get this resolved.

  1      
  1      
#1
Options
6 Reply
Re:Enabling L2TP VPN server breaks outbound L2TP
2024-07-19 19:01:37

As another data point, my iPhone (iOS 17.5.1) and my iPad (iPadOS 17.5.1) are both able to establish outbound L2TP VPN connections even when the Deco's L2TP VPN server is enabled. So the issue may be specific to the native L2TP VPN functionality built into Windows 11. I don't have other VPN client software to test right now.

  0  
  0  
#2
Options
Re:Enabling L2TP VPN server breaks outbound L2TP
2024-07-24 09:55:39

  @jphughan 

Hi, Thanks for the feedback.

Apart from Deco BE63, Is there another router in front of Deco that connects to the ISP cable/Fiber modem?

Are you able to test on another windows computer to see whether you could reproduce the same issue?

 

By the way, Can you send an email to support.usa@tp-link.com with some basic configuration details of the remote L2TP VPN server?

Wait for your reply and best regards.

 

  0  
  0  
#3
Options
Re:Enabling L2TP VPN server breaks outbound L2TP
2024-07-24 13:44:40

  @David-TP 

 

Thanks for the reply. The only Windows devices I have available are two Windows 11 systems (no earlier Windows versions unless I use VMs), and I can reproduce this issue on both of those devices.

 

The remote L2TP VPN server is a Ubiquiti UniFi Dream Machine Pro, running UniFi Network 8.3.32, which is the latest available as of this writing. There isn't anything complicated about the L2TP VPN server setup there. All I had to do was enable VPN Server, select L2TP, provide a pre-shared key, and create username/password credentials. It's very similar to the VPN server setup experience on Deco, actually. The UniFi Network interface does have some other options available under the Advanced section, but I have that set to Auto, so all of those changes are grayed out.

 

That UniFi VPN server configuration allows me to connect from Windows and iOS/iPadOS clients, except in the scenario I have described in my earlier posts.

 

Should I still send this to the email address you provided?

  1  
  1  
#4
Options
Re:Enabling L2TP VPN server breaks outbound L2TP
2024-07-25 01:39:59

  @jphughan 

Hi, thank you very much for the update.

There is no need for further configuration details about the Ubiquiti  L2TP VPN server and I'm sure the engineer can find them independently.

The case has been escalated to the engineers. Please check later for more suggestions.

Best regards.

 

 

  0  
  0  
#5
Options
Re:Enabling L2TP VPN server breaks outbound L2TP
2024-08-15 15:48:12 - last edited 2024-08-15 15:49:20

Quick update. TP-Link Support contacted me to perform some remote control troubleshooting, complete with Wireshark packet captures, SSH sessions to the main router and satellite unit, etc. So far we've had two such sessions, each lasting more than 2 hours -- but they were productive!

 

The first session confirmed that this was indeed a bug, and the tech found a temporary configuration workaround, which appeared to be disabling hardware acceleration/offload. The second session included TP-Link's R&D engineers, who did further digging and tweaking to isolate the underlying cause. At the end of the session, they said they now understood what was going on, and expected to have a patched firmware for me within a few days. If that worked out, they would plan to incorporate that fix into a future production firmware release.

 

Have to say, as my first experience with TP-Link's products and their support, I am extremely impressed. I spent 15 years in various Windows IT roles, so this isn't my area of expertise, but I know knowledgeable techs and competent troubleshooting, and dedication to the task when I see it. And I definitely saw it with TP-Link.

 

Special thanks to Parker at TP-Link Support! :)

  0  
  0  
#6
Options
Re:Enabling L2TP VPN server breaks outbound L2TP
2024-08-16 03:16:17

The test firmware that I received solves this issue. smiley

  0  
  0  
#7
Options