Page 1 of 1

VPN Server does not respond to requests from L2TP clients

Posted: Mon Apr 29, 2024 7:59 pm
by fmobile
Periodically my server (v4.43-9799 on Ubuntu 22.04.4) has an issue with clients connecting via L2TP over IPsec protocol. The issue is the same for Windows, MacOS and iOS L2TP clients.
I have checked the Softether VPN Client on Windows, and it works fine at the same time while L2TP clients are unable to connect.
Secure NAT is fully disabled.
"Raw L2TP with No Encryptions" and "EtherIP / L2TPv3 over IPsec server" options are disabled always.
Also I detected that the re-enabling of L2TP server fixes the issue.

Please look my logs below:
The issue is seen in server_log_vpn at 09:45:08 - 09:45:41.
At 09:45:57 I have disabled the L2TP server by disabling the "L2TP over IPsec" option and then at 09:46:02 I enabled the "L2TP over IPsec" option again.
Once I had re-enabled the "L2TP over IPsec" option the L2TP clients were able to connect to the server again.

Is there any commands / traces or whatever to understand what happens with the server, that it is not able to reply to L2TP clients?

Code: Select all

security_log_VPN_sec

2024-04-27 09:17:22.873 Session "SID-TOBEX-475": The session has been terminated. The statistical information is as follows: Total outgoing data size: 7744411173 bytes, Total incoming data size: 300414674 bytes.
2024-04-27 09:46:22.135 The connection "CID-4793" (IP address: 178.33.3.37, Host name: 178.33.3.37, Port number: 1701, Client name: "L2TP VPN Client", Version: 4.43, Build: 9799) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "RETRO".
2024-04-27 09:46:22.135 Connection "CID-4793": Successfully authenticated as user "RETRO".
2024-04-27 09:46:22.135 Connection "CID-4793": The new session "SID-RETRO-[L2TP]-486" has been created. (IP address: 178.33.3.37, Port number: 1701, Physical underlying protocol: "Legacy VPN - L2TP")
2024-04-27 09:46:22.135 Session "SID-RETRO-[L2TP]-486": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2024-04-27 09:46:22.135 Session "SID-RETRO-[L2TP]-486": VPN Client details: (Client product name: "L2TP VPN Client", Client version: 443, Client build number: 9799, Server product name: "SoftEther VPN Server (64 bit)", Server version: 443, Server build number: 9799, Client OS name: "L2TP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "iPhoneY", Client IP address: "178.33.3.37", Client port number: 1701, Server host name: "192.168.88.33", Server IP address: "192.168.88.33", Server port number: 1701, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "C03CF091D4CADAD225AE9BA44E5C19C3")
2024-04-27 09:46:23.159 Session "SID-LOCALBRIDGE-1": The DHCP server of host "18-FD-74-3C-C1-FA" (192.168.15.101) on this session allocated, for host "SID-RETRO-[L2TP]-486" on another session "CA-4C-29-D9-E7-34", the new IP address 192.168.88.100.
2024-04-27 09:51:28.347 Session "SID-RETRO-[L2TP]-486": The session has been terminated. The statistical information is as follows: Total outgoing data size: 7594020 bytes, Total incoming data size: 408618 bytes.




server_log_vpn

2024-04-27 09:17:22.904 The connection with the client (IP address 104.104.204.194, Port number 53927) has been disconnected.
2024-04-27 09:45:08.646 IPsec Client 666 (178.33.3.37:500 -> 192.168.88.33:500): A new IPsec client is created.
2024-04-27 09:45:08.646 IPsec IKE Session (IKE SA) 731 (Client: 666) (178.33.3.37:500 -> 192.168.88.33:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x713E4507B3F44A76, Responder Cookie: 0xD6BF5CC2FA7B577A, DH Group: MODP 2048 (Group 14), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2024-04-27 09:45:08.909 IPsec Client 666 (178.33.3.37:4500 -> 192.168.88.33:4500): The port number information of this client is updated.
2024-04-27 09:45:18.772 IPsec Client 666 (178.33.3.37:4500 -> 192.168.88.33:4500): This IPsec Client is deleted.
2024-04-27 09:45:18.772 IPsec IKE Session (IKE SA) 731 (Client: 666) (178.33.3.37:4500 -> 192.168.88.33:4500): This IKE SA is deleted.
2024-04-27 09:45:18.964 IPsec Client 667 (178.33.3.37:4500 -> 192.168.88.33:4500): A new IPsec client is created.
2024-04-27 09:45:29.425 IPsec Client 667 (178.33.3.37:4500 -> 192.168.88.33:4500): This IPsec Client is deleted.
2024-04-27 09:45:30.479 IPsec Client 668 (178.33.3.37:4500 -> 192.168.88.33:4500): A new IPsec client is created.
2024-04-27 09:45:41.599 IPsec Client 668 (178.33.3.37:4500 -> 192.168.88.33:4500): This IPsec Client is deleted.
2024-04-27 09:45:47.042 On the TCP Listener (Port 0), a Client (IP address 178.33.3.37, Host name "178.33.3.37", Port number 51113) has connected.
2024-04-27 09:45:47.042 For the client (IP address: 178.33.3.37, host name: "178.33.3.37", port number: 51113), connection "CID-4792" has been created.
2024-04-27 09:45:47.154 SSL communication for connection "CID-4792" has been started. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2024-04-27 09:45:47.275 Connection "CID-4792" connected using server admin mode.
2024-04-27 09:45:47.275 Connection "CID-4792" successfully logged in using administration mode.
2024-04-27 09:45:47.275 Connection "CID-4792" created a new remote procedure call session "RPC-69" for the purpose of administration mode.
2024-04-27 09:45:57.199 Administration mode [RPC-69]: The IPsec server setting has been updated.
2024-04-27 09:46:02.146 Administration mode [RPC-69]: The IPsec server setting has been updated.
2024-04-27 09:46:20.564 IPsec Client 669 (178.33.3.37:500 -> 192.168.88.33:500): A new IPsec client is created.
2024-04-27 09:46:20.564 IPsec IKE Session (IKE SA) 732 (Client: 669) (178.33.3.37:500 -> 192.168.88.33:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x83DC30125E569547, Responder Cookie: 0xD4968465591E2409, DH Group: MODP 2048 (Group 14), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2024-04-27 09:46:20.949 IPsec Client 669 (178.33.3.37:4500 -> 192.168.88.33:4500): The port number information of this client is updated.
2024-04-27 09:46:20.949 IPsec Client 669 (178.33.3.37:4500 -> 192.168.88.33:4500): 
2024-04-27 09:46:20.949 IPsec IKE Session (IKE SA) 732 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): This IKE SA is established between the server and the client.
2024-04-27 09:46:21.578 IPsec IKE Session (IKE SA) 732 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): The client initiates a QuickMode negotiation.
2024-04-27 09:46:21.578 IPsec ESP Session (IPsec SA) 465 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xE77177D6, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2024-04-27 09:46:21.578 IPsec ESP Session (IPsec SA) 465 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x5BC88B1, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2024-04-27 09:46:21.740 IPsec ESP Session (IPsec SA) 465 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): This IPsec SA is established between the server and the client.
2024-04-27 09:46:21.740 IPsec Client 669 (178.33.3.37:4500 -> 192.168.88.33:4500): The L2TP Server Module is started.
2024-04-27 09:46:21.953 L2TP PPP Session [178.33.3.37:1701]: A new PPP session (Upper protocol: L2TP) is started. IP Address of PPP Client: 178.33.3.37 (Hostname: "iPhoneY"), Port Number of PPP Client: 1701, IP Address of PPP Server: 192.168.88.33, Port Number of PPP Server: 1701, Client Software Name: "L2TP VPN Client", IPv4 TCP MSS (Max Segment Size): 1314 bytes
2024-04-27 09:46:22.135 On the TCP Listener (Port 0), a Client (IP address 178.33.3.37, Host name "178.33.3.37", Port number 1701) has connected.
2024-04-27 09:46:22.135 For the client (IP address: 178.33.3.37, host name: "178.33.3.37", port number: 1701), connection "CID-4793" has been created.
2024-04-27 09:46:22.135 SSL communication for connection "CID-4793" has been started. The encryption algorithm name is "(null)".
2024-04-27 09:46:22.135 [HUB "VPN"] The connection "CID-4793" (IP address: 178.33.3.37, Host name: 178.33.3.37, Port number: 1701, Client name: "L2TP VPN Client", Version: 4.43, Build: 9799) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "RETRO".
2024-04-27 09:46:22.135 [HUB "VPN"] Connection "CID-4793": Successfully authenticated as user "RETRO".
2024-04-27 09:46:22.135 [HUB "VPN"] Connection "CID-4793": The new session "SID-RETRO-[L2TP]-486" has been created. (IP address: 178.33.3.37, Port number: 1701, Physical underlying protocol: "Legacy VPN - L2TP")
2024-04-27 09:46:22.135 [HUB "VPN"] Session "SID-RETRO-[L2TP]-486": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2024-04-27 09:46:22.135 [HUB "VPN"] Session "SID-RETRO-[L2TP]-486": VPN Client details: (Client product name: "L2TP VPN Client", Client version: 443, Client build number: 9799, Server product name: "SoftEther VPN Server (64 bit)", Server version: 443, Server build number: 9799, Client OS name: "L2TP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "iPhoneY", Client IP address: "178.33.3.37", Client port number: 1701, Server host name: "192.168.88.33", Server IP address: "192.168.88.33", Server port number: 1701, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "C03CF091D4CADAD225AE9BA44E5C19C3")
2024-04-27 09:46:22.226 L2TP PPP Session [178.33.3.37:1701]: Trying to request an IP address from the DHCP server.
2024-04-27 09:46:23.159 [HUB "VPN"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "18-FD-74-3C-C1-FA" (192.168.15.101) on this session allocated, for host "SID-RETRO-[L2TP]-486" on another session "CA-4C-29-D9-E7-34", the new IP address 192.168.88.100.
2024-04-27 09:46:23.159 L2TP PPP Session [178.33.3.37:1701]: An IP address is assigned. IP Address of Client: 192.168.88.100, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.88.1, Domain Name: "", DNS Server 1: 192.168.15.101, DNS Server 2: 8.8.8.8, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0, IP Address of DHCP Server: 192.168.15.101, Lease Lifetime: 1800 seconds
2024-04-27 09:46:23.159 L2TP PPP Session [178.33.3.37:1701]: The IP address and other network information parameters are set successfully. IP Address of Client: 192.168.88.100, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.88.1, DNS Server 1: 192.168.15.101, DNS Server 2: 8.8.8.8, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0
2024-04-27 09:51:28.033 L2TP PPP Session [178.33.3.37:1701]: The PPP session is disconnected because the upper-layer protocol "L2TP" has been disconnected.
2024-04-27 09:51:28.033 L2TP PPP Session [178.33.3.37:1701]: The PPP session is disconnected.
2024-04-27 09:51:28.043 IPsec ESP Session (IPsec SA) 465 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): This IPsec SA is deleted.
2024-04-27 09:51:28.043 IPsec IKE Session (IKE SA) 732 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): The server initiates a QuickMode negotiation.
2024-04-27 09:51:28.043 IPsec ESP Session (IPsec SA) 466 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x1E62E386, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2024-04-27 09:51:28.043 IPsec ESP Session (IPsec SA) 466 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2024-04-27 09:51:28.043 IPsec IKE Session (IKE SA) 732 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): This IKE SA is deleted.
2024-04-27 09:51:28.043 IPsec ESP Session (IPsec SA) 466 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): This IPsec SA is deleted.
2024-04-27 09:51:28.043 IPsec ESP Session (IPsec SA) 465 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): This IPsec SA is deleted.
2024-04-27 09:51:28.043 IPsec ESP Session (IPsec SA) 466 (Client: 669) (178.33.3.37:4500 -> 192.168.88.33:4500): This IPsec SA is deleted.
2024-04-27 09:51:28.347 [HUB "VPN"] Session "SID-RETRO-[L2TP]-486": The session has been terminated. The statistical information is as follows: Total outgoing data size: 7594020 bytes, Total incoming data size: 408618 bytes.
2024-04-27 09:51:28.367 Connection "CID-4793" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2024-04-27 09:51:28.367 Connection "CID-4793" has been terminated.
2024-04-27 09:51:28.367 The connection with the client (IP address 178.33.3.37, Port number 1701) has been disconnected.
2024-04-27 09:51:38.555 IPsec Client 669 (178.33.3.37:4500 -> 192.168.88.33:4500): This IPsec Client is deleted.


Re: VPN Server does not respond to requests from L2TP clients

Posted: Mon Oct 21, 2024 4:03 am
by moganmozart
You can set up a logging mechanism to capture detailed logs during the connection attempts. Use commands like `tail -f /path/to/server_log_vpn` to view logs in real-time and identify any errors or unusual patterns when clients fail to connect.