L2TP/ipsec client not able to use encryption

ik3umt · July 26, 2018, 4:03pm

I have one out of 10 L2TP/ipsec clients configured the same identical way to connect to same server , not able to encrypt when /ppp profile is set to use-encryption=required
All other clients have not any problem
Only this one gets an active connection if “use-encryption=yes” is set: this way, the field “encoding” is displayed blank in SERVER ppp active connections while the correct encoding is shown in CLIENT l2tp interface status…

Any idea please ?

This is log when encryption fails :

17:50:12 l2tp,ppp,info,account MYl2tp logged in, 172.16.219.12 
17:50:12 l2tp,ppp,debug,packet  <CLIENT_PUBLIC_IP>: sent CHAP Success id=0x1 
17:50:12 l2tp,ppp,debug,packet     S=D14BF281681468F01E4C999E2DB04BC012D58795 
17:50:12 l2tp,ppp,info <l2tp-MYl2tp>: authenticated 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: IPCP lowerup 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: IPCP open 
17:50:12 l2tp,ppp,debug,packet  <CLIENT_PUBLIC_IP>: sent IPCP ConfReq id=0x1 
17:50:12 l2tp,ppp,debug,packet     <addr 172.16.219.254> 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: IPV6CP open 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: MPLSCP lowerup 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: MPLSCP open 
17:50:12 l2tp,ppp,debug,packet  <CLIENT_PUBLIC_IP>: sent MPLSCP ConfReq id=0x1 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: BCP open 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: CCP lowerup 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: CCP open 
17:50:12 l2tp,ppp,debug,packet  <CLIENT_PUBLIC_IP>: sent CCP ConfReq id=0x1 
17:50:12 l2tp,ppp,debug,packet     <mppe 1000040> 
17:50:12 l2tp,ppp,debug,packet  <CLIENT_PUBLIC_IP>: rcvd LCP ProtRej id=0x67 
17:50:12 l2tp,ppp,debug,packet      80 fd 01 01 00 0a 12 06 01 00 00 40 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: LCP close 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: LCP closed 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: CCP lowerdown 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: BCP lowerdown 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: BCP down event in starting state 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: IPCP lowerdown 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: IPV6CP lowerdown 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: IPV6CP down event in starting state 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: MPLSCP lowerdown 
17:50:12 l2tp,ppp,debug,packet  <CLIENT_PUBLIC_IP>: sent LCP TermReq id=0x2 
17:50:12 l2tp,ppp,debug,packet     Encryption negotiation rejected 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: PPP received non-LCP packet (0x8021) when LCP not open 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: PPP received non-LCP packet (0x8281) when LCP not open 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: PPP received non-LCP packet (0x8021) when LCP not open 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: PPP received non-LCP packet (0x8281) when LCP not open 
17:50:12 l2tp,ppp,debug,packet  <CLIENT_PUBLIC_IP>: rcvd LCP TermAck id=0x2 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: LCP lowerdown 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: CCP close 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: BCP close 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: IPCP close 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: IPV6CP close 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: MPLSCP close 
17:50:12 l2tp,ppp,info <l2tp-MYl2tp>: terminating... - Encryption negotiation rejected 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: LCP lowerdown 
17:50:12 l2tp,ppp,debug <CLIENT_PUBLIC_IP>: LCP down event in initial state 
17:50:12 l2tp,ppp,info,account MYl2tp logged out, 1 28 24 4 3 
17:50:12 l2tp,ppp,info <l2tp-MYl2tp>: disconnected 
17:50:12 l2tp,debug,packet rcvd control message from CLIENT_PUBLIC_IP:1027 to 10.0.10.254:1701 
17:50:12 l2tp,debug,packet     tunnel-id=28220, session-id=1, ns=4, nr=2 
17:50:12 l2tp,debug,packet     (M) Message-Type=CDN 
17:50:12 l2tp,debug,packet     (M) Result-Code=1 
17:50:12 l2tp,debug,packet     (M) Assigned-Session-ID=1 
17:50:12 l2tp,debug,packet sent control message (ack) to CLIENT_PUBLIC_IP:1027 from 10.0.10.254:1701 
17:50:12 l2tp,debug,packet     tunnel-id=45, session-id=0, ns=2, nr=5 
17:50:12 l2tp,debug session 1 entering state: stopping 
17:50:12 l2tp,debug session 1 entering state: dead 
17:50:12 l2tp,debug,packet sent control message to CLIENT_PUBLIC_IP:1027 from 10.0.10.254:1701 
17:50:12 l2tp,debug,packet     tunnel-id=45, session-id=0, ns=2, nr=5 
17:50:12 l2tp,debug,packet     (M) Message-Type=StopCCN 
17:50:12 l2tp,debug,packet     (M) Result-Code=1 
17:50:12 l2tp,debug,packet     (M) Assigned-Tunnel-ID=28220 
17:50:12 l2tp,debug tunnel 28220 entering state: stopping 
17:50:12 l2tp,debug,packet rcvd control message (ack) from CLIENT_PUBLIC_IP:1027 to 10.0.10.254:1701 
17:50:12 l2tp,debug,packet     tunnel-id=28220, session-id=0, ns=5, nr=3 
17:50:12 l2tp,debug tunnel 28220 entering state: dead

ik3umt · October 9, 2018, 3:31pm

Suddenly, now I have three of my 10 l2tp incoming connections not working for the same reason.

using the profile (server side) with encryption=yes they come up with no encryption,
using encryption=required, no way !

All clients are configured identically !!
All connecting to the same server

What else can i debug
Any help plese ?