Community discussions

MikroTik App
 
Longinus
just joined
Topic Author
Posts: 1
Joined: Mon Oct 03, 2022 10:45 am

Unknown client side problem with L2TP VPN

Mon Oct 03, 2022 11:44 am

Good day. I ran into a problem that I didn't understand. Perhaps one of you has encountered such a problem, or will tell you where to look for an answer. I will describe the problem and what I tried to do.

I have a server with CHR. L2TP with IPsec is configured on this server. Along with CHR, I have another server which is on CHR's local network. The CHR has an external IP address that I use to connect to the VPN.
Example:
1.1.1.1 - external IP on CHR
192.168.0.0/24 - local network for VPN users
10.0.0.0/24 - local network for servers.
10.0.0.2 - server next to CHR

I can connect to the VPN from different computers and with different VPN users (secrets) without problems and access the server that is on the CHR LAN (10.0.0.0/24). However, I have one computer with Windows 11 on which there is a problem. The problem is that I can connect to the VPN, but the traffic does not reach the CHR LAN (10.0.0.0/24). I can connect from different clients on this PC, still it doesn't work. If I log in under these users from other PCs then everything works. So I think the problem is on the client side.

I'm sure the VPN is set up identically to the other PCs. The CHR shows that there is a connection from this PC. Only the traffic does not go to the CHR local network (10.0.0.0/24).
First, I discovered that the client does not have a route path in the path table for the VPN connection when connecting.
IPv4 Route Table
=============================================================
Active Routes:
Network Destination    Netmask    Gateway       Interface
0.0.0.0                0.0.0.0    172.16.0.1    172.16.0.254
P.S: 172.16.0.0/24 - this is a local network at the client's home.

After comparing the table on the working client and non-working client, I found that there is no such record:
IPv4 Route Table
=============================================================
Active Routes:
Network Destination    Netmask    Gateway       Interface
0.0.0.0                0.0.0.0    On-Link       192.168.0.254


So I manually added this entry for the VPN interface. Using this command:
route -p add 0.0.0.0 mask 0.0.0.0 0.0.0.0 if 40
P.S: 40 - this is the interface

After that, two paths appeared in the routing table:
IPv4 Route Table
=============================================================
Active Routes:
Network Destination    Netmask    Gateway       Interface
0.0.0.0                0.0.0.0    172.16.0.1    172.16.0.254
0.0.0.0                0.0.0.0    On-Link       192.168.0.254

But it didn't help
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Unknown client side problem with L2TP VPN  [SOLVED]

Tue Oct 04, 2022 3:25 am

You don't want to do this manually. Since you have different subnet for VPN users, you have two options:

a) Use VPN as default gateway, i.e. all traffic will go there, including traffic to internet, which will be router via remote server.
b) Use VPN only for traffic to remote subnet(s).

You seem to use a), so check if your VPN connection is configured as default gateway. Probably the simplest way is to run PowerShell command:
Get-VpnConnection -Name "Name of your connection"
and look for SplitTunneling parameter, you want it to be False.

If you'd go with b), you'd want this parameter to be True and you'd need to add route to 10.0.0.0/24 using Add-VpnConnectionRoute command.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Unknown client side problem with L2TP VPN

Sat Oct 22, 2022 2:28 pm

I have same problem as Longinus.

One Win11 computer connets to VPN and stops to communicate with the world .. other clients work normally. Other computer of user, connecting with same place works as expected. No idea what next could be done.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Unknown client side problem with L2TP VPN

Sat Oct 22, 2022 8:02 pm

Examine current config (on client), gateway, routes. "Turn it off and on again", i.e. recreate the connection. Check if you have some idiotic antivirus that blocks VPNs "for security" (I saw it recently, but don't remember what product it was). Play with packet sniffer. Things like that.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Unknown client side problem with L2TP VPN

Sun Oct 23, 2022 12:31 am

Removed configuration, created again. Same antivirus configuration managed centrally. Configuration made as for other hundreds of clients.
Nothing special. This one particular computer connects to VPN and stops to connect to Internet.
Computer is 600 km away so it's not so easy to debug the problem.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Unknown client side problem with L2TP VPN

Sun Oct 23, 2022 8:21 pm

Is it supposed to use VPN as default gateway? If so, do you see any attempts to do so on server? Torch on client's interface shows anything interesting?

On one hand, it's great when it breaks reliably, but if it breaks internet access, not so great for remote debugging.

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], emunt6 and 61 guests