L2TP


#1

Hello-

I have 2 Vyos routers in my network. One of them is doing the heavy lifting (BGP, OSPF, etc.) - let’s call it the primary and the other (secondary) hasn’t really been implemented yet. The secondary router is directly connected to the primary and I have an L2TP tunnel running on it and can connect to it using the Microsoft client on my PC and also the android client on my Galaxy S5. From there, I can see the primary. All good so far.

When I copy the IPsec/L2TP configuration to the primary router (changing the IPs, etc.), neither of my clients will register. What I’d like to know is what tools are available within Vyos and Linux that can help me troubleshoot this? VPNs are not my forte and I’m a little lost.

Thanks in advance for any tips you have.


#2

the primary source of troubleshooting is the log.

You can compare the logs on the primary and secondary routers.

“show log vpn l2tp”


#3

No logs present on my attempts just now.

There are several IPsec tunnels running as well and they work fine. I removed the IPsec tunnels and added in only the config needed for L2TP. When I did that, I got the following log entries:

Jul 6 21:35:38 vr-1 xl2tpd[28759]: setsockopt recvref[22]: Protocol not available
Jul 6 21:37:18 vr-1 xl2tpd[28760]: death_handler: Fatal signal 15 received

Googling the death_handler message suggests that it is a NAT issue but if so, that is a little confusing. I then added the same NAT config to the secondary router and it was still able to connect.