VPN (L2TP and PPTP) - doesn't work properly on VyOS 1.3/1.4

Hi everyone,

I am using VyOS version 1.2.6 as a router. It also runs as a VPN (L2TP and PPTP). Everything works fine. I wanted to update it to version 1.3 or 1.4. However, the VPN stops working properly on both. The client can connect, but traffic from the client stops at the router. The local network and the Internet are not working. I can ping only public IP address of router. What could be the reason for this state ?
VPN config (L2TP) looks like below.

 remote-access {
 authentication {
     local-users {
         username user {
             password pass
         }
     }
     mode local
     require mschap-v2
 }
 client-ip-pool {
     start 10.1.5.1
     stop 10.1.5.254
 }
 dns-servers {
     server-1 a.a.a.a
 }
 idle 1800
 ipsec-settings {
     authentication {
         mode pre-shared-secret
         pre-shared-secret SECRET
     }
     ike-lifetime 3600
     lifetime 3600
 }
 outside-address x.x.x.x

}

Hello @sebad, I think the config for 1.3/1.4 should be different and also should be migrated to a new syntax automatically. Could you check your NAT rules?

@Dmitry NAT rules looks like following:

source {
 rule 120 {
     destination {
         address 0.0.0.0/0
     }
     outbound-interface eth0
     source {
         address 10.1.0.0/16
     }
     translation {
         address x.x.x.x
     }
 }

}

Looks good, but not necessarily to use destination address 0.0.0.0/0 in this case.
Can you try to reduce mtu?

set vpn l2tp remote-access mtu 1300

Also, show please

show l2tp-server sessions | strip-private

Do you have firewall rules which can block ICMP?

What I have done:
set vpn l2tp remote-access mtu 1300
set vpn pptp remote-access mtu 1300
delete nat source rule 120 destination

and now L2TP works properly. PPTP still doesn’t work.

Show pptp configuration commands

show configuration commands | strip-private | grep pptp

The was no gateway-address in pptp config.
set vpn pptp remote-access gateway-address
solved the problem.
Thank you @Dmitry for your help.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.