Given:
Balance 380 (BPL-380) HW6, Firmware 8.0.2 build 2721
PepVPN 8.0.0
Clients are behind an Asus AC68U router.
Symptom:
One client can connect to the router & all is well. When a second client connects, it disconnects/drops the first client.
The Balance serves multiple clients fine. The problem is when multiple clients from the same IP* try to connect.
-
- The same IP is a theory. When I connect from another network using pfSense, two connections are successfully made. One is from a PC & the other a VM.
Here is a post with same problem but no solution posted.
https://archive-forum.peplink.com/t/l2tp-ipsec-vpn-drops/13592/18
This is a known issue with L2TP I think - not limited to Peplink devices, where multiple clients connect from behind the same NAT router.
Not convinced I know of a workaround.
Really? And this was to be worldwide standard for VPN? The standards writers didn’t think this scenario would ever come up? That’s crazy.
Well yes - in that it is/was a known limitation of the underlying VPN software component, strongSwan (and openswan etc.)
This explains it: Using a Linux L2TP/IPsec VPN server
Although reading other forums there is a suggestion that this is normally a windows device specific problem as IoS supports L2TP over a NAT-T device. They say that a windows device and multiple IoS devices can use L2TP behind the same router and that there is/was a registry fix for windows:
I haven’t tested this myself or seen the issue recently so apologies for being a bit vague.
We switch to OpenVPN. It is working nicely. Just have to figure out why Peplink isn’t resolving names on our domain DNS server, which is assigned to the LAN Connection.
Clients get the Peplink’s IP as the only DNS. Is it possible to push additional DNS server IPs to clients? Is that a client config issue, i.e. something to add to the OpenVPN import file?
UPDATE: Latest firmware fixed the DNS issue.