L2TP with external DHCP server

arnevanrenterghem · February 28, 2017, 7:04am

Hi,

I’ve seen the question here before and from the answers I understand that it should be possible with the latest firmware.

I have a Balance 380 HW 5 - Firmware 6.3.3

L2TP used to work fine when using the Peplink as DHCP server. Now I have an external DHCP server (using a different gateway than the Peplink) and L2TP does not work anymore.

So we have actually 2 gateways on our LAN. The DHCP server refers to the non-peplink gateway.

I tried setting fixed IP on the client but still the Identity control fails.

Any solutions for that?

TK_Liew · February 28, 2017, 9:05pm

Please ensure the DHCP server is located in the Untagged Vlan of Peplink. Then should be fine.

arnevanrenterghem · February 28, 2017, 11:09pm

Thanks, there are no VLAN’s defined in our LAN so that should be fine.

Any other possibilities?

Arne

Rainer_Nowak · September 25, 2017, 2:29am

I think we have a similar problem. The L2TP VPN for Clients (iOS and Windows) does not work properly. Peplink makes no DHCP. The Domaincontroller in the LAN behind the Peplink makes DHCP. That works fine. The L2TP-VPN-Client get a IP-Adress inner the Subnet 192.168.0.0, for Example the 192.168.0.135. From now it will be mystoies. The VPN-Client can Ping some hosts in the LAN, for Example this hosts: 192.168.0.1 = Peplink, 192.168.0.2, 192.168.0.8, 192.168.0.19, 192.168.0.72,
192.168.0.120.

But the important destinations like Terminalserver1 (192.168.0.10), Terminalserver2 (192.168.0.22) and the Domaincontroller (192.168.0.4) are unreachable for the L2TP-VPN-Clients. There goes nothing, no Ping, no RDP etc. If I login to the WebGUI of Peplink->System->Tools->Ping->LAN and make a Ping to Terminalserver1 (192.168.0.10), Terminalserver2 (192.168.0.22) it works.

Results:

192.168.0.10
PING 192.168.0.10 (192.168.0.10) from 192.168.0.1 56(84) bytes of data.
64 bytes from 192.168.0.10: icmp_req=1 ttl=128 time=0.360 ms
192.168.0.22
PING 192.168.0.22 (192.168.0.22) from 192.168.0.1 56(84) bytes of data.
64 bytes from 192.168.0.22: icmp_req=1 ttl=128 time=0.523 ms

In my eyes it makes no sense. There is no other Firewall in the Network (behind Peplink). There is also no VLAN definied. It seems, as would block anything inner the Peplink the traffic to some destinations in the LAN, and there are no policys definied in the Peplink.

I read about, that it is not good, that the VPN-Clients get a IP-Adress inner the range of LAN-Subnet. The Routing will not work properly. But is it possible to activate the Peplink DHCP Server only for L2TP-VPN-Clients, so that they could get a IP-adress out of another SUBnet. Hope you know what I mean.

Hope someone can help me please!?

TK_Liew · September 25, 2017, 8:12pm

@Rainer_Nowak, we have feedback here.

emilp · September 26, 2017, 12:44am

Hello,

You will have to do port forwarding (L2TP/PPTP) on your Balance 380 pointing to your main gateway.
In my scenario I had to forward PPTP protocols to the DHCP server on site (BR1) or you have a second option called Custom Service Forwarding.
Hope this helps!