Peplink Balance One drops L2TP VPN connection

It is 2/3 days now that our Peplink balance will drop LPT2 VPN connections within one minue from connection… Tried multiple interfaces and multiiple providers all on fast fiber optic connections. Status → Events:

May 22 17:19:20	L2TP/IPsec: remoteadministrator disconnected (192.168.x.x)
May 22 17:18:31	L2TP/IPsec: remoteadministrator connected (192.168..x.x)
May 22 17:16:33	L2TP/IPsec: remoteadministrator disconnected (192.168..x.x)
May 22 17:14:59	Admin: admin (192.168.8.17) login successful
May 22 17:14:53	L2TP/IPsec: remoteadministrator connected (192.168..x.x)
May 22 17:11:57	L2TP/IPsec: remoteadministrator disconnected (192.168..x.x)
May 22 17:11:07	L2TP/IPsec: remoteadministrator connected (192.168..x.x)

are you on latest firmware? did you recently update/change anything? have you submitted a ticket?

  • yes, no, no

Now attempting to lower MTU value in peplink’s WAN config…

I had similar problems with L2TP on Balance One and B380 using v7 and v8 firmware. I reloaded firmware 6.3.4, and all my L2TP problems disappeared. I’m hoping Peplink would take the L2TP portion of the code from 6.3.4 and drop it into a future 8.x version.

Opened a ticket

@Don_Ferrario, I connected L2TP/IPSec with 8.0.0 on MFA500 (same firmware version with Balance 380) without issue. I can connect more than 1 hour.

I disconnect it to stop my testing at the end.

I am using Windows 10 as L2TP/IPSec client. What is your L2TP/IPSec client?

1 Like

Windows 10 built in client here. Strange that I had no problems until a few days ago.I have notived that in the log also see these messages are present:

DDNS: Domain xxx.xxx.xxx update failed for WAN xxxxxxxxx Authentication error.

Which Windows 10 version (check with “winver” command) are you running? Could it be a recent Windows update has spoiled the client?

I have one Windows PC that connects using firmware v7 or v8 with no problems. I have six other devices that cannot connect. The one that works ok has Windows Pro. The others are Windows Home. All seven of the devices can connect to 6.3.4 without issue. Most of the time they cannot connect at all but I have seen occasions where it lasts a few minutes.

TK, since I have multiple Balance One, including at my house where we can do firmware changes, reboots, etc, you could test with that. I will open a case and send you the diagnostic information. There have been enough prior forum discussions on L2TP to know I am not the only one with the issue.

For me the issue is not urgent because all my devices are connected by PepVPN so my users can connect to the one running 6.3.4 and have access to the full network.

2 Likes

Hello @Don_Ferrario & @ReeXNeeX,
We have a similar situation and a ticket open with Peplink at the moment too (ticket # 9050173).
Based on this thread, the ticket may be related.

Our issue is Windows 10 Pro PCs (from our client & us with the all the latest windows updates) are not able to connect via IPSec to the routers.
image
Peplink’s engineers and support can connect just fine.
We have checked firewall, ISP, software, IPs (and other stuff too like the Peplink guide in this forum of “Setting up L2TP With IPsec”).

At the moment we have not been able to find a solution, rolling back to Firmware Ware 6 is not an option due to other required feature in the newer releases.

Hopefully, we can all work out together what is the cause and solution, over to you again @TK_Liew.
Happy to Help,
Marcus :slight_smile:

1 Like

Good morning Marcus, Yesterday I could successfully connect to the router through VPN with no disconnections. This disconnection issue seems to happen randomly. As it started showing recently without any change to the router, the only thing I can think of is that the client, Windows 10, was updated somehow. Maybe a recent Windows update has altered the L2TP client in a faulty way? I am running 1809 build 17763.503

Today 4hrs with no interruptions… what can I say?

@mldowling

Would you able to confirm the issue happen intermittent that the PC sometimes can connect & sometimes cannot ? or the Window 10 PC have never successful connect before ?

Believe that your problem is different problem from what @ReeXNeeX is encountered (Intermittent). Support team will followup with you via support ticket to further investigate this.

From @ReeXNeeX given logs below:

Suspect that the issue can be related to the WAN connections that the DDNS service also having some problem that cannot update to DDNS server.

@ReeXNeeX, would please open a support ticket as well so that support team can check on this. What i can confirm here is that, we failed to reproduce the issues in our labs that we need more data from all of you in order to investigate the problem.

1 Like

A ticket is open already .What does the “DDN update fail” means?

1 Like

@ReeXNeeX

Support team will check from the device.

1 Like

For the record, this morning connection drops a few seconds after the login. Could this depend on traffic over the router? Dashboard in Incontrol will show average CPU at 10%

1 Like

Check your MS-CHAP settings. This is no longer default enabled, where it once was. Further, at least once, a feature update has reverted this setting back to disabled, breaking a working VPN (at least for me).

This setting isn’t found in the modern Settings app, instead you have to make the change in the older Network Connections. Below assumes you’ve already created the VPN using the built-in Windows client.

  1. Launch Settings
  2. Network & Internet > Status
  3. Click Change adapter options to open Network Connections
  4. Right click on the L2TP VPN you’ve created
  5. Select Properties
  6. Click the Security tab
  7. In the Authentication section, click/confirm Allow these protocols
  8. Select Microsoft CHAP Version 2 (MS-CHAP v2)
  9. Click OK

Your VPN connection should be successful.

This works on W10 Home and Pro (and presumably Enterprise).
If you’re really fancy with an AD enviornment, you can probably bring up this change with a GPO.

Hope this helps!

2 Likes

Hello @louisbohn,
Choosing the “Microsoft CHAP Version 2 (MS-CHAP v2)” appears to have resolved the issue for us
It looks like a windows update at some point had turned that setting off on all of our customers (and our) systems
image
So now they are showing this
image
The requirement for this is clearly visible in the guide at Setting up L2TP With IPsec
Thank you for sharing your knowledge and experience. We will keep an eye on it going forward.
Happy to Help,
Marcus :slight_smile:

2 Likes

Hi there guys,
my settings are correct , MS-CHAP v2 blablabla, and I can connect.
But under mysterious circumstances the client will disconnect within 10/60 seconds and in the Event viewer, the Rasdial event will show:

CoId={5C53AD88-BC43-499D-BC59-D1D005F19D61}: The user Argo\Rix dialed a connection named xxxxxxxx which has terminated. The reason code returned on termination is 828.

828 means timeout, however the timeout in the seetings is set to “Never”. Attempted to set 5 minutes, no change.