When trying to connect from a Windows VPN, it shows the following error. 

diagnose debug application ike -1

diagnose debug application l2tp -1

diagnose debug enable

run_ctrl_state_machine()-74: run_ctrl_state_machine: message type is (10). Tunnel is 1, call is 1.
run_ctrl_state_machine()-185: ** run_ctrl_state_machine - ICRQ ** tunnel 1, call id = 1
run_ctrl_state_machine()-198: Out of IP addresses on tunnel 1!
tear_down_tunnel()-499: closing down tunnel 1
L2TPD 92: 216:Received invalid control packet for unknown call.
handle_one_network_packet()-71:
l2tp_tunnel_close_timer_fn()-490: tunnel 1
close_tunnel()-444: ** close_tunnel ** tun=1
close_tunnel()-449: Closing and destroying tunnel 1

This issue happens because of address range misconfiguration. In this example, there is no available IP address because start IP and end IP are the same as shown below. 

show vpn l2tp
config vpn l2tp
    set status enable
    set eip 192.168.254.1   <----- End IP.
    set sip 192.168.254.1   <----- Start IP.
end

To resolve the issue, configure the start IP and end IP correctly to make sure there are enough IP addresses to be assigned to L2TP VPN clients. 

config vpn l2tp
    set status enable
set eip 192.168.254.100   <----- End IP.
    set sip 192.168.254.1   <----- Start IP.
end

After correcting the IP address range, the user is able to connect. 

Related articles: 

• Technical Tip: How to establish VPN connection between Windows 10 and FortiGate with L2TP over IPSec...
• Troubleshooting Tip: L2TP in IPsec connectivity issues