An error 'The PPP link control protocol was terminated' is observed when connecting to L2TP VPN tunnel.
Upon running the following debug commands on FortiGate, authentication failure is observed:
diagnose debug reset
diagnose debug application l2tp -1 diagnose debug application ike -1
diagnose debug application fnbamd -1
diagnose debug enable
The output:
RCV: PAP Authentication_Request id(1) peerid(len=4, minh) local auth is done with user 'minh', ret=1 LOGIN FAILURES ON ppp0, minhSND: LCP Termiate_Request id(6) len(16) l2tp_ppp_send()-345: tunnel=1 SND: PAP Authentication_Nak id(1) packet_len=20, message_len=15 l2tp_ppp_send()-345: tunnel=1 l2tp_handle_ppp_packet()-197: l2tp_ppp_recv()-525: tunnel=1 (len=12) RCV: LCP Echo_Reply id(0) len(8) [Magic_Number 567e73f8] l2tp_ppp_down()-330: PPP link is down (tun=1) caller_data=0xf395b58 tear_down_tunnel()-488: closing down tunnel 1 l2tp_handle_ppp_packet()-197: l2tp_ppp_recv()-525: tunnel=1 (len=20) RCV: LCP Terminate_Ack id(6) len(16) Connection terminated. l2tp_ppp_down()-330: PPP link is down (tun=1) caller_data=0xf395b58 tear_down_tunnel()-488: closing down tunnel 1
From the debug, the reason for the issue is authentication failure. Checking L2TP config again and the wrong group is used.
Change to the correct user group and re-connect.
Verify the tunnel using the following command:
diag debug enable diag vpn l2tp tunnel
FGT_1 # l2tp_handle_admin()-202: receive admin message from vdom=0
--- L2tp tunnels (VD: 0) ------- ----------------------- Num of tunnels: 1 ----------------------- Tunnel ID = 1 (local id), 10 (remote id) vfid = 0 vrf = 0 peer 192.168.2.39:1701 duration = 771 control_seq_num = 14, control_rec_seq_num = 4, last recv pkt = 14 Call ID = 1 (local id), 1 (remote id), serno = 0 assigned ip = 10.10.1.2 data_seq_num = 0, tx = 4498 bytes (167), rx= 15855 bytes (299)
|