Troubleshooting Tip: Window Native L2TP Disconnected Immediately after Connected

btey · ‎08-06-2024

Description

This article describes the issue of Window Native L2TP disconnected immediately after connection, the troubleshooting steps, and a possible workaround.

Scope

Window native L2TP VPN.

Solution

IPsec connection show up and L2TP information has been negotiated. The PPP link shows up. After 1 second, the following message appear:

Run IKE and l2tp debug from FortiGate:

diagnose debug application ike -1

diagnose debug application l2tp -1

l2tp_handle_ppp_packet()-197:
l2tp_ppp_recv()-525: tunnel=1 (len=20)
RCV: LCP Termiate_Request id(11) len(16)
LCP terminated by peer <-- Connection terminated by client.
ipcp: down ppp:0x7f3070610800 caller:0xb5550d8 tun:-1
SND: LCP Terminate_Ack id(11) len(4)
l2tp_ppp_send()-345: tunnel=1
l2tp_ppp_down()-330: PPP link is down (tun=1) caller_data=0xb5550d8
tear_down_tunnel()-488: closing down tunnel 1

Run the ESP packet capture and decrypt the packet. It will show the following:

Client trying to access www.msftconnecttest.com before sending the termination request.

L2TP disconnection will happen when the connection to www.msftconnecttest.com asks for authentication as below:

Resolution:

Allow access to www.msftconnecttest.com with a captive portal exemption or authentication exemption.

Related document:

Technical Tip: Decrypt ESP packets

Troubleshooting Tip: L2TP in IPsec connectivity issues