Routing problem on 7402X - L2TP VPN

Discussion for BiPAC 7402 series: 7402, 7402G, 7402X, 7402GX, 7402NX..etc
Post Reply
manoj.gowrie
Posts: 1
Joined: Thu Jan 17, 2013 1:09 pm

Routing problem on 7402X - L2TP VPN

Post by manoj.gowrie »

Hi

I hope someone will be able to help.

In our branch network, we have three sites, SITE A, B and C.

At SITE A, we have router on IP Address 10.9.1.1/24 which gives SITE A's users access to SITE C's mainframe server on IP Address 172.16.0.3/24, we also have a Billion 7402X on IP Address 10.9.1.2/24 with a DSL connection.

At SITE B, we have a Billion 7402X on IP address 10.9.3.3/24 with a DSL connection.

Between SITE A and SITE B, we have an L2TP VPN connection set up on the Billion routers linking SITE A's 10.9.1.0/24 network to SITE B's 10.9.3.0/24 network.

At the moment we are able to make a connection from a device at SITE B to a device at SITE A and vice versa, so connectivity between the two sites works perfectly.

We now want to give users at SITE B 10.9.3.0/24, access to the mainframe server 172.16.0.3/24 via the L2TP VPN connection.

We have added a route in router 10.9.1.1 pointing to the 10.9.3.0 network using 10.9.1.2 as it's gateway. We have a route in Billion 10.9.1.2 pointing to 172.16.0.3 using 10.9.1.1 as its gateway.

Then finally in Billion 10.9.3.3 we have left the default route 0.0.0.0 0.0.0.0 0.0.0.0/ipwan to send ALL traffic from devices in the SITE B 10.9.3.0 network over the L2TP VPN.

But users at SITE B are not able to connect to the Mainframe server 172.16.0.3 at Site C. If we trace the traffic from a PC at SITE B, the packet hits the Billion 10.9.3.3 an then goes out on the WWW and NOT over the L2TP tunnel as it should.

We have tried multiple types of routes to send this traffic over the tunnel but none have worked. Also, using the GUI Web browser interface, when creating a route the only interface options I see are the iplan and ipwan interfaces, there is no way to direct this route to the vpn tunnel.

Please assist!
RoadKill
Posts: 3
Joined: Sun Jul 29, 2012 9:28 am

Re: Routing problem on 7402X - L2TP VPN

Post by RoadKill »

The web interface is not sophisticated enough to properly configure VPN connections for all but the simplest use cases. I think you can make this work by using the 7402X command line interface for additional routes as I've done.

On my 7402NX I have an always on L2TP VPN connection that is not the default route, with explicit exceptions to route over VPN. My approach was to configure using the web UI as far as possible, then use the router CLI for the rest.

I'm guessing that your L2TP tunnel is also not configured to be the default route so other external traffic routes to the wan - as you suggest it would need an explicit route to reach the mainframe from SITE B.

This page helped me: http://plusplusyou.blogspot.com.au/2012 ... odems.html, it probably has all the info you need, though I've extracted, tailored and added info below.

Before you start, I'd recommend taking a backup of the router configuration through the web UI: Advanced > Configuration > System > Backup/Restore.

To set up a route on the 7402X at SITE B, telnet from a command prompt:

Code: Select all

telnet 10.9.3.3
(default user:admin, pass:admin)

Find out the L2TP tunnel interface name (it will start with @):

Code: Select all

ip list interface
You probably need something like (replace @ip_pppdevice7 as appropriate):

Code: Select all

ip add route mainframe 172.16.0.3 255.255.255.255 interface @ip_pppdevice7
This adds a route to a single IP address over a specific interface, it should at least get packets to the 7402X at SITE A.
Syntax: ip add route <route name> <destination base ip address> <subnet mask> interface <interface name>

If you need to remove the route:

Code: Select all

ip delete route mainframe
These router commands may be useful for debugging:

Code: Select all

ip list route
ip show debuginfo
traceroute 172.16.0.3
Also, typing ? gives (context sensitive) help on the router command line.
marianparlors
Posts: 1
Joined: Wed Jul 30, 2014 4:32 pm

Re: Routing problem on 7402X - L2TP VPN

Post by marianparlors »

Here's the cause of the problem ...
- when the Billion 7402 restarts it only has the default ipwan interface in existence;
- it connects firstly to Afrihost via PPP0E and assigns the router's dynamic IP to the ipwan interface;
- the nat port forwards have to be bound to interface @ip_pppdevice16 ... but until the L2TP VPN tunnel to Afrihost connects that interface is not present ... so the nat port forwards FAIL;
- the L2TP VPN tunnel to Afrihst comes up AFTER the Billion has already attempted the port forwards - which have already failed with errors ... and which do not automatically reset and try again.

Hope that helps,
Michaellix
Posts: 3
Joined: Fri Jun 08, 2018 11:05 am

Routing problem on 7402X L2TP VPN

Post by Michaellix »

Hello all,

I have configured VPN client to site on SSG5 recently. also, I configured profile on client as well,the client use NCP Secure Entry Client as VPN client software to connect remotely, the clients can connected successfully VPN through internet 3G sim card but not successfully through WIFI connection although WIFI connection always in good condition. The client show error "VPN error Connection to VPN gateway failed". as on NCP client software.
I cannot find how is reason. someone suggest me.

Thank in advance.
Post Reply