L2TP IPSec Randomly Not Working

Question

Hi,

I'm having one of "those" issues. You know, where something that was working fine for months suddenly stopped with no explanation?

We have an L2TP over IPSec remote access VPN set up for Mac laptops to talk to our UTM320.  Has worked fine for months.  Still works fine for some clients.  Today, it's not for others.

Nothing changed in VPN configurations on server or client.

Testing one account from a remote location, client can connect successfully from one machine, but using the exact same credentials from another machine but at the same location, the connection fails.

Again, never had a problem until this morning.  This ever happen to anyone else?

Below are the logs from the attempt and the successful connection:

Failed Attempt:

2014:11:05-10:04:50 kingarch pluto[28190]: "L_for VPN Users"[16] 10.20.0.14 #33: deleting connection "L_for VPN Users"[16] instance with peer 10.20.0.14 {isakmp=#0/ipsec=#0}
2014:11:05-10:04:50 kingarch pluto[28190]: "L_for VPN Users"[16] 10.20.0.14 #33: received Delete SA payload: deleting ISAKMP State #33
2014:11:05-10:04:50 kingarch pluto[28190]: "L_for VPN Users"[16] 10.20.0.14: deleting connection "L_for VPN Users"[16] instance with peer 10.20.0.14 {isakmp=#0/ipsec=#0}
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="jcooper" variant="l2tp" srcip="10.20.0.14" virtual_ip="10.242.3.4"
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: Script /etc/ppp/ip-down finished (pid 1807), status = 0x0
2014:11:05-10:04:52 kingarch openl2tpd[28144]: FUNC: tunl 47333 deleted
2014:11:05-10:04:52 kingarch openl2tpd[28144]: FUNC: tunl 47333: deleting context
2014:11:05-10:04:53 kingarch pppd-l2tp[1728]: Connection terminated.
2014:11:05-10:04:53 kingarch pppd-l2tp[1728]: Modem hangup
2014:11:05-10:04:53 kingarch pppd-l2tp[1728]: Exit.
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: received Vendor ID payload [RFC 3947]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2014:11:05-10:05:53 kingarch pluto[28190]: packet from 10.20.0.11:500: received Vendor ID payload [Dead Peer Detection]
2014:11:05-10:05:53 kingarch pluto[28190]: "L_for VPN Users"[17] 10.20.0.11 #35: responding to Main Mode from unknown peer 10.20.0.11
2014:11:05-10:05:53 kingarch pluto[28190]: "L_for VPN Users"[17] 10.20.0.11 #35: NAT-Traversal: Result using RFC 3947: no NAT detected
2014:11:05-10:05:53 kingarch pluto[28190]: "L_for VPN Users"[17] 10.20.0.11 #35: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2014:11:05-10:05:53 kingarch pluto[28190]: "L_for VPN Users"[17] 10.20.0.11 #35: Peer ID is ID_IPV4_ADDR: '10.20.0.11'
2014:11:05-10:05:53 kingarch pluto[28190]: "L_for VPN Users"[17] 10.20.0.11 #35: Dead Peer Detection (RFC 3706) enabled
2014:11:05-10:05:53 kingarch pluto[28190]: "L_for VPN Users"[17] 10.20.0.11 #35: sent MR3, ISAKMP SA established
2014:11:05-10:05:54 kingarch pluto[28190]: "L_for VPN Users"[17] 10.20.0.11 #36: responding to Quick Mode
2014:11:05-10:05:55 kingarch pluto[28190]: "L_for VPN Users"[17] 10.20.0.11 #36: IPsec SA established {ESP=>0x0b439b00  WAITCTLCONN
2014:11:05-10:04:40 kingarch openl2tpd[28144]: PROTO: tunl 47333: SCCCN received from peer 3
2014:11:05-10:04:40 kingarch openl2tpd[28144]: FSM: CCE(47333) event SCCCN_ACCEPT in state WAITCTLCONN
2014:11:05-10:04:40 kingarch openl2tpd[28144]: FUNC: tunl 47333 up
2014:11:05-10:04:40 kingarch openl2tpd[28144]: FSM: CCE(47333) state change: WAITCTLCONN --> ESTABLISHED
2014:11:05-10:04:40 kingarch openl2tpd[28144]: PROTO: tunl 47333/0: ICRQ received from peer 3
2014:11:05-10:04:40 kingarch openl2tpd[28144]: PROTO: tunl 47333/18483: sending ICRP to peer 3/337
2014:11:05-10:04:40 kingarch openl2tpd[28144]: PROTO: tunl 47333/18483: ICCN received from peer 3
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: Plugin aua.so loaded.
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: AUA plugin initialized.
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: Plugin ippool.so loaded.
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: Plugin pppol2tp.so loaded.
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: pppd 2.4.5 started by (unknown), uid 0
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: using channel 428
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: Using interface ppp2
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: Connect: ppp2
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: Overriding mtu 1500 to 1380
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: PPPoL2TP options: lnsmode tid 47333 sid 18483 debugmask 0
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: Overriding mru 1500 to mtu value 1380
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: sent [LCP ConfReq id=0x1    ]
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: rcvd [LCP ConfReq id=0x1    ]
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: sent [LCP ConfAck id=0x1    ]
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: rcvd [LCP ConfAck id=0x1    ]
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: Overriding mtu 1500 to 1380
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: PPPoL2TP options: lnsmode tid 47333 sid 18483 debugmask 0
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: sent [CHAP Challenge id=0x3a , name = "kingarch.com"]
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: rcvd [LCP EchoReq id=0x0 magic=0x71dd82cc]
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: sent [LCP EchoRep id=0x0 magic=0xcab62c71]
2014:11:05-10:04:40 kingarch pppd-l2tp[1728]: rcvd [CHAP Response id=0x3a , name = "jcooper"]
2014:11:05-10:04:40 kingarch pluto[28190]: "L_for VPN Users"[16] 10.20.0.14 #34: IPsec SA established {ESP=>0x00767108 ]
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: rcvd [IPCP ConfReq id=0x1   ]
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: sent [IPCP ConfNak id=0x1   ]
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: rcvd [proto=0x8057] 01 01 00 0e 01 0a 02 16 cb ff fe 95 93 fb
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: Unsupported protocol 'IPv6 Control Protovol' (0x8057) received
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 16 cb ff fe 95 93 fb]
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: rcvd [IPCP ConfAck id=0x1 ]
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: rcvd [IPCP ConfReq id=0x2   ]
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: sent [IPCP ConfAck id=0x2   ]
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: Cannot determine ethernet address for proxy ARP
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: local IP address 10.242.3.1
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: remote IP address 10.242.3.4
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: Script /etc/ppp/ip-up started (pid 1755)
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="jcooper" variant="l2tp" srcip="10.20.0.14" virtual_ip="10.242.3.4"
2014:11:05-10:04:42 kingarch pppd-l2tp[1728]: Script /etc/ppp/ip-up finished (pid 1755), status = 0x0
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: rcvd [LCP TermReq id=0x2 "User request"]
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: LCP terminated by peer (User request)
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: Connect time 0.2 minutes.
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: Sent 2143 bytes, received 1865 bytes.
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: Script /etc/ppp/ip-down started (pid 1807)
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: Overriding mtu 1500 to 1380
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: PPPoL2TP options: lnsmode tid 47333 sid 18483 debugmask 0
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: Overriding mru 1500 to mtu value 1380
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: sent [LCP TermAck id=0x2]
2014:11:05-10:04:50 kingarch openl2tpd[28144]: PROTO: tunl 47333/18483: CDN received from peer 3
2014:11:05-10:04:50 kingarch openl2tpd[28144]: PROTO: tunl 47333: STOPCCN received
2014:11:05-10:04:50 kingarch openl2tpd[28144]: FSM: CCE(47333) event STOPCCN in state ESTABLISHED
2014:11:05-10:04:50 kingarch openl2tpd[28144]: FUNC: tunl 47333 down
2014:11:05-10:04:50 kingarch openl2tpd[28144]: FSM: CCE(47333) state change: ESTABLISHED --> CLOSING
2014:11:05-10:04:50 kingarch openl2tpd[28144]: tunl 47333: tunnel close acknowledged by peer
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: Terminating on signal 15
2014:11:05-10:04:50 kingarch pluto[28190]: "L_for VPN Users"[16] 10.20.0.14 #33: received Delete SA(0x00767108) payload: deleting IPSEC State #34
2014:11:05-10:04:50 kingarch pluto[28190]: "L_for VPN Users"[16] 10.20.0.14 #33: deleting connection "L_for VPN Users"[16] instance with peer 10.20.0.14 {isakmp=#0/ipsec=#0}
2014:11:05-10:04:50 kingarch pluto[28190]: "L_for VPN Users"[16] 10.20.0.14 #33: received Delete SA payload: deleting ISAKMP State #33
2014:11:05-10:04:50 kingarch pluto[28190]: "L_for VPN Users"[16] 10.20.0.14: deleting connection "L_for VPN Users"[16] instance with peer 10.20.0.14 {isakmp=#0/ipsec=#0}
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="jcooper" variant="l2tp" srcip="10.20.0.14" virtual_ip="10.242.3.4"
2014:11:05-10:04:50 kingarch pppd-l2tp[1728]: Script /etc/ppp/ip-down finished (pid 1807), status = 0x0
2014:11:05-10:04:52 kingarch openl2tpd[28144]: FUNC: tunl 47333 deleted
2014:11:05-10:04:52 kingarch openl2tpd[28144]: FUNC: tunl 47333: deleting context
2014:11:05-10:04:53 kingarch pppd-l2tp[1728]: Connection terminated.
2014:11:05-10:04:53 kingarch pppd-l2tp[1728]: Modem hangup
2014:11:05-10:04:53 kingarch pppd-l2tp[1728]: Exit.

Anyone understand these entries well enough to help me sort out what's going on?

Thanks,

Jeff

This thread was automatically locked due to age.