VPN - iPhone >>> to UDM-Pro not seeing the L2TP-VPN server

Networking & Firewalls
1

ISSUE:
Installed VPN (L2TP) on the UDM-Pro. Setup VPN (L2PT) on my iPhone 11. iPhone 11 message: “The L2TP-VPN server did not respond. Try reconn…”. I tried with the iPhone Wi-Fi active and with it inactive. No success either way.

I have an Arris SBG7600AC2 cable modem. I attached a copy of the log file (Port 500) that was generated by the iPhone trying to connect via VPN (L2TP).

Based on the iPhone message, and the Arris log, I believe the issue is that I am not getting through the Arris cable modem and into the Ubiquity network. The Arris “L2TP pass through” is checked, so it should not be blocked, so it should not be ignored. The subnet for the Arris is “0” and the UDM-Pro is “1”. I had issues accessing my IoT things (thermostat, HA and EM equipment) when they were connected to the UDM-Pro so I moved them all back to the Arris. Can not port forward from the Arris to the UDM-Pro, although this would be a nice feature. The names, passwords… all match in each system.

Below is the setup for each required part. I have created and deleted these items a few times with no success.

Radius Server:

Enable Radius Server = Yes
Secret= XXXXXXXX
Clients= Configure clients section for whole network
Authentication Port= 1812
Accounting Port= 1813
Accounting Interim Interval= 3600
Tunnelled Reply= On

Radius User:
Name= XXXXXX
Password= ••••••••
VLAN= 70
Tunnel Type= 3 - Layer Two Tunneling Protocol (L2TP)
Tunnel Medium Type= 1 - IPv4 (IP version 4)

Network:

EDIT NETWORK - REMOTE_VPN
Name= Remote_VPN
Purpose= Remote User
VPN Type= L2TP Server
Pre-Shared Key= ••••••••
Interface= WAN
Gateway IP/Subnet= 192.168.70.1/24

Network IP Count= 254
Network IP Range= 192.168.70.1 - 192.168.70.254
IP Pool= 192.168.70.1 - 192.168.70.254
Name Server= AutoManual
DNS server 1
DNS server 2

RADIUS
RADIUS Profile= Default
Create new RADIUS profile
MS-CHAP v2
Require MS-CHAP v2= No

iPhone:

Type= L2TP
Server= My public IP address
Account= XXXXXX (the one created in the Services-Radius-Users)
Password= (the one created in the Services-Radius-Users)
Secret Password= XXXXXXXX (the one created in the Services-Radius-Server)

This is probably information “Overload” on my part, but I figured that I would try to eliminate most of your questions with the above info. Although, I noticed that there was no Port 500 mentioned in the UDM-Pro setup.

Your Thoughts?

Thanks
Don

VPN-UDP Packet sent from iPhone
VPN-UDP Packet sent from iPhone683×518 61.5 KB

2

You should have the modem in bridge mode do the UDM get’s a public IP address.

3

Thanks Tom, I will change it to bridge mode.

4

Good morning,
I changed the Arris cable modem to “Bridge Mode”, everything is working properly so far. I still need to move one of the IoT devices to the UDM-Pro to see if I can access it remotely. That is this mornings project.

The only issue that I see now is that while I am logged on the Ubiquity network I can no longer access the Arris cable modem as I could prior to going Bridge Mode. I kind of figured that this would happen. I will need to come up with a way to access it from home without having to manually plugging into the Arris each time to check something.

5

After changing to “Bridge Mode” I was encountering some problems with accessing the Arris cable modem and my IoT devices and then it would not let me in at all. Everything then went south. The IoT things connected directly to the Arris cable modem were no longer accessible, I could no longer access the modem. All the ports lost internet connectivity. My public IP address was changed. I finally had to factory reset the Arris. The IP address changed again.

I am now back to my original settings (Not Bridged) and I activated the Arris Wi-Fi so that I can get access to it in the future if needed.

I will have to research the VPN /UDM Pro access from another angle.

6

Ahhh, so after digging into the issues encountered, because I switched the Arris Cable modem to “Bridge Mode” I see that it actually was not a problem. The UDM-Pro connected fine and I had Internet Connectivity. The remaining 3 Arris ports did not have Internet connectivity… well they did, but I did not have a gateway attached to the port(s), so no Internet connectivity. Now I need to purchase a Gateway, maybe a Ubiquiti USG gateway, price is OK.

I have a user here at home that tends to go surfing and not look at what sites he is surfing at (especially ones that he clicks on from Tic-Tock… or what ever), so I figured I would keep him outside of the UDM-Pro (HomeNetwork) until I get proficient at Firewall rules and VLAN’s.