An L2TP dialup user can get online but cannot ping the LNS address

1

When L2TP connections between dialup software or non-Huawei LAC and the AR are established, several options (such as packet header compression) are not supported by the AR. The parameters involved in the negotiation do not affect the establishment of L2TP connections. Incorrect negotiations may cause incorrect packet encapsulation, leading to packet loss.
When the AR functions as the LNS, you are advised to enable LCP re-negotiation by running the mandatory-lcp command.
The mandatory-lcp command enables LCP renegotiation between the LNS and a remote user.

Other related questions:
Can L2TP tunnels be established if the public address of the LNS is not fixed
Yes. You need to associate the public IP address of the LNS with a domain name and set the domain name as the server address on the LAC.

A user successfully initiates L2TP dialup, but cannot access the private network. Why?
A user successfully initiates L2TP dialup, but cannot access the private network. The possible causes are as follows: - The firewall is enabled on the intranet host. - The local and remote devices are on the same network segment. - The access address through L2TP dialup and LAN users are on the same network segment, and proxy ARP is not enabled. - The MTU on the virtual interface is incorrect. It is recommended that the MTU of the virtual interface plus all the header lengths should not exceed the MTU of the interface. Otherwise, packets will be discarded if some devices do not support fragmentation. - The MSS on the virtual interface is incorrect. Ensure that the MSS plus all the header lengths does not exceed the MTU. - LCP re-negotiation is not configured. - There are unreachable routes. - Tunnel authentication is not configured. - IPSec encryption is not configured and data flows do not match ACLs.

USG6000 LNS allocating a DNS address to the client
The specific content of the DNS address allocated by the USG6000 LNS to the client is as follows: HRP_Asys HRP_A[USG6600]interface Virtual-Template 1 HRP_A[USG6600-Virtual-Template1]ppp ipcp dns 8.8.8.8 HRP_A[USG6600-Virtual-Template1]qu HRP_A[USG6600] Command introduction: ppp ipcp dns Command function: The ppp ipcp dns command is used to configure the DNS server address. The undo ppp ipcp dns command is used to restore the default configuration. Command format: ppp ipcp dns { primary-dns-address [ secondary-dns-address ] | admit-any | request } undo ppp ipcp dns { primary-dns-address [ secondary-dns-address ] | admit-any | request } Parameter description: primary-dns-address specifies the address of the primary DNS server provided for the peer end. The value is in dotted decimal notation. secondary-dns-address specifies the address of the secondary DNS server provided for the peer end. The value is in dotted decimal notation. admit-any specifies any DNS server address provided for the peer end. - request specifies the request sent to the peer end for the DNS server address - View Interface view Default level: 2: Configuration level Use guide: By default, the DNS server address is not configured. Example: #Set the IP address of the primary DNS server obtained from the peer end to 10.2.0.70, and the IP address of the secondary DNS server to 10.2.0.71. system-view [sysname] interface Dialer 0 [sysname-Dialer0] ppp ipcp dns 10.2.0.70 10.2.0.71

Configuring the LNS to use the RADIUS server to authenticate mobile users in a Client-Initiated scenario
Configure the LNS to use the RADIUS server to authenticate mobile users in a Client-Initiated scenario as follows: Example for Configuring L2TP VPN (RADIUS Authentication) in the Client-Initiated Scenario

The IP address delivered by the RADIUS server is used for L2TP dialup, but the terminal cannot obtain an IP address
In versions between V200R005C10 and V200R005C30, the AR checks the global IP address pool. When the IP address pool is not configured, the AR cannot obtain an IP address. In V200R005C30 and later versions, you can choose not to configure an IP address pool. You can configure an IP address pool on the same network segment as the IP address delivered by the RADIUS server. Then the terminal can obtain the IP address.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top