Got it

VPN is not connected over 4G interfaces

1164 0 0 0 0
Issue Description

We have the following scenario :

I have created an L2TP VPN on the AR169FWG-L and confirmed connectivity/authentication is OK.

I am using the 4G interface as the primary and the ADSL as the VPN connection however since we enabled the 4G interface the VPN will not connect. I suspect that this 
is because the default route is out the cellular however the static IP used for the VPN is on the ATM interface. I can connect to the VPN because I have a static route in place for my /24 range.

In the web gui that it is possible to define a static route and attach it to a VPN instance but the VPN instance is not listed when I attempt to create the static route – see below image.


I have not been able to identify any option via the CLI that would allow me to create a route for VPN traffic to be sent via the ATM interface rather than via cellular.

transparent.gif Root Cause

In order to be able to ping the ATM interface, you need to configure a static route on the AR device, so in this way the packets will know how to go back.

Create an Loopback Interface and bind the ATM Interface with the Loopback interface into tunnel interface

Redirect all the packets that are supposed to be sent on the L2TP tunnel over the WAN interface

transparent.gif Solution

First , configure the static route :  ip route-static destination IP   Dialer 1

Then, create an Loopback Interface on the AR169 like you can see below:


Then ,you can bind the ATM Interface with the Loopback interface in this way:


Note that IP unnumbered can be configured also on ATM interfaces.

In this way, the ATM Interface will use the IP address from the loopback interface 

      Since the IP addresses used in the network at the moment when the tunnel is initiated are unknown and because you cannot control all the time what IP address you receive from the ISP on the PC from which you initiate the L2TP tunnel, you can do like below:     

    Implement policy based routing in order to redirect all the packets that are supposed to be sent on the L2TP tunnel over the WAN interface.
     Please follow the below example:


1st Step : To redirect all the packets that are supposed to be sent over the L2TP tunnel we need to define an ACL which would select the traffic source from the 1701 UDP port  

acl number 3333

 rule 5 permit udp source-port eq 1701

2nd Step: Define a PBR to redirect the traffic on the WAN interface and apply it in the system view   

policy-based-route redirect_l2tp permit node 5   

if-match acl 3333              

    apply ip-address next-hop 

ip local policy-based-route redirect_l2tp  

  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.