0

I've got a VPN L2TP/IPsec server behind a NAT-T device. I had issues with connecting windows clients to the server but that was resolved via adding a registry entry "AssumeUDPEncapsulationContextOnSendRule". As per this link.

The next issue is that although connected, the windows clients cannot access any web interface of devices on the VPN network. For example, 192.168.2.1:80 (routers interface), as well as access to the NAS interface and controllers. However the windows client can access SHH connection to devices, as well as any networked shared drives from the NAS, it's only web interfaces/traffic that is not working.

If I connect the same windows client via a PPTP link to the same VPN server, there is no issue with access. I've confirmed it's not an issue on the server/router side by using an iOS device to connect via L2TP. The iOS device can access files, web interface and internet when it is connected.

Are there any settings on the client that could prevent browser traffic from using the VPN? The windows clients cannot access the internet via this VPN connection either.

Network Diagram

Josh
  • 13
  • 4
  • Are you sure that no http proxy is involved in your configuration and that effect is the same across different browsers? A wireshark trace on a client side of VPN interface would be very helpful. My guess is that this issue is MTU-related, in this case ftp transfers of sufficiently large files should stall. You could lower the MTU on a VPN to 1300 and see if it helps. – Peter Zhabin Mar 12 '17 at 08:20
  • @Peter Zhabin Excellent, I lowered MTU to 1300, the issue persisted, the packets were still fragmenting, lowering it to 1288 and success! I wonder why the higher MTU value is an issue for windows clients, but not iOS. If you write this up as an answer I'll mark it as the solution. – Josh Mar 13 '17 at 06:18

1 Answers1

0

My guess is that this issue is MTU-related, in this case ftp transfers of sufficiently large files should stall. You could lower the MTU on a VPN to 1200 and see if it helps. On a side note, if the above helps, it indicates an issue with Path MTU Discovery, which may need further (and maybe cumbersome) debugging.

Peter Zhabin
  • 2,276
  • 8
  • 10
  • Thanks, for those who have a similar issue, I found the max MTU value via the following [link](http://www.tp-link.com/us/FAQ-190.html) – Josh Mar 13 '17 at 21:52