Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 514 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2tp vpn terminated when radius is offline

_Tobias_

Hello everyone,

we have enabled L2TP VPN using Radius authentication. In the authentication server settings, we have "radius" at position 5, as server we have an availability Group with both our configured radius servers (both tested and working). At postition 6 and 7 we have "radius" servers with the explicit radius servers, not the availability group.

Now when I restart the radius server that is used by the availability group at the moment, I would have thought that the second server keeps everything running. Instead, when I reboot this server, all running L2TP VPN users are disconnected at the same time. The log sais (one example user):

id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="Roland.Deschaine" variant="l2tp" srcip="19.99.19.99" virtual_ip="10.0.0.19"

Service Monitor Deamon only tells me that the radius server change to state OFFLINE.

Is there a way to get some kind of "transparent failover", where the VPN users will not get kicked out when I reboot the RADIUS server?

Thanks for you input!

Config screenshots below:



This thread was automatically locked due to age.
  • 0

    Hallo Tobias,

    I don't recall ever seeing this issue addressed here.  When Sophos Support answers this question, please share what you learn.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey Bob,

    for now I only saw this once - I alredy rebooted RADIUS Servers before during the day, but this time everyone got disconnected. I cannot tell if it happend before, I did not notice it before.

    But I am understanding right: it should not happen? When I have a running L2PT client connection, authenticated by a RADIUS availability group, and the currently used RADIUS server goes down, the VPN should not be cut off? The problem is I am not that familliar with network protocolls, I would have thought that an authenticated L2TP session would not need a permanent connection to the authentication service - maybe every few minutes...

    So if our behaviour is not normal, then I will try to reproduce it when most home office users are offline - maybe it was a onetime glitch - and if I can reproduce it, I will definitly open up a ticket.

    Regards,

    Tobias

Unfiltered HTML