L2TP Troubleshooting Guide

Article #: Product Castle
1575 Unified Threat Management All


L2TP has been supported by Smoothwall since version 3.1 and above. This troubleshooting guide is an addition to the information in the Smoothwall help.


The IPSec Policy Agent is not started on the Windows client

If this is the case, the client might complain that the modem is not responding. Check the system services in the Computer Management console that the IPSEC Policy Agent is set to start automatically and that it is running. This service is sometimes disabled by other IPSEC Software, so make sure other IPSec software is uninstalled as well:

  • The L2TP Connection supports NAT-Traversal, but some SOHO ADSL modem/routers use IPSec passthrough which can confuse things a bit and prevent a successful connection.

Invalid certificates

If the time settings on the Smoothwall l have not been set correctly, the validity of the certificates can be void. Make sure that time is set correctly on the Smoothwall side when creating certificates and on the client using the certificate.

After importing the certificates, they can be checked by opening a MMC (Microsoft Management Console), adding the certificate snap-in for the local computer account. Look in the Trusted Root CA folder and in the Personal Certificates folder for the imported CA and certificate.

Incorrect IP address

Ensure that the local IP you select is the subnet of the client IP rather than the external IP that should be listened on.


Last updated: Author: Contributions by:
1st December 2016   Tanja