VPN doesn't connect to Meraki MX100

We’ve got the following setup:

2 x Meraki MX100 in datacenter setup with RADIUS authentications to Duo Proxy
2 x Windows Server 2019 Domain Controllers with Duo Proxy 5.7.1 installed
Windows 11 laptops with L2TP VPN configuration to MX100

Occasionally some users won’t receive a push message when they try to connect to the VPN. When we try to troubleshoot and log in with a different account, it will work without changing any settings. Sometimes after we closed our session, the user is able to use the VPN again. However, most of the time we need to delete the VPN profile, and re-configure the Windows VPN client from scratch again.

  • Looking at the authproxy.log on the Domain Controllers, there is no trace of the user trying to connect.
  • If we bypass the user in the Duo Portal, the VPN connects
  • It never happens to multiple users at the same time

Because it randomly happens to users and we can’t pin it down to hardware or configuration flaws, we are getting a little bit frustrated?

Is anyone experiencing the same issue, or has some advice on where to start looking next?

Depending on how often it happens, are you able to setup a packet capture on the MX to the RADIUS servers and see if that call is being made? As well does it happen at a time of high traffic on the interfaces?

A couple of days after this post, the issue resolved itself. I believe it has been traced back to a bug at Duo’s end, resulting in the push messages never getting sent.

Unfortunately, Duo Support wasn’t aware by the time I contacted them. They suggested deploying AnyConnect instead of using the built-in Windows VPN client.