In T4457#124584, @NikolayP wrote:

The problem seems to be in these lines:

set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.1'
set vpn l2tp remote-access client-ip-pool start '172.25.255.1'
set vpn l2tp remote-access client-ip-pool stop '172.25.255.14'

Replacing "static IP" with 172.25.255.2 makes it work in VyOS 1.3.1

set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2'

Full corrected config for 1.3.1 from the first post:

set interfaces dummy dum4 address '4.4.4.4/32'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth1 address '192.168.6.31/24'
set service ssh
set vpn ipsec ipsec-interfaces interface 'eth1'
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal 'enable'
set vpn l2tp remote-access authentication local-users username test password 'test'
set vpn l2tp remote-access authentication local-users username test static-ip '172.25.255.2'
set vpn l2tp remote-access authentication mode 'local'
set vpn l2tp remote-access authentication require 'mschap-v2'
set vpn l2tp remote-access client-ip-pool start '172.25.255.1'
set vpn l2tp remote-access client-ip-pool stop '172.25.255.14'
set vpn l2tp remote-access idle '1800'
set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret'
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 'test'
set vpn l2tp remote-access ipsec-settings ike-lifetime '3600'
set vpn l2tp remote-access ipsec-settings lifetime '3600'
set vpn l2tp remote-access outside-address '192.168.6.31'

In T4460#124345, @Viacheslav wrote:

From provided log syntax error in config string 6
‘holding-time 300’

But yes “ cisco-authentication” shouldn’t be without values

Tested on the latest rolling release:

I've also checked this behaviour on VyOS 1.3.0-epa3 an it seems similar, steps to reproduce:

In T4073#113759, @c-po wrote:

Can you please provide a CLI config to reproduce this issue?