Routes not set

[hmvs]

Not sure that it is issue with xl2tpd. But maybe someone can help me to narrow down the issue. We have some Windows based VPN which has L2TP over IPSec.

Client is latest Ubuntu 18.04: Linux 4.18.0-16-generic #17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux xl2tpd version: xl2tpd-1.3.10 Linux strongSwan U5.6.2/K4.18.0-16-generic

So, I`ve setup. via network manager. I can connect and use network If "Use this connection only for resources in this network" is not set.

But if I set this checkbox, seems to be routes is missing. The only route is added when I connected to VPN is 10.16.251.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 But all the resources we have on 10.0.0.0 range.

Basic setup on Mac OS works out the box. In mac this routes added after connection:

default            link#14            UCSI            0        0    ppp0       
10                 ppp0               USc             2        0    ppp0       
10.16.251.2        10.16.251.4        UH              0        0    ppp0       
224.0.0/4          link#14            UmCSI           0        0    ppp0    
255.255.255.255/32 link#14            UCSI            0        0    ppp0     

Syslog

Mar 16 11:08:24 hmvs-laptop charon: 11[NET] sending packet: from 192.168.0.206[4500] to 34.xxx.xxx.xxx[4500] (84 bytes)
Mar 16 11:08:52 hmvs-laptop /usr/lib/gdm3/gdm-x-session[1762]: (II) modeset(0): EDID vendor "AUO", prod id 16877
Mar 16 11:08:52 hmvs-laptop /usr/lib/gdm3/gdm-x-session[1762]: (II) modeset(0): Printing DDC gathered Modelines:
Mar 16 11:08:52 hmvs-laptop /usr/lib/gdm3/gdm-x-session[1762]: (II) modeset(0): Modeline "1920x1080"x0.0  141.00  1920 2028 2076 2100  1080 1090 1100 1118 -hsync -vsync (67.1 kHz eP)
Mar 16 11:08:52 hmvs-laptop /usr/lib/gdm3/gdm-x-session[1762]: (II) modeset(0): Modeline "1920x1080"x0.0   94.00  1920 2028 2076 2100  1080 1090 1100 1118 -hsync -vsync (44.8 kHz e)
Mar 16 11:08:52 hmvs-laptop org.gnome.Shell.desktop[1898]: Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x3400015 (Settings)
Mar 16 11:09:02 hmvs-laptop NetworkManager[1010]: <info>  [1552727342.7424] audit: op="connection-activate" uuid="712b62e6-ce6b-49ea-aab2-29af6c027ac9" name="MyVPN L2TP" pid=5789 uid=1000 result="success"
Mar 16 11:09:02 hmvs-laptop NetworkManager[1010]: <info>  [1552727342.7565] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",0]: Started the VPN service, PID 22280
Mar 16 11:09:02 hmvs-laptop NetworkManager[1010]: <info>  [1552727342.7639] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",0]: Saw the service appear; activating connection
Mar 16 11:09:02 hmvs-laptop NetworkManager[1010]: <info>  [1552727342.8250] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",0]: VPN connection: (ConnectInteractive) reply received
Mar 16 11:09:03 hmvs-laptop nm-l2tp-service[22280]: Check port 1701
Mar 16 11:09:03 hmvs-laptop nm-l2tp-service[22280]: Can't bind to port 1701
Mar 16 11:09:03 hmvs-laptop NetworkManager[1010]: Stopping strongSwan IPsec...
Mar 16 11:09:03 hmvs-laptop charon: 00[DMN] signal of type SIGINT received. Shutting down
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 15[NET] received packet: from 34.xxx.xxx.xxx[4500] to 192.168.0.206[4500] (76 bytes)
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 15[ENC] parsed INFORMATIONAL_V1 request 4107281500 [ HASH D ]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 15[IKE] received DELETE for ESP CHILD_SA with SPI 9c9bc530
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 15[IKE] closing CHILD_SA myvpn{3} with SPIs ceec0601_i (1313 bytes) 9c9bc530_o (7196 bytes) and TS 192.168.0.206/32[udp/l2f] === 34.xxx.xxx.xxx/32[udp/l2f]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 16[NET] received packet: from 34.xxx.xxx.xxx[4500] to 192.168.0.206[4500] (76 bytes)
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 16[ENC] parsed QUICK_MODE response 1783158752 [ HASH N(INIT_CONTACT) ]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 16[IKE] ignoring fourth Quick Mode message
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 05[IKE] sending keep alive to 34.xxx.xxx.xxx[4500]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 11[IKE] sending keep alive to 34.xxx.xxx.xxx[4500]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 10[KNL] interface ppp1 deactivated
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 07[KNL] 10.16.251.7 disappeared from ppp1
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 16[KNL] interface ppp1 deleted
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 05[CFG] received stroke: terminate 'myvpn'
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 11[IKE] closing CHILD_SA myvpn{4} with SPIs c6a63d23_i (124 bytes) c9d9f532_o (228 bytes) and TS 192.168.0.206/32[udp/l2f] === 34.xxx.xxx.xxx/32[udp/l2f]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 11[IKE] sending DELETE for ESP CHILD_SA with SPI c6a63d23
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 11[ENC] generating INFORMATIONAL_V1 request 1375582490 [ HASH D ]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 11[NET] sending packet: from 192.168.0.206[4500] to 34.xxx.xxx.xxx[4500] (76 bytes)
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 11[IKE] deleting IKE_SA myvpn[1] between 192.168.0.206[192.168.0.206]...34.xxx.xxx.xxx[10.16.1.155]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 11[IKE] sending DELETE for IKE_SA myvpn[1]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 11[ENC] generating INFORMATIONAL_V1 request 848441476 [ HASH D ]
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 11[NET] sending packet: from 192.168.0.206[4500] to 34.xxx.xxx.xxx[4500] (84 bytes)
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: 00[DMN] signal of type SIGINT received. Shutting down
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: charon stopped after 200 ms
Mar 16 11:09:03 hmvs-laptop ipsec[20333]: ipsec starter stopped
Mar 16 11:09:05 hmvs-laptop NetworkManager[1010]: Starting strongSwan 5.6.2 IPsec [starter]...
Mar 16 11:09:05 hmvs-laptop NetworkManager[1010]: Loading config setup
Mar 16 11:09:05 hmvs-laptop NetworkManager[1010]: Loading conn '712b62e6-ce6b-49ea-aab2-29af6c027ac9'
Mar 16 11:09:05 hmvs-laptop NetworkManager[1010]: found netkey IPsec stack
Mar 16 11:09:05 hmvs-laptop charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.18.0-16-generic, x86_64)
Mar 16 11:09:05 hmvs-laptop charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Mar 16 11:09:05 hmvs-laptop charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Mar 16 11:09:05 hmvs-laptop charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Mar 16 11:09:05 hmvs-laptop charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Mar 16 11:09:05 hmvs-laptop charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 16 11:09:05 hmvs-laptop charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 16 11:09:05 hmvs-laptop charon: 00[CFG]   loaded IKE secret for %any
Mar 16 11:09:05 hmvs-laptop charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-712b62e6-ce6b-49ea-aab2-29af6c027ac9.secrets'
Mar 16 11:09:05 hmvs-laptop charon: 00[CFG]   loaded IKE secret for %any
Mar 16 11:09:05 hmvs-laptop charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Mar 16 11:09:05 hmvs-laptop charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Mar 16 11:09:05 hmvs-laptop charon: 00[JOB] spawning 16 worker threads
Mar 16 11:09:05 hmvs-laptop charon: 06[CFG] received stroke: add connection '712b62e6-ce6b-49ea-aab2-29af6c027ac9'
Mar 16 11:09:05 hmvs-laptop charon: 06[CFG] added configuration '712b62e6-ce6b-49ea-aab2-29af6c027ac9'
Mar 16 11:09:06 hmvs-laptop charon: 08[CFG] rereading secrets
Mar 16 11:09:06 hmvs-laptop charon: 08[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 16 11:09:06 hmvs-laptop charon: 08[CFG]   loaded IKE secret for %any
Mar 16 11:09:06 hmvs-laptop charon: 08[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-712b62e6-ce6b-49ea-aab2-29af6c027ac9.secrets'
Mar 16 11:09:06 hmvs-laptop charon: 08[CFG]   loaded IKE secret for %any
Mar 16 11:09:06 hmvs-laptop charon: 09[CFG] received stroke: initiate '712b62e6-ce6b-49ea-aab2-29af6c027ac9'
Mar 16 11:09:06 hmvs-laptop charon: 12[IKE] initiating Main Mode IKE_SA 712b62e6-ce6b-49ea-aab2-29af6c027ac9[1] to 34.xxx.xxx.xxx
Mar 16 11:09:06 hmvs-laptop charon: 12[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Mar 16 11:09:06 hmvs-laptop charon: 12[NET] sending packet: from 192.168.0.206[500] to 34.xxx.xxx.xxx[500] (236 bytes)
Mar 16 11:09:06 hmvs-laptop charon: 13[NET] received packet: from 34.xxx.xxx.xxx[500] to 192.168.0.206[500] (208 bytes)
Mar 16 11:09:06 hmvs-laptop charon: 13[ENC] parsed ID_PROT response 0 [ SA V V V V V V ]
Mar 16 11:09:06 hmvs-laptop charon: 13[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Mar 16 11:09:06 hmvs-laptop charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
Mar 16 11:09:06 hmvs-laptop charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 16 11:09:06 hmvs-laptop charon: 13[IKE] received FRAGMENTATION vendor ID
Mar 16 11:09:06 hmvs-laptop charon: 13[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Mar 16 11:09:06 hmvs-laptop charon: 13[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Mar 16 11:09:06 hmvs-laptop charon: 13[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 16 11:09:06 hmvs-laptop charon: 13[NET] sending packet: from 192.168.0.206[500] to 34.xxx.xxx.xxx[500] (244 bytes)
Mar 16 11:09:06 hmvs-laptop charon: 14[NET] received packet: from 34.xxx.xxx.xxx[500] to 192.168.0.206[500] (260 bytes)
Mar 16 11:09:06 hmvs-laptop charon: 14[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Mar 16 11:09:06 hmvs-laptop charon: 14[IKE] local host is behind NAT, sending keep alives
Mar 16 11:09:06 hmvs-laptop charon: 14[IKE] remote host is behind NAT
Mar 16 11:09:06 hmvs-laptop charon: 14[ENC] generating ID_PROT request 0 [ ID HASH ]
Mar 16 11:09:06 hmvs-laptop charon: 14[NET] sending packet: from 192.168.0.206[4500] to 34.xxx.xxx.xxx[4500] (68 bytes)
Mar 16 11:09:06 hmvs-laptop charon: 15[NET] received packet: from 34.xxx.xxx.xxx[4500] to 192.168.0.206[4500] (68 bytes)
Mar 16 11:09:06 hmvs-laptop charon: 15[ENC] parsed ID_PROT response 0 [ ID HASH ]
Mar 16 11:09:06 hmvs-laptop charon: 15[IKE] IKE_SA 712b62e6-ce6b-49ea-aab2-29af6c027ac9[1] established between 192.168.0.206[192.168.0.206]...34.xxx.xxx.xxx[10.16.1.155]
Mar 16 11:09:06 hmvs-laptop charon: 15[IKE] scheduling reauthentication in 10068s
Mar 16 11:09:06 hmvs-laptop charon: 15[IKE] maximum IKE_SA lifetime 10608s
Mar 16 11:09:06 hmvs-laptop charon: 15[ENC] generating QUICK_MODE request 2684142652 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mar 16 11:09:06 hmvs-laptop charon: 15[NET] sending packet: from 192.168.0.206[4500] to 34.xxx.xxx.xxx[4500] (220 bytes)
Mar 16 11:09:07 hmvs-laptop charon: 03[NET] received packet: from 34.xxx.xxx.xxx[4500] to 192.168.0.206[4500] (212 bytes)
Mar 16 11:09:07 hmvs-laptop charon: 03[ENC] parsed QUICK_MODE response 2684142652 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mar 16 11:09:07 hmvs-laptop charon: 03[IKE] CHILD_SA 712b62e6-ce6b-49ea-aab2-29af6c027ac9{1} established with SPIs cf40311e_i e79fc9c4_o and TS 192.168.0.206/32 === 34.xxx.xxx.xxx/32[udp/l2f]
Mar 16 11:09:07 hmvs-laptop charon: 03[ENC] generating QUICK_MODE request 2684142652 [ HASH ]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: initiating Main Mode IKE_SA 712b62e6-ce6b-49ea-aab2-29af6c027ac9[1] to 34.xxx.xxx.xxx
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: generating ID_PROT request 0 [ SA V V V V V ]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: sending packet: from 192.168.0.206[500] to 34.xxx.xxx.xxx[500] (236 bytes)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received packet: from 34.xxx.xxx.xxx[500] to 192.168.0.206[500] (208 bytes)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: parsed ID_PROT response 0 [ SA V V V V V V ]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received MS NT5 ISAKMPOAKLEY vendor ID
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received NAT-T (RFC 3947) vendor ID
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received FRAGMENTATION vendor ID
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: sending packet: from 192.168.0.206[500] to 34.xxx.xxx.xxx[500] (244 bytes)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received packet: from 34.xxx.xxx.xxx[500] to 192.168.0.206[500] (260 bytes)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: local host is behind NAT, sending keep alives
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: remote host is behind NAT
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: generating ID_PROT request 0 [ ID HASH ]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: sending packet: from 192.168.0.206[4500] to 34.xxx.xxx.xxx[4500] (68 bytes)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received packet: from 34.xxx.xxx.xxx[4500] to 192.168.0.206[4500] (68 bytes)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: parsed ID_PROT response 0 [ ID HASH ]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: IKE_SA 712b62e6-ce6b-49ea-aab2-29af6c027ac9[1] established between 192.168.0.206[192.168.0.206]...34.xxx.xxx.xxx[10.16.1.155]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: scheduling reauthentication in 10068s
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: maximum IKE_SA lifetime 10608s
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: generating QUICK_MODE request 2684142652 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: sending packet: from 192.168.0.206[4500] to 34.xxx.xxx.xxx[4500] (220 bytes)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: received packet: from 34.xxx.xxx.xxx[4500] to 192.168.0.206[4500] (212 bytes)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: parsed QUICK_MODE response 2684142652 [ HASH SA No ID ID NAT-OA NAT-OA ]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: CHILD_SA 712b62e6-ce6b-49ea-aab2-29af6c027ac9{1} established with SPIs cf40311e_i e79fc9c4_o and TS 192.168.0.206/32 === 34.xxx.xxx.xxx/32[udp/l2f]
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: connection '712b62e6-ce6b-49ea-aab2-29af6c027ac9' established successfully
Mar 16 11:09:07 hmvs-laptop charon: 03[NET] sending packet: from 192.168.0.206[4500] to 34.xxx.xxx.xxx[4500] (60 bytes)
Mar 16 11:09:07 hmvs-laptop nm-l2tp-service[22280]: xl2tpd started with pid 22361
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Not looking for kernel SAref support.
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Using l2tp kernel support.
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: xl2tpd version xl2tpd-1.3.10 started on hmvs-laptop PID:22361
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Forked by Scott Balmos and David Stipp, (C) 2001
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Inherited by Jeff McAdams, (C) 2002
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Listening on IP address 0.0.0.0, port 46052
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Connecting to host 34.xxx.xxx.xxx, port 1701
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: <info>  [1552727347.3968] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",0]: VPN plugin: state changed: starting (3)
Mar 16 11:09:07 hmvs-laptop charon: 06[NET] received packet: from 34.xxx.xxx.xxx[4500] to 192.168.0.206[4500] (76 bytes)
Mar 16 11:09:07 hmvs-laptop charon: 06[ENC] parsed QUICK_MODE response 2684142652 [ HASH N(INIT_CONTACT) ]
Mar 16 11:09:07 hmvs-laptop charon: 06[IKE] ignoring fourth Quick Mode message
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Connection established to 34.xxx.xxx.xxx, 1701.  Local: 14203, Remote: 975 (ref=0/0).
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Calling on tunnel 14203
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: Call established with 34.xxx.xxx.xxx, Local: 12749, Remote: 1, Serial: 1 (ref=0/0)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: start_pppd: I'm running:
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: "/usr/sbin/pppd"
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: "plugin"
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: "pppol2tp.so"
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: "pppol2tp"
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: "7"
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: "passive"
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: "nodetach"
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: ":"
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: "file"
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: xl2tpd[22361]: "/var/run/nm-l2tp-ppp-options-712b62e6-ce6b-49ea-aab2-29af6c027ac9"
Mar 16 11:09:07 hmvs-laptop pppd[22363]: Plugin pppol2tp.so loaded.
Mar 16 11:09:07 hmvs-laptop pppd[22363]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
Mar 16 11:09:07 hmvs-laptop pppd[22363]: pppd 2.4.7 started by root, uid 0
Mar 16 11:09:07 hmvs-laptop pppd[22363]: Using interface ppp0
Mar 16 11:09:07 hmvs-laptop pppd[22363]: Connect: ppp0 <-->
Mar 16 11:09:07 hmvs-laptop pppd[22363]: Overriding mtu 1500 to 1400
Mar 16 11:09:07 hmvs-laptop pppd[22363]: Overriding mru 1500 to mtu value 1400
Mar 16 11:09:07 hmvs-laptop systemd-udevd[22366]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: <info>  [1552727347.8489] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/14)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: <info>  [1552727347.8599] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Mar 16 11:09:07 hmvs-laptop NetworkManager[1010]: <info>  [1552727347.8600] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Mar 16 11:09:08 hmvs-laptop pppd[22363]: CHAP authentication succeeded
Mar 16 11:09:09 hmvs-laptop charon: 11[KNL] 10.16.251.3 appeared on ppp0
Mar 16 11:09:09 hmvs-laptop pppd[22363]: local  IP address 10.16.251.3
Mar 16 11:09:09 hmvs-laptop pppd[22363]: remote IP address 10.16.251.2
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1327] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Mar 16 11:09:09 hmvs-laptop pppd[22363]: primary   DNS address 10.16.254.254
Mar 16 11:09:09 hmvs-laptop pppd[22363]: secondary DNS address 10.16.0.2
Mar 16 11:09:09 hmvs-laptop charon: 13[KNL] 10.16.251.3 disappeared from ppp0
Mar 16 11:09:09 hmvs-laptop charon: 13[KNL] 10.16.251.3 appeared on ppp0
Mar 16 11:09:09 hmvs-laptop charon: 03[KNL] interface ppp0 activated
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1362] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1369] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",0]: VPN connection: (IP4 Config Get) reply received from old-style plugin
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1377] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data: VPN Gateway: 34.xxx.xxx.xxx
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1377] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data: Tunnel Device: "ppp0"
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1377] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data: IPv4 configuration:
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1377] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data:   Internal Address: 10.16.251.3
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1377] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data:   Internal Prefix: 32
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1378] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data:   Internal Point-to-Point Address: 10.16.251.2
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1378] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data:   Static Route: 10.16.251.2/32   Next Hop: 0.0.0.0
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1378] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data:   Internal DNS: 10.16.254.254
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1378] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data:   Internal DNS: 10.16.0.2
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1379] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data:   DNS Domain: '(none)'
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1379] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: Data: No IPv6 configuration
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1379] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: VPN plugin: state changed: started (4)
Mar 16 11:09:09 hmvs-laptop NetworkManager[1010]: <info>  [1552727349.1414] vpn-connection[0x55dcac42e470,712b62e6-ce6b-49ea-aab2-29af6c027ac9,"MyVPN L2TP",14:(ppp0)]: VPN connection: (IP Config Get) complete
Mar 16 11:09:09 hmvs-laptop dbus-daemon[988]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.13' (uid=0 pid=1010 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
Mar 16 11:09:09 hmvs-laptop systemd[1]: Starting Network Manager Script Dispatcher Service...
Mar 16 11:09:09 hmvs-laptop dbus-daemon[988]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Mar 16 11:09:09 hmvs-laptop systemd[1]: Started Network Manager Script Dispatcher Service.
Mar 16 11:09:09 hmvs-laptop nm-dispatcher: req:1 'vpn-up' [ppp0]: new request (1 scripts)
Mar 16 11:09:09 hmvs-laptop nm-dispatcher: req:1 'vpn-up' [ppp0]: start running ordered scripts...
Mar 16 11:09:10 hmvs-laptop systemd-resolved[22099]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Mar 16 11:09:10 hmvs-laptop systemd-resolved[22099]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
Mar 16 11:09:32 hmvs-laptop charon: 10[IKE] sending keep alive to 34.xxx.xxx.xxx[4500]

[dkosovic]

In this case xl2tpd doesn't set the routing, your dhcp client does.

Windows Server provides DHCP Option 121 and Option 249 for routing.

As of macOS 10.11 (El Capitan), DHCP Option 121 is supported, option 249 is ignored.

Try configuring your dhcp client to use Option 121 or 249.

[dkosovic]

Other option is to manually add the missing routing.

[hmvs]

Actually I ended up with manually added routing.