1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

L2TP VPN Help

Discussion in 'Networking' started by Anthony7, Apr 1, 2010.

Thread Status:
Not open for further replies.
  1. Anthony7

    Anthony7 Thread Starter

    Joined:
    Apr 7, 2009
    Messages:
    90
    Hi all,

    I am so deepserate at this point for suggestions on how to get my stupid L2TP VPN working. The basic setup is a Server 2008 VPN server behind a Dlink Dir 655, and clients running xp/vista/7 also behind a NAT device. The issue that occurs from all clients is error 789 "the l2tp connection attempt fialed becausethe security layer encountered and error during initial negotiations with the remote computer ". I am using a PSK with MSCHAP V2.

    I know the problem must be at the router or in the config or the client/server because I can connect to the VPN if I am on the same subnet end enter the VPN servers private IP, this works fine. PPTP works fine in this case from anywhere.

    Here is what I have tried:
    -Enabled the registry key on the server to allow for a PSK to be used
    -Added the key on the clients to allow for L2TP to access a server behind a NAT device
    -The router has all ports forwareded (1701, 500, 50 4500)
    -The router has IPSEC/L2TP VPN passthrough enabled
    -Tried putting server in DMZ
    -Turned off all server firewalls
    -Rebooted server, redid my RRAS config
    -Done shark captures and I see the sever replying, a lot is going on (will attach)
    -Event log says Network policy server is granting access
    -Tried from both windows 7 and windows xp client
    -The event log lists occasionaly a failed ISKAMP negotiation..... (will attach event)
    -Read all relevant microsoft articles
    -The entire first three pages of links form google...Read them all.
    -IPsec service is enabled on both client and server
    -Tried from multiple locations to connect (school, work, etc)
    -Router logs are not showing any blocked packets on syslog server
    -

    I am really out of ideas......

    Any help is appreciated as I have even talked to CCNA friends and they are stumped.... Im sure it has something to do with NAT even though I see NAT transversal negotiation going on in the packets.

    If you want ANY other info (full event log, more packet captures, more specifics) please ask and I will be more than happy to provide!

    Thank you so much!!!!!

    PS Ignore all the other traffic in the packet capture as there is a lot going on.

    Anthony
     

    Attached Files:

  2. Anthony7

    Anthony7 Thread Starter

    Joined:
    Apr 7, 2009
    Messages:
    90
    Oh and no lectures like: using a PSK with L2TP is kinda defeating security, and allowing connections a sever behind a NAT device modifies the packet header and is a security issue.....Dont care.

    Plus Yes my public IP is in the packet capture......... Dont care renewed this, although if you really want to you could use my registered DNS to get it..... Again I hope no one is trolling to attack me.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914103

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice