Solved

Windows XP VPN client to L2TP Server (RV082) Problem

Posted on 2009-06-29
5
2,704 Views
Last Modified: 2012-05-07
I have a linksys RV082 VPN server sat behind a router.  The server works for PPTP VPN connections, with UDP port 1723 forwarded, and GRE forwarded.  For L2TP VPN connections, I have UDP ports 500, and 4500 forwarded to the VPN server, and Nat-t enabled.

When using the Windows XP VPN client, the client begins the connection, then errors with error 792.  On the VPN server, I receive the following information in event log:

Jun 29 10:32:33 2009           VPN Log          Received Vendor ID payload Type = [MS NT5 ISAKMPOAKLEY 00000004]
Jun 29 10:32:33 2009          VPN Log         Ignoring Vendor ID payload Type = [FRAGMENTATION]
Jun 29 10:32:33 2009          VPN Log         Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02_n]
Jun 29 10:32:33 2009          VPN Log         Ignoring Vendor ID payload [26244d38eddb61b3...]
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Jun 29 10:32:33 2009          VPN Log         Create a temporary connection for incoming Microsoft VPN Client negotiation packet.
Jun 29 10:32:33 2009          VPN Log         (NATT)responding to Main Mode from unknown peer 149.254.216.1:15698
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Jun 29 10:32:34 2009          VPN Log         Main mode peer ID is ID_IPV4_ADDR: '192.168.100.103'
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] Initiator Cookies = 53fb 323a 6864 4259
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] Responder Cookies = bb7f 0b3 7b3 ca48
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Jun 29 10:32:35 2009          VPN Log         Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb1b322df (perhaps this is a duplicated packet)
Jun 29 10:32:35 2009          VPN Log         Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb1b322df (perhaps this is a duplicated packet)
Jun 29 10:32:41 2009          VPN Log         Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb1b322df (perhaps this is a duplicated packet)

Can anyone help get this sorted?
0
Comment
Question by:Eboracum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:Eboracum
ID: 24735376
I've tested the connection using "TheGreenBow"'s vpn client, and after switching both the VPN server and client to Aggressive mode, I can connect successfully, so I'm reasonably sure the VPN server is working, and clients can connect to it, its just the Microsoft VPN client that I'm having problems getting it to work with
0
 
LVL 78

Expert Comment

by:arnold
ID: 24741614
L2TP uses UDP/TCP 1701.
Are you using L2TP over IPSEC? Did you configure the IPSEC policy on the windows system?

The duplicate message is unclear whether the router in front of the Windows system is retransmitting the same packet.

It might not be enough information to determine what is going on.
0
 

Author Comment

by:Eboracum
ID: 24752239
The main problem has been a miss-understanding of terms.  The RV082 supports IPSEC tunnels, its not a L2TP/IPsec VPN server.  So I could get the greenbow client to connect and work, as it creates an IPSec tunnel, but the windows xp one wants to connect to a L2TP server, so it wont work.

The greenbow client is a bit too expensive at the moment though, so I'm currently testing setting up the IPSEC policy on the windows system, which I can get to connect, and the RV082 shows a successful tunnel created, but I cannot access any resources through the IPSEC tunnel, everything times out.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 24754084
You can configure an ipsec only tunnel in windows.

You have to use the MMC Snap-in for IP security Policy.

Create a new policy and define all the parameters.
 
The below is for a win2k3 server, but the steps are similar to what you have to go through with windows XP.
http://www.tomshardware.com/forum/17582-42-rv082-setting-webserver

Make sure you setup both policies.  One deals with defining the traffic from your computer to the RV082 and the other deals with the return.

http://technet.microsoft.com/en-us/library/cc738298(WS.10).aspx
http://www.windowsecurity.com/articles/Configure-VPN-Connection-Windows-XP.html

See whether you can get the Linksys QuickVPN client.

0
 

Author Closing Comment

by:Eboracum
ID: 31597837
Pointed me in the right directory, and made me realise that I'd been trying to set up the wrong thing.  I ended up using the ShrewSoft VPN client
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question