Solved

Windows XP VPN client to L2TP Server (RV082) Problem

Posted on 2009-06-29
5
2,656 Views
Last Modified: 2012-05-07
I have a linksys RV082 VPN server sat behind a router.  The server works for PPTP VPN connections, with UDP port 1723 forwarded, and GRE forwarded.  For L2TP VPN connections, I have UDP ports 500, and 4500 forwarded to the VPN server, and Nat-t enabled.

When using the Windows XP VPN client, the client begins the connection, then errors with error 792.  On the VPN server, I receive the following information in event log:

Jun 29 10:32:33 2009           VPN Log          Received Vendor ID payload Type = [MS NT5 ISAKMPOAKLEY 00000004]
Jun 29 10:32:33 2009          VPN Log         Ignoring Vendor ID payload Type = [FRAGMENTATION]
Jun 29 10:32:33 2009          VPN Log         Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02_n]
Jun 29 10:32:33 2009          VPN Log         Ignoring Vendor ID payload [26244d38eddb61b3...]
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Jun 29 10:32:33 2009          VPN Log         Create a temporary connection for incoming Microsoft VPN Client negotiation packet.
Jun 29 10:32:33 2009          VPN Log         (NATT)responding to Main Mode from unknown peer 149.254.216.1:15698
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Jun 29 10:32:34 2009          VPN Log         Main mode peer ID is ID_IPV4_ADDR: '192.168.100.103'
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] Initiator Cookies = 53fb 323a 6864 4259
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] Responder Cookies = bb7f 0b3 7b3 ca48
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Jun 29 10:32:35 2009          VPN Log         Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb1b322df (perhaps this is a duplicated packet)
Jun 29 10:32:35 2009          VPN Log         Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb1b322df (perhaps this is a duplicated packet)
Jun 29 10:32:41 2009          VPN Log         Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb1b322df (perhaps this is a duplicated packet)

Can anyone help get this sorted?
0
Comment
Question by:Eboracum
  • 3
  • 2
5 Comments
 

Author Comment

by:Eboracum
ID: 24735376
I've tested the connection using "TheGreenBow"'s vpn client, and after switching both the VPN server and client to Aggressive mode, I can connect successfully, so I'm reasonably sure the VPN server is working, and clients can connect to it, its just the Microsoft VPN client that I'm having problems getting it to work with
0
 
LVL 76

Expert Comment

by:arnold
ID: 24741614
L2TP uses UDP/TCP 1701.
Are you using L2TP over IPSEC? Did you configure the IPSEC policy on the windows system?

The duplicate message is unclear whether the router in front of the Windows system is retransmitting the same packet.

It might not be enough information to determine what is going on.
0
 

Author Comment

by:Eboracum
ID: 24752239
The main problem has been a miss-understanding of terms.  The RV082 supports IPSEC tunnels, its not a L2TP/IPsec VPN server.  So I could get the greenbow client to connect and work, as it creates an IPSec tunnel, but the windows xp one wants to connect to a L2TP server, so it wont work.

The greenbow client is a bit too expensive at the moment though, so I'm currently testing setting up the IPSEC policy on the windows system, which I can get to connect, and the RV082 shows a successful tunnel created, but I cannot access any resources through the IPSEC tunnel, everything times out.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 24754084
You can configure an ipsec only tunnel in windows.

You have to use the MMC Snap-in for IP security Policy.

Create a new policy and define all the parameters.
 
The below is for a win2k3 server, but the steps are similar to what you have to go through with windows XP.
http://www.tomshardware.com/forum/17582-42-rv082-setting-webserver

Make sure you setup both policies.  One deals with defining the traffic from your computer to the RV082 and the other deals with the return.

http://technet.microsoft.com/en-us/library/cc738298(WS.10).aspx
http://www.windowsecurity.com/articles/Configure-VPN-Connection-Windows-XP.html

See whether you can get the Linksys QuickVPN client.

0
 

Author Closing Comment

by:Eboracum
ID: 31597837
Pointed me in the right directory, and made me realise that I'd been trying to set up the wrong thing.  I ended up using the ShrewSoft VPN client
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now