asked on
L2TP Connection Not working
Hello,
I setup a lab server running Server 2012 Standard. I installed the routing and remote access role, setup a preshared key for the custom IPsec policy for L2TP/IKEv2 connections (the key is 1234 as a test), and gave my account access to dial in.
On the client side I set up the VPN with the same preshared key and L2TP/IPSEC as the type of tunnel.
However, I can only connect using PPTP if I change the tunnel to automatic. L2TP and IKEv2 fail. L2TP shows error 789 on the client (Windows 7 pro) and no error that I can find on the server. I disabled the firewall on the server as a test, still no go.
Any help would be greatly appreciated. After searching the internet for troubleshooting I setup my VPN identical to this guide:
http://www.cloudservers.com/setup-l2tpipsec-vpn-on-windows-server-2012-cloud-vps/
Both servers are being a NAT on my home network (my lab). However, the SQL server 2012 is behind a VMware machine with 2 network ports. The internal network port is linked to a pfsense test setup (192.168.1.x) and the external interface is what I'm trying to dial in to (10.10.10.x).
Thanks.
I setup a lab server running Server 2012 Standard. I installed the routing and remote access role, setup a preshared key for the custom IPsec policy for L2TP/IKEv2 connections (the key is 1234 as a test), and gave my account access to dial in.
On the client side I set up the VPN with the same preshared key and L2TP/IPSEC as the type of tunnel.
However, I can only connect using PPTP if I change the tunnel to automatic. L2TP and IKEv2 fail. L2TP shows error 789 on the client (Windows 7 pro) and no error that I can find on the server. I disabled the firewall on the server as a test, still no go.
Any help would be greatly appreciated. After searching the internet for troubleshooting I setup my VPN identical to this guide:
http://www.cloudservers.com/setup-l2tpipsec-vpn-on-windows-server-2012-cloud-vps/
Both servers are being a NAT on my home network (my lab). However, the SQL server 2012 is behind a VMware machine with 2 network ports. The internal network port is linked to a pfsense test setup (192.168.1.x) and the external interface is what I'm trying to dial in to (10.10.10.x).
Thanks.
Internet Protocol SecurityVPNMicrosoft Server OS
Last Comment
A-T-1
Just to be complete, you should forward protocol 50 (ESP), ports 500/udp (IKE) and 4500/udp (IPSec NAT Traversal) and make sure that they're permitted all the way through. Port 1701/tcp isn't really necessary because it's encapsulated in IPSec. Watch the protocol being permitted here. I've seen lots of cases where TCP is being permitted rather than UDP... and that will mess things up.
ASKER
Thanks, all those are open and no luck. I had a synology box that you can install L2TP/IPSEC VPNs on and also same issue, same with pFsense.
That tells me that maybe there is something wrong with my network configuration and my understanding of how the connection takes place. I suspect since both devices are behind a NAT this is causing huge issues. Would that be correct to say?
Thanks.
That tells me that maybe there is something wrong with my network configuration and my understanding of how the connection takes place. I suspect since both devices are behind a NAT this is causing huge issues. Would that be correct to say?
Thanks.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
There's a lot more things to go wrong besides this. I spent two days before finding them all. I made a You Tube video for anyone who wants to see a comprehensive solution.
https://www.youtube.com/watch?v=Xl3BhwLFgB4
https://www.youtube.com/watch?v=Xl3BhwLFgB4
I forwarded ports 1701, 500, and 4500 through my home router to expose the server to the outside world. I then tried to connect with Windows 7 from an outside network. Same error. I tried my Android phone, had more success there. Said "failed IKE negotiation" but at least my server logs show the error and have the following in the event log:
I'm not sure which encryption method to use as Android gives me 100 different combinations.
2. I noticed lots of talk about NAT-T issues and to modify the registry by adding a key as outlined in this KB:
http://support.microsoft.com/en-us/kb/926179
Added it to both my client and server and rebooted both. Same issue.