Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


L2TP/IPsec VPN
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

L2TP/IPsec VPN

jhjh Member
edited March 2012 in Help

I want to use an L2TP/IPsec VPN while I'm at university to get a fixed IP, some more privacy and speed up DNS resolution.

I am able to connect to VPNHQ's VPN IPSec/L2TP service just fine, and I'm able to connect through VPNHQ to my installation just fine, however I cannot connect directly to my installation.

I'm wondering whether this has something to do with the university's NAT. The university actually has a policy on VPNs and is surprisingly completely ok with them: "VPNs using other protocols, such as IPSec, should work correctly as long as the VPN has NAT traversal turned on".

So I think fair enough and turn it on in ipsec.conf:

nat_traversal=yes

However I'm still unable to connect. The error I get from my Windows 7 box is "error 789: The L2TP connection attempt failed because the layer encountered a processing error during initial negotiations with the remote computer".

Couldn't find anything useful on Google. Just wondered whether anyone here has any ideas?

Comments

  • Try changing the encryption to 3des and hash to sha/md5 on the server. This error is most likely related to an incorrect combination of encryption and hash.

  • jhjh Member

    @torqhost said: Try changing the encryption to 3des and hash to sha/md5 on the server. This error is most likely related to an incorrect combination of encryption and hash.

    I've played around with the encryption - no change :(

  • Why not use SSTP james?, Its very easy to setup and supports static ip/nat

  • @jtodd said: I've played around with the encryption - no change :(

    What kind of software are you using for your server? This error is IPsec policy related. You could also look at IP restrictions of the policy if you have that configured.
    Try also removing the encryption requirement when adding a VPN connection in windows.

  • jhjh Member
    edited March 2012

    @DanielM said: Why not use SSTP james?, Its very easy to setup and supports static ip/nat

    Isn't that a Windows server?

    @torqhost said: What kind of software are you using for your server?

    xl2tpd + ppp

    @torqhost said: Try also removing the encryption requirement when adding a VPN connection in windows.

    Tried that as well, same result.

    Actually, nothing's showing up in /var/log/messages at all when I attempt a connection without tunneling through VPNHQ, which would indicate that the connection isn't even getting there.

  • jhjh Member

    Never mind, I forgot to unblock port 1701. The VPNHQ IP was bypassing the firewall so it didn't get blocked out.

  • /facepalm for you

Sign In or Register to comment.