All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
L2TP/IPsec VPN
I want to use an L2TP/IPsec VPN while I'm at university to get a fixed IP, some more privacy and speed up DNS resolution.
I am able to connect to VPNHQ's VPN IPSec/L2TP service just fine, and I'm able to connect through VPNHQ to my installation just fine, however I cannot connect directly to my installation.
I'm wondering whether this has something to do with the university's NAT. The university actually has a policy on VPNs and is surprisingly completely ok with them: "VPNs using other protocols, such as IPSec, should work correctly as long as the VPN has NAT traversal turned on".
So I think fair enough and turn it on in ipsec.conf:
nat_traversal=yes
However I'm still unable to connect. The error I get from my Windows 7 box is "error 789: The L2TP connection attempt failed because the layer encountered a processing error during initial negotiations with the remote computer".
Couldn't find anything useful on Google. Just wondered whether anyone here has any ideas?
Comments
Try changing the encryption to 3des and hash to sha/md5 on the server. This error is most likely related to an incorrect combination of encryption and hash.
I've played around with the encryption - no change
Why not use SSTP james?, Its very easy to setup and supports static ip/nat
What kind of software are you using for your server? This error is IPsec policy related. You could also look at IP restrictions of the policy if you have that configured.
Try also removing the encryption requirement when adding a VPN connection in windows.
Isn't that a Windows server?
xl2tpd + ppp
Tried that as well, same result.
Actually, nothing's showing up in /var/log/messages at all when I attempt a connection without tunneling through VPNHQ, which would indicate that the connection isn't even getting there.
Never mind, I forgot to unblock port 1701. The VPNHQ IP was bypassing the firewall so it didn't get blocked out.
/facepalm for you