Unable to connect to L2TP Server

**ZeroT3K** · 05-02-2014, 10:39 AM

I'm using the built-in Windows L2TP/IPSec client to try and connect to my Untangle box. It keeps erroring out though. I have the VPN connection set manually to L2TP/IPSec with the PSK entered.

Windows 8 Pro 64-Bit Error:

Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

Untangle IPSec Log (IP Address Host Editted):

May 2 13:33:46 safw pluto[14968]: "VPN-L2TP-0"[2] 73.182.*** #1: the peer proposed: 50.193.***/32:17/1701 -> 192.168.1.207/32:17/0
May 2 13:33:46 safw pluto[14968]: "VPN-L2TP-0"[2] 73.182.*** #1: cannot respond to IPsec SA request because no connection is known for 50.193.***<50.193.***>[+S=C]:17/1701...73.182.***[192.168.1.207,+S=C]:17/%any===192.168.1.207/32
May 2 13:33:46 safw pluto[14968]: "VPN-L2TP-0"[2] 73.182.*** #1: sending encrypted notification INVALID_ID_INFORMATION to 73.182.***:500

Edit: More specific error message that seems to be the cause, according to an Untangle Support rep

ay 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[8] 73.182.*** #5: received Delete SA payload: deleting ISAKMP State #5
May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[8] 73.182.***: deleting connection "VPN-L2TP-0" instance with peer 73.182.*** {isakmp=#0/ipsec=#0}
May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: received and ignored informational message
May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: received Vendor ID payload [RFC 3947] meth=109, but port floating is off
May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [FRAGMENTATION]
May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [IKE CGA version 1]
May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: responding to Main Mode from unknown peer 73.182.***
May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: STATE_MAIN_R1: sent MR1, expecting MI2
May 2 14:11:02 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: max number of retransmissions (2) reached STATE_MAIN_R1
May 2 14:11:02 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.***: deleting connection "VPN-L2TP-0" instance with peer 73.182.*** {isakmp=#0/ipsec=#0}

**jcoffin** · 05-02-2014, 11:51 AM

I'm assuming you are using 10.2. Post a screen shot of the L2TP tab page.

**ZeroT3K** · 05-02-2014, 11:56 AM

Capture.PNG

**jcoffin** · 05-02-2014, 01:16 PM

The Untangle settings look correct. Please check that the Windows VPN Connection property has:

Type of VPN : Layer 2 Tunneling Protocol with IPsec.

**ZeroT3K** · 05-02-2014, 01:18 PM

Originally Posted by jcoffin

The Untangle settings look correct. Please check that the Windows VPN Connection property has:

Type of VPN : Layer 2 Tunneling Protocol with IPsec.

It does. Configuration is also set from Automatic to Pre-Shared Key correctly.

**jcoffin** · 05-02-2014, 01:32 PM

Which error do you get on the Windows' side? error 809?

**ZeroT3K** · 05-02-2014, 01:33 PM

Originally Posted by ZeroT3K

I'm using the built-in Windows L2TP/IPSec client to try and connect to my Untangle box. It keeps erroring out though. I have the VPN connection set manually to L2TP/IPSec with the PSK entered.

Windows 8 Pro 64-Bit Error:

Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

Sent from my iPhone using Tapatalk

**ZeroT3K** · 05-02-2014, 01:51 PM

ImageUploadedByTapatalk1399063877.847521.jpg

Sorry for the quality. Not on site, so remoted in with my phone. :P

Sent from my iPhone using Tapatalk

**jcoffin** · 05-02-2014, 03:17 PM

I can't reproduce the problem on Windows 8. From the Windows error, there are a few possiblities:

https://kb.meraki.com/knowledge_base...t-vpn#error789

- Incorrect secret key (pre-shared key in Windows)

- Firewall on the PC side is blocking traffic to VPN traffic to IPsec server

- IKE and AuthIP IPsec Keying Modules disabled (Windows only)

**ZeroT3K** · 05-02-2014, 03:19 PM

Can't reproduce as in it was working on your end? Or didn't have a Win8 box to test?

I'll run down that list and see what I can come up with.

Thanks!

Sent from my iPhone using Tapatalk

Thread: Unable to connect to L2TP Server

LinkBack

Thread Tools