Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Untangler
    Join Date
    Aug 2013
    Posts
    41

    Default Unable to connect to L2TP Server

    I'm using the built-in Windows L2TP/IPSec client to try and connect to my Untangle box. It keeps erroring out though. I have the VPN connection set manually to L2TP/IPSec with the PSK entered.

    Windows 8 Pro 64-Bit Error:

    Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

    Untangle IPSec Log (IP Address Host Editted):

    May 2 13:33:46 safw pluto[14968]: "VPN-L2TP-0"[2] 73.182.*** #1: the peer proposed: 50.193.***/32:17/1701 -> 192.168.1.207/32:17/0
    May 2 13:33:46 safw pluto[14968]: "VPN-L2TP-0"[2] 73.182.*** #1: cannot respond to IPsec SA request because no connection is known for 50.193.***<50.193.***>[+S=C]:17/1701...73.182.***[192.168.1.207,+S=C]:17/%any===192.168.1.207/32
    May 2 13:33:46 safw pluto[14968]: "VPN-L2TP-0"[2] 73.182.*** #1: sending encrypted notification INVALID_ID_INFORMATION to 73.182.***:500

    Edit: More specific error message that seems to be the cause, according to an Untangle Support rep

    ay 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[8] 73.182.*** #5: received Delete SA payload: deleting ISAKMP State #5
    May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[8] 73.182.***: deleting connection "VPN-L2TP-0" instance with peer 73.182.*** {isakmp=#0/ipsec=#0}
    May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: received and ignored informational message
    May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
    May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
    May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: received Vendor ID payload [RFC 3947] meth=109, but port floating is off
    May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
    May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [FRAGMENTATION]
    May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
    May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    May 2 14:09:52 safw pluto[14968]: packet from 73.182.***:500: ignoring Vendor ID payload [IKE CGA version 1]
    May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: responding to Main Mode from unknown peer 73.182.***
    May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
    May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
    May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    May 2 14:09:52 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: STATE_MAIN_R1: sent MR1, expecting MI2
    May 2 14:11:02 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.*** #6: max number of retransmissions (2) reached STATE_MAIN_R1
    May 2 14:11:02 safw pluto[14968]: "VPN-L2TP-0"[9] 73.182.***: deleting connection "VPN-L2TP-0" instance with peer 73.182.*** {isakmp=#0/ipsec=#0}
    Last edited by ZeroT3K; 05-02-2014 at 11:18 AM.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,813

    Default

    I'm assuming you are using 10.2. Post a screen shot of the L2TP tab page.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Aug 2013
    Posts
    41

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,813

    Default

    The Untangle settings look correct. Please check that the Windows VPN Connection property has:

    Type of VPN : Layer 2 Tunneling Protocol with IPsec.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Aug 2013
    Posts
    41

    Default

    Quote Originally Posted by jcoffin View Post
    The Untangle settings look correct. Please check that the Windows VPN Connection property has:

    Type of VPN : Layer 2 Tunneling Protocol with IPsec.
    It does. Configuration is also set from Automatic to Pre-Shared Key correctly.

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,813

    Default

    Which error do you get on the Windows' side? error 809?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangler
    Join Date
    Aug 2013
    Posts
    41

    Default Unable to connect to L2TP Server

    Quote Originally Posted by ZeroT3K View Post
    I'm using the built-in Windows L2TP/IPSec client to try and connect to my Untangle box. It keeps erroring out though. I have the VPN connection set manually to L2TP/IPSec with the PSK entered.

    Windows 8 Pro 64-Bit Error:

    Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.



    Sent from my iPhone using Tapatalk

  8. #8
    Untangler
    Join Date
    Aug 2013
    Posts
    41

    Default Unable to connect to L2TP Server

    ImageUploadedByTapatalk1399063877.847521.jpg

    Sorry for the quality. Not on site, so remoted in with my phone. :P

    Sent from my iPhone using Tapatalk

  9. #9
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,813

    Default

    I can't reproduce the problem on Windows 8. From the Windows error, there are a few possiblities:

    https://kb.meraki.com/knowledge_base...t-vpn#error789

    - Incorrect secret key (pre-shared key in Windows)

    - Firewall on the PC side is blocking traffic to VPN traffic to IPsec server

    - IKE and AuthIP IPsec Keying Modules disabled (Windows only)
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  10. #10
    Untangler
    Join Date
    Aug 2013
    Posts
    41

    Default

    Can't reproduce as in it was working on your end? Or didn't have a Win8 box to test?

    I'll run down that list and see what I can come up with. Thanks!


    Sent from my iPhone using Tapatalk

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2