• November 30, 2021, 11:35:44 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: L2TP IPSEC VPN  (Read 25709 times)

blk1948

  • Level 1 Member
  • *
  • Posts: 24
L2TP IPSEC VPN
« on: October 29, 2008, 09:10:53 PM »

Other than setting up a Virtual Server using the L2TP application (which opens 1701 for UDP), are there any other Virtual Server entries necessary for a L2TP/IPSEC VPN?
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: L2TP IPSEC VPN
« Reply #1 on: October 30, 2008, 08:52:22 AM »

Do you want to have this router act as a L2TP over IPsec server?
Or perhaps to pass the traffic to your LAN so a server on your LAN can handle the L2TP over IPsec connections?

Regardless you should not need to pass 1701 UDP as the L2TP connection should be encapsulated inside the IPsec tunnel.
Logged
non progredi est regredi

blk1948

  • Level 1 Member
  • *
  • Posts: 24
Re: L2TP IPSEC VPN
« Reply #2 on: October 30, 2008, 10:39:06 AM »

I want the router to act as a server.  I can connect to it using PPTP but not L2TP/IPSEC.  What ports/protocols have to get to the router, how can I check if it is being blocked by my ISP?
« Last Edit: October 30, 2008, 10:56:00 AM by blk1948 »
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: L2TP IPSEC VPN
« Reply #3 on: October 30, 2008, 11:35:08 AM »

You will need to be on 1.12 firmware for this to work.
You don't have to do any forwarding in that case.

You then should create an IPsec tunnel, then when you attempt to create your next tunnel it should give you the option of an L2TP over IPsec tunnel.
Logged
non progredi est regredi

blk1948

  • Level 1 Member
  • *
  • Posts: 24
Re: L2TP IPSEC VPN
« Reply #4 on: October 30, 2008, 12:50:12 PM »

I am on the 1.12 firmware.  My home has the DIR-130 router and I'm testing the VPN within my home network.  I can connect to the DIR-130 VPN server from any computer at home using PPTP.  Similarly, I can connect to the home DIR-130 VPN server from a remote site (through the internet) using PPTP.  However, when I try and connect using L2TP/IPSEC (both at home and from remote site), I receive "error 792 -The L2TP connection attempt failed because security negotiation timed out."  I'm assuming from this that something is not getting through.
 
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: L2TP IPSEC VPN
« Reply #5 on: October 30, 2008, 12:58:35 PM »

You need to create an IPsec tunnel with the information you wish to use for the tunnel.  Then you need to create an L2TP over IPsec tunnel inside it.  Please call 1 877 354 6555 for more assistance with your set up.
Logged
non progredi est regredi

blk1948

  • Level 1 Member
  • *
  • Posts: 24
Re: L2TP IPSEC VPN
« Reply #6 on: October 30, 2008, 02:06:42 PM »

I gather from your post that I have to enable IPSEC-Internet Protocol Security on the DIR-130.  If I enable that can I also enable L2TP/IPSEC?  I was under the assumption that only one profile can be enabled at one time.

I will try and call tomorrow.
Logged

blk1948

  • Level 1 Member
  • *
  • Posts: 24
Re: L2TP IPSEC VPN
« Reply #7 on: November 05, 2008, 08:34:22 AM »

Fatman,

I called the 877-354-6555 number and what they told me was that I had to purchase the DS-601 client software in order to connect using L2TP over IPSEC.  Is that what you recommend too?  If not, anything else you can advise.
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: L2TP IPSEC VPN
« Reply #8 on: November 05, 2008, 09:51:38 AM »

They were mistaken, All 3 major OS'es have native or free tools to handle L2TP over IPsec.

To answer your previous post.

Yes, you must create an IPsec tunnel then create an L2TP over IPsec tunnel over it.
Logged
non progredi est regredi

blk1948

  • Level 1 Member
  • *
  • Posts: 24
Re: L2TP IPSEC VPN
« Reply #9 on: November 05, 2008, 10:15:48 AM »

That's what I thought.

Okay, I now have the Greenbow client (winxp computer) IPSEC'd to the router.  The next step is where I am hung up, how to create an L2TP/IPSEC tunnel.

In the router's IPSEC setup, I am using "remote user", "not Lan to Lan."  Is that a problem as this prevents  me from setting an L2TP/IPSEC VPN setting on the router.  I want to be able to VPN from my laptop.
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: L2TP IPSEC VPN
« Reply #10 on: November 05, 2008, 10:47:15 AM »

A Remote User VPN is fine, in fact it is exactly what we need.  Unfortunately I am not familiar with the Greenbow client, my best advise would be to let Windows XP handle the L2TP pver IPsec client.  They are right easy to set up on the client side and there is lost of information on the interwebs on the client side setup.
Logged
non progredi est regredi

blk1948

  • Level 1 Member
  • *
  • Posts: 24
Re: L2TP IPSEC VPN
« Reply #11 on: November 05, 2008, 12:46:05 PM »

After the IPSEC connection, when I try and connect using the WINXP VPN client (using the Network Setting of L2TP/IPSEC), I receive a 789 error (connection attempt failed because the security layer encountered a processing error during initial negotiations).  Is this because the DIR-130 is set up using IPSEC snd L2TP (separate settings), not IPSEC and L2TP/IPSEC as separate settings?  I cannot use the latter because the IPSEC setting of "remote user" disallows this combination.    Is there a way to set the IPSEC "Lan to Lan" setting to simulate the "remote user" setting?   
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: L2TP IPSEC VPN
« Reply #12 on: November 05, 2008, 03:36:26 PM »

If you create a Net to Net VPN with a remote net of 0.0.0.0/0 and a remote gateway of 0.0.0.0 that should work for you.

Additionally you should only have to dial the one Microsoft client, it handles both halves.
Logged
non progredi est regredi

blk1948

  • Level 1 Member
  • *
  • Posts: 24
Re: L2TP IPSEC VPN
« Reply #13 on: November 06, 2008, 11:30:15 AM »

I can't seem to get your suggestion of using 0.0.0.0 and 0.0.0.0/0 in the net to net IPSEC settings to work.  Is there any way you can test it in your workplace?

In order to use the WINXP Microsoft client, I had to add IPSEC policies using MMC.  I did that according to instructions I found on the internet.  My current DIR-130 setup is IPSEC enabled (using your 0.0.0.0 and 0.0.0.0/0 setup) and L2TP enabled as separate setups.  When I try and connect using the Microsoft client, it gets to phase 2, then the following errors appear (i'm using a Microsoft program that tracks IPSEC):
no specific MM filters conveyed
no quick mode policies configured
no main mode sa exists
no quick mode sa exists

Any idea what these errors mean? 



Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: L2TP IPSEC VPN
« Reply #14 on: November 06, 2008, 12:32:00 PM »

You don't have to go through all that trouble.  XP has an all in one L2TP over IPsec client.  Add a VPN like a normal PPTP VPN and change the type to L2TP and enter the PSK in the IPsec settings button.  I know you had a bad experience last time around but since you need a step by step 1 877 354 6555 really is your best choice.  Just tell them you are trying to use the XP L2TP over IPsec client and they will walk you through it.
Logged
non progredi est regredi
Pages: [1] 2