D-Link Forums

D-Link VPN Router => DSR-250 => Topic started by: eugrus on November 26, 2018, 09:29:50 AM

Title: L2TP/IPSec problems: matching the Diffie-Hellman groups on DSR-250 and client
Post by: eugrus on November 26, 2018, 09:29:50 AM

I am trying to configure L2TP/IPSec on DSR-250 hv A2 fw 2.11 RU using the following instruction: http://www.matthewprichard.com/2017/04/configure-l2tp-vpn-on-d-link-dsr-250.html

Right now getting
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "AES-CBC" mismatched with Local "DES-CBC".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "DES-CBC".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "DES-CBC".]
VPN Error [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [No suitable proposal found for 128.176.164.111[18445].]

when trying to connect from a Windows 10 client.

The router only has Group 1 (768 bit), Group 2 (1024 bit) and Group 3 (1536 bit) as Diffie-Hellman groups offered in the settings.

How do I match it with Windows 10's 2048-bits?

Title: Re: L2TP/IPSec problems: matching the Diffie-Hellman groups on DSR-250 and client
Post by: FurryNutz on November 26, 2018, 01:57:14 PM

I would contact MS support about this. Make sure all routers and clients are using the same encryption type.