• January 18, 2021, 12:32:27 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: L2TP/IPSec problems: matching the Diffie-Hellman groups on DSR-250 and client  (Read 1896 times)

eugrus

  • Level 1 Member
  • *
  • Posts: 11

I am trying to configure L2TP/IPSec on DSR-250 hv A2 fw 2.11 RU using the following instruction: http://www.matthewprichard.com/2017/04/configure-l2tp-vpn-on-d-link-dsr-250.html

Right now getting
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "AES-CBC" mismatched with Local "DES-CBC".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "DES-CBC".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "DES-CBC".]
VPN Error [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [No suitable proposal found for 128.176.164.111[18445].]

when trying to connect from a Windows 10 client.

The router only has Group 1 (768 bit), Group 2 (1024 bit) and Group 3 (1536 bit) as Diffie-Hellman groups offered in the settings.

How do I match it with Windows 10's 2048-bits?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49459
  • D-Link Global Forum Moderator
    • Router Troubleshooting

I would contact MS support about this. Make sure all routers and clients are using the same encryption type.
Logged
Cable: 1Gb/50Mb>NetGear CAX80>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.