• July 03, 2020, 04:24:17 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: L2TP/IPSec problems: matching the Diffie-Hellman groups on DSR-250 and client  (Read 1759 times)

eugrus

  • Level 1 Member
  • *
  • Posts: 11

I am trying to configure L2TP/IPSec on DSR-250 hv A2 fw 2.11 RU using the following instruction: http://www.matthewprichard.com/2017/04/configure-l2tp-vpn-on-d-link-dsr-250.html

Right now getting
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "AES-CBC" mismatched with Local "DES-CBC".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "DES-CBC".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "DES-CBC".]
VPN Error [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [No suitable proposal found for 128.176.164.111[18445].]

when trying to connect from a Windows 10 client.

The router only has Group 1 (768 bit), Group 2 (1024 bit) and Group 3 (1536 bit) as Diffie-Hellman groups offered in the settings.

How do I match it with Windows 10's 2048-bits?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 48922
  • D-Link Global Forum Moderator
    • Router Troubleshooting

I would contact MS support about this. Make sure all routers and clients are using the same encryption type.
Logged
"Nothing Funny about It...." We are not here to Impress anyone! You have a be a COMPETENT user first to under stand COMPETENT help!