• July 23, 2019, 12:49:45 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: L2TP/IPSec problems: matching the Diffie-Hellman groups on DSR-250 and client  (Read 862 times)

eugrus

  • Level 1 Member
  • *
  • Posts: 11

I am trying to configure L2TP/IPSec on DSR-250 hv A2 fw 2.11 RU using the following instruction: http://www.matthewprichard.com/2017/04/configure-l2tp-vpn-on-d-link-dsr-250.html

Right now getting
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "AES-CBC" mismatched with Local "DES-CBC".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "DES-CBC".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's dh_group "2048-bit MODP group" mismatched with Local "1024-bit MODP group".]
VPN Warning [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Warning] [IPSEC] [Rejected phase 1 proposal as Peer's encryption type "3DES-CBC" mismatched with Local "DES-CBC".]
VPN Error [Mon Nov 26 16:45:28 2018(GMT)] [DSR-250] [2.11] [VPN] [Error] [IPSEC] [No suitable proposal found for 128.176.164.111[18445].]

when trying to connect from a Windows 10 client.

The router only has Group 1 (768 bit), Group 2 (1024 bit) and Group 3 (1536 bit) as Diffie-Hellman groups offered in the settings.

How do I match it with Windows 10's 2048-bits?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47585
  • D-Link Global Forum Moderator
    • Router Troubleshooting

I would contact MS support about this. Make sure all routers and clients are using the same encryption type.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting