Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Can't Connect to VPN (IPSec)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Can't Connect to VPN (IPSec)
Can't Connect to VPN (IPSec)
20-09-2014 4:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi guys,
I've spent the past 2 days trying to connect to my works IPSec based VPN.
There's nothing wrong with the VPN or the machine I'm trying to connect to it from. Both work fine when not using my new PlusNet fibre connection.
I've trawled the forums and the internet - it's starting to feel like I've tried everything/anything. I'm hoping I've overlooked something obvious!
I've checked at work and no-one else uses PlusNet - so no help there 😕
The error I get when connecting to the VPN is:
"Error 788: The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote computer"
The router is a TG582n, software 10.2.5.2.FO.
The VPN is:
PPP Settings = only "Enable LCP Connections" is selected. Software compression and multi-link are NOT enabled.
Security = Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec) [uses a pre-shared key, not certificate]
Data Encryption = Require encryption
Protocols Allows = Microsoft CHAP Version 2 (MS-CHAP V2)
What have I tried?
1) Tried setting my Firewall settings on the web portal for our account to 'Off' and also 'Low'.
2) Turned off the Firewall on the router (TG582N). Also tried 'Normal' and 'Low'.
3) Set up port forwarding via 'Game and application sharing' for ports 50, 51, 500, 1701, 1723 and 4500.
Assigned this rule to the device I'm using to try to connect to the VPN.
4) Used Telnet to log into the router to attempt to unbind and also rebind various services/protocols.
Various commands run:
connection applist
connection unbind application PPTP port 1723
connection unbind application IKE
connection unbind application ESP
connection unbind application AH
saveall
5) Enabled/Disabled Game Mode.
6) Restarted the router/gateway every time a change has been made.
7) Hard reset on gateway/router.
I've also tried putting my device into the DMZ which should, in theory, allow a VPN connection - but it still doesn't work.
9) I've also made sure the correct Services are running on the device/machine I'm attempting to connect to the VPN, for example the IPSec Policy Agent.
10) I've also tried switching to OpenDNS DNS Servers too, as on your forum using your default PN DNS servers sometimes caused an issue according to your tech team. No luck.
The same error is shown (as described above) on every attempt to connect to the VPN.
Using tracert with the destination VPN IP address, the trace tends to die out between hops 14 and 16 - probably due to the offices network provider security rules (?).
Using Wireshark the connection attempt is IPv4 over port 500, protocol UDP (17) (this is as much as I can discern using Wireshark...).
There's an outgoing request to the VPN IP (protocal ISAKMP), with a payload confirming IKE CGA V1.
The incoming request is a notification/information entry, the Notify-Message is NO-PROPOSAL-CHOSEN (14).
I'd attempt to connect directly to the fibre box and rule the router out, but my laptop doesn't have a network/RJ45 port - just wireless 😕
Any idea's ?
Cheers,
I've spent the past 2 days trying to connect to my works IPSec based VPN.
There's nothing wrong with the VPN or the machine I'm trying to connect to it from. Both work fine when not using my new PlusNet fibre connection.
I've trawled the forums and the internet - it's starting to feel like I've tried everything/anything. I'm hoping I've overlooked something obvious!
I've checked at work and no-one else uses PlusNet - so no help there 😕
The error I get when connecting to the VPN is:
"Error 788: The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote computer"
The router is a TG582n, software 10.2.5.2.FO.
The VPN is:
PPP Settings = only "Enable LCP Connections" is selected. Software compression and multi-link are NOT enabled.
Security = Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec) [uses a pre-shared key, not certificate]
Data Encryption = Require encryption
Protocols Allows = Microsoft CHAP Version 2 (MS-CHAP V2)
What have I tried?
1) Tried setting my Firewall settings on the web portal for our account to 'Off' and also 'Low'.
2) Turned off the Firewall on the router (TG582N). Also tried 'Normal' and 'Low'.
3) Set up port forwarding via 'Game and application sharing' for ports 50, 51, 500, 1701, 1723 and 4500.
Assigned this rule to the device I'm using to try to connect to the VPN.
4) Used Telnet to log into the router to attempt to unbind and also rebind various services/protocols.
Various commands run:
connection applist
connection unbind application PPTP port 1723
connection unbind application IKE
connection unbind application ESP
connection unbind application AH
saveall
5) Enabled/Disabled Game Mode.
6) Restarted the router/gateway every time a change has been made.
7) Hard reset on gateway/router.
I've also tried putting my device into the DMZ which should, in theory, allow a VPN connection - but it still doesn't work.
9) I've also made sure the correct Services are running on the device/machine I'm attempting to connect to the VPN, for example the IPSec Policy Agent.
10) I've also tried switching to OpenDNS DNS Servers too, as on your forum using your default PN DNS servers sometimes caused an issue according to your tech team. No luck.
The same error is shown (as described above) on every attempt to connect to the VPN.
Using tracert with the destination VPN IP address, the trace tends to die out between hops 14 and 16 - probably due to the offices network provider security rules (?).
Using Wireshark the connection attempt is IPv4 over port 500, protocol UDP (17) (this is as much as I can discern using Wireshark...).
There's an outgoing request to the VPN IP (protocal ISAKMP), with a payload confirming IKE CGA V1.
The incoming request is a notification/information entry, the Notify-Message is NO-PROPOSAL-CHOSEN (14).
I'd attempt to connect directly to the fibre box and rule the router out, but my laptop doesn't have a network/RJ45 port - just wireless 😕
Any idea's ?
Cheers,
Message 1 of 3
(2,970 Views)
2 REPLIES 2
Re: Can't Connect to VPN (IPSec)
20-09-2014 4:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi , TBH I think you've tried most things I would normally suggest!
I wonder if you could use the TG582n to give you the wireless... Turn off its DHCP server temporarily then connect one of the LAN ports ( not port 4 ) to the modem. In this mode it should just be acting as a wireless AP and network switch. That MIGHT allow you to make a PPPoE connection from the lappie.
Connecting directly would be useful.
Quote I'd attempt to connect directly to the fibre box and rule the router out, but my laptop doesn't have a network/RJ45 port - just wireless 😕
I wonder if you could use the TG582n to give you the wireless... Turn off its DHCP server temporarily then connect one of the LAN ports ( not port 4 ) to the modem. In this mode it should just be acting as a wireless AP and network switch. That MIGHT allow you to make a PPPoE connection from the lappie.
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Message 2 of 3
(2,000 Views)
Re: Can't Connect to VPN (IPSec)
20-09-2014 5:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: ajbrigham
10) I've also tried switching to OpenDNS DNS Servers too, as on your forum using your default PN DNS servers sometimes caused an issue according to your tech team. No luck.
Any idea's ?
Cheers,
I have problems with VPN using OpenDNS (Gogle suggests it is quite common), so might just be a case of "out of the frying pan....." there
Message 3 of 3
(2,000 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Re: Can't Connect to VPN (IPSec)