cancel
Showing results for 
Search instead for 
Did you mean: 

Can't Connect to VPN (IPSec)

ajbrigham
Newbie
Posts: 1
Registered: 20-09-2014

Can't Connect to VPN (IPSec)

Hi guys,
I've spent the past 2 days trying to connect to my works IPSec based VPN.
There's nothing wrong with the VPN or the machine I'm trying to connect to it from. Both work fine when not using my new PlusNet fibre connection.
I've trawled the forums and the internet - it's starting to feel like I've tried everything/anything. I'm hoping I've overlooked something obvious!
I've checked at work and no-one else uses PlusNet - so no help there :-/
The error I get when connecting to the VPN is:
"Error 788: The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote computer"
The router is a TG582n, software 10.2.5.2.FO.

The VPN is:
PPP Settings = only "Enable LCP Connections" is selected. Software compression and multi-link are NOT enabled.
Security = Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec) [uses a pre-shared key, not certificate]
Data Encryption = Require encryption
Protocols Allows = Microsoft CHAP Version 2 (MS-CHAP V2)

What have I tried?
1) Tried setting my Firewall settings on the web portal for our account to 'Off' and also 'Low'.
2) Turned off the Firewall on the router (TG582N). Also tried 'Normal' and 'Low'.
3) Set up port forwarding via 'Game and application sharing' for ports 50, 51, 500, 1701, 1723 and 4500.
Assigned this rule to the device I'm using to try to connect to the VPN.
4) Used Telnet to log into the router to attempt to unbind and also rebind various services/protocols.
Various commands run:
connection applist
connection unbind application PPTP port 1723
connection unbind application IKE
connection unbind application ESP
connection unbind application AH
saveall

5) Enabled/Disabled Game Mode.
6) Restarted the router/gateway every time a change has been made.
7) Hard reset on gateway/router.
Cool I've also tried putting my device into the DMZ which should, in theory, allow a VPN connection - but it still doesn't work.
9) I've also made sure the correct Services are running on the device/machine I'm attempting to connect to the VPN, for example the IPSec Policy Agent.
10) I've also tried switching to OpenDNS DNS Servers too, as on your forum using your default PN DNS servers sometimes caused an issue according to your tech team. No luck.
The same error is shown (as described above) on every attempt to connect to the VPN.
Using tracert with the destination VPN IP address, the trace tends to die out between hops 14 and 16 - probably due to the offices network provider security rules (?).

Using Wireshark the connection attempt is IPv4 over port 500, protocol UDP (17)  (this is as much as I can discern using Wireshark...).
There's an outgoing request to the VPN IP (protocal ISAKMP), with a payload confirming IKE CGA V1.
The incoming request is a notification/information entry, the Notify-Message is NO-PROPOSAL-CHOSEN (14).

I'd attempt to connect directly to the fibre box and rule the router out, but my laptop doesn't have a network/RJ45 port - just wireless :-/

Any idea's ?

Cheers,
2 REPLIES
Superuser
Superuser
Posts: 6,774
Thanks: 854
Fixes: 55
Registered: 30-07-2007

Re: Can't Connect to VPN (IPSec)

Hi , TBH I think you've tried most things I would normally suggest!
Quote
I'd attempt to connect directly to the fibre box and rule the router out, but my laptop doesn't have a network/RJ45 port - just wireless :-/
Connecting directly would be useful.
I wonder if you could use the TG582n to give you the wireless... Turn off its DHCP server temporarily then connect one of the LAN ports ( not port 4 ) to the modem. In this mode it should just be acting as a wireless AP and network switch. That MIGHT allow you to make a PPPoE connection from the lappie.
beeceegee
Aspiring Pro
Posts: 534
Thanks: 37
Fixes: 3
Registered: 27-11-2012

Re: Can't Connect to VPN (IPSec)

Quote from: ajbrigham

10) I've also tried switching to OpenDNS DNS Servers too, as on your forum using your default PN DNS servers sometimes caused an issue according to your tech team. No luck.
Any idea's ?
Cheers,

I have problems with VPN using OpenDNS (Gogle suggests it is quite common), so might just be a case of "out of the frying pan....." there