This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I've followed all the instructions I can find to setup L2TP VPN to connect to the FVS318Gv2 VPN from remote Windows 10 clients, but cannot seem to get it to work. I followed the instructions in http://kb.netgear.com/app/answers/detail/a_id/24393/~/configuring-an-l2tp-vpn-tunnel-to-prosafe%2Fpr..., but it seems I'm missing a step. The VPN log on the router shows the connection attempting, but doesn't work and shows: Tue Jan 17 19:25:36 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: Could not find configuration for <IP Address>[500]. Can someone please point me to an article that shows all the steps to configure this VPN connection type?
Thanks! Yes, changing to "Main" did allow VPN to connect. Although I can't see the network resources, so something is messed up with my IP routing somewhere. 😞
Yeah that article is a steaming pile of garbage. The built-in client in Windows 10 (and 7 and 😎 are L2TP/IPSEC. That article completely omits the IPsec configuration (as in, the most important part).
Set "Exchange Mode" to "Main" in your IKE policy. Also, you didn't post a screenshot of the "L2TP Server" page, I'm guessing it's been properly configured as well?
Thanks! Yes, changing to "Main" did allow VPN to connect. Although I can't see the network resources, so something is messed up with my IP routing somewhere. 😞
Spoke too soon. VPN connects then disconnects shortly thereafter. While connected I can't ping any resources on the network where VPN is connected. I do get assigned one of the IP addresses in the pool for L2TP, but not sure how this translates to an IP address on the internal network I need to access shares on.
Here is the log from the disconnect:
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: No policy found: 10.10.10.0/24[0] 192.168.69.1/32[0] proto=any dir=out Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: No policy found: 192.168.69.1/32[0] 10.10.10.0/24[0] proto=any dir=in Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: 192.168.69.1 IP address has been released by remote peer. Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: KA remove: 96.x.x.x[4500]->108.x.x.x[4500] Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: ISAKMP-SA deleted for 96.x.x.x[4500]-108.x.x.x[4500] with spi:1c839229c40a79aa:0075e3770bb1bb68 Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Ignoring request for negotiation to 108.x.x.x as Local is configured as Responder. Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for 108.x.x.x. Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for 108.x.x.x. Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: anonymous Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=1c839229c40a79aa:0075e3770bb1bb68. Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=2321133354(0x8a59af2a). Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'. Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Deleting generated policy for 108.x.x.x[0] Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Transport 96.x.x.x->108.x.x.x with spi=2321133354(0x8a59af2a) Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Transport 108.x.x.x->96.x.x.x with spi=213507967(0xcb9df7f) Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Adjusting peer's encmode 4(4)->Transport(2) Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: No policy found, adjusting source address for generating the policy incase of NAT-T in Transport Mode: 108.x.x.x/32[1701] 96.x.x.x/32[1701] proto=udp dir=in Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: No policy found, generating the policy : 192.168.1.10/32[1701] 96.x.x.x/32[1701] proto=udp dir=in Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: anonymous Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Responding to new phase 2 negotiation: 96.x.x.x[0]<=>108.x.x.x[0] Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Sending Informational Exchange: notify payload[608] Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: ISAKMP-SA established for 96.x.x.x[4500]-108.x.x.x[4500] with spi:1c839229c40a79aa:0075e3770bb1bb68 Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: 192.168.69.1 IP address is assigned to remote peer 108.x.x.x[4500] Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: KA list add: 96.x.x.x[4500]->108.x.x.x[4500] Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Floating ports for NAT-T with peer 108.x.x.x[4500] Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: NAT detected: PEER Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: NAT-D payload does not match for 108.x.x.x[500] Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: NAT-D payload matches for 96.x.x.x[500] Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: invalid DH group 19. Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: invalid DH group 20. Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: For 108.x.x.x[500], Selected NAT-T version: RFC 3947 Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received Vendor ID: RFC 3947 Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Beginning Identity Protection mode. Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received request for new phase 1 negotiation: 96.x.x.x[500]<=>108.x.x.x[500] Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for 108.x.x.x[500].
Based on the error it looks like I need a policy between the VPN network (192.168.69.0) to the LAN network (10.10.10.0)??
