- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Cannot connect VPN with L2TP
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all!
I've followed all the instructions I can find to setup L2TP VPN to connect to the FVS318Gv2 VPN from remote Windows 10 clients, but cannot seem to get it to work. I followed the instructions in http://kb.netgear.com/app/answers/detail/a_id/24393/~/configuring-an-l2tp-vpn-tunnel-to-prosafe%2Fpr..., but it seems I'm missing a step. The VPN log on the router shows the connection attempting, but doesn't work and shows: Tue Jan 17 19:25:36 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: Could not find configuration for <IP Address>[500]. Can someone please point me to an article that shows all the steps to configure this VPN connection type?
Thanks!
-Joe
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks! Yes, changing to "Main" did allow VPN to connect. Although I can't see the network resources, so something is messed up with my IP routing somewhere. 😞
-Joe
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
Yeah that article is a steaming pile of garbage. The built-in client in Windows 10 (and 7 and 😎 are L2TP/IPSEC. That article completely omits the IPsec configuration (as in, the most important part).
Try my article I made here: https://community.netgear.com/t5/VPN-Firewalls/FVS336Gv3-L2TP-IPsec-on-Windows-10/m-p/1065789#M4418
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
Hey, thanks so much for the response! I actually found your article and followed your instructions. However, I'm getting this error:
Wed Jan 18 21:09:02 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: Identity Protection mode of (invalid)[(invalid)] is not acceptable.
Wed Jan 18 21:09:02 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for x.x.x.x[500].
Any idea on this error or what identity protection mode is?
Thanks!
-Joe
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
No idea; post a screenshot of the VPN config pages and the Win10 VPN client config screens, and ill take a look.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
Hey Train_wreck, Thanks again for helping! Here are the screenshots:
Mode Config -
IKE Policy-
L2TP User -
Windows 10 VPN Client-
Here is the error log on the VPN Router -
Hopefully I'm just missing an easy setting somewhere and you'll see it right away.
Thanks!
-Joe
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
Set "Exchange Mode" to "Main" in your IKE policy. Also, you didn't post a screenshot of the "L2TP Server" page, I'm guessing it's been properly configured as well?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks! Yes, changing to "Main" did allow VPN to connect. Although I can't see the network resources, so something is messed up with my IP routing somewhere. 😞
-Joe
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
What do you mean when you say you can't "see" network resources? Can you ping them?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
Spoke too soon. VPN connects then disconnects shortly thereafter. While connected I can't ping any resources on the network where VPN is connected. I do get assigned one of the IP addresses in the pool for L2TP, but not sure how this translates to an IP address on the internal network I need to access shares on.
Here is the log from the disconnect:
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: No policy found: 10.10.10.0/24[0] 192.168.69.1/32[0] proto=any dir=out
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: No policy found: 192.168.69.1/32[0] 10.10.10.0/24[0] proto=any dir=in
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: 192.168.69.1 IP address has been released by remote peer.
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: KA remove: 96.x.x.x[4500]->108.x.x.x[4500]
Tue Jan 24 20:24:39 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: ISAKMP-SA deleted for 96.x.x.x[4500]-108.x.x.x[4500] with spi:1c839229c40a79aa:0075e3770bb1bb68
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Ignoring request for negotiation to 108.x.x.x as Local is configured as Responder.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for 108.x.x.x.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for 108.x.x.x.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: anonymous
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=1c839229c40a79aa:0075e3770bb1bb68.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: [IPSEC_VPN] Purged IPsec-SA with proto_id=ESP and spi=2321133354(0x8a59af2a).
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'.
Tue Jan 24 20:24:38 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Deleting generated policy for 108.x.x.x[0]
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Transport 96.x.x.x->108.x.x.x with spi=2321133354(0x8a59af2a)
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Transport 108.x.x.x->96.x.x.x with spi=213507967(0xcb9df7f)
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Adjusting peer's encmode 4(4)->Transport(2)
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: No policy found, adjusting source address for generating the policy incase of NAT-T in Transport Mode: 108.x.x.x/32[1701] 96.x.x.x/32[1701] proto=udp dir=in
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: No policy found, generating the policy : 192.168.1.10/32[1701] 96.x.x.x/32[1701] proto=udp dir=in
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Using IPsec SA configuration: anonymous
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Responding to new phase 2 negotiation: 96.x.x.x[0]<=>108.x.x.x[0]
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Sending Informational Exchange: notify payload[608]
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: ISAKMP-SA established for 96.x.x.x[4500]-108.x.x.x[4500] with spi:1c839229c40a79aa:0075e3770bb1bb68
Tue Jan 24 20:19:35 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: 192.168.69.1 IP address is assigned to remote peer 108.x.x.x[4500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: KA list add: 96.x.x.x[4500]->108.x.x.x[4500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Floating ports for NAT-T with peer 108.x.x.x[4500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: NAT detected: PEER
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: NAT-D payload does not match for 108.x.x.x[500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: NAT-D payload matches for 96.x.x.x[500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: invalid DH group 19.
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] ERROR: invalid DH group 20.
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: For 108.x.x.x[500], Selected NAT-T version: RFC 3947
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received Vendor ID: RFC 3947
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received Vendor ID: MS NT5 ISAKMPOAKLEY
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received unknown Vendor ID
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Beginning Identity Protection mode.
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Received request for new phase 1 negotiation: 96.x.x.x[500]<=>108.x.x.x[500]
Tue Jan 24 20:19:34 2017 (GMT -0800): [FVS318Gv2] [IKE] INFO: Anonymous configuration selected for 108.x.x.x[500].
Based on the error it looks like I need a policy between the VPN network (192.168.69.0) to the LAN network (10.10.10.0)??
Sorry, I'm quite the rookie on this. 😞
-Joe
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
what does "L2TP Server" config page look like?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
Apologies, I forgot to post this page. Here it is:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Cannot connect VPN with L2TP
Hi there, any other help on this one? I still don't have VPN. 😞