Page 1 of 1

Problem with L2TP/IPSec

Posted: Mon Sep 15, 2014 3:21 pm
by jiaqi1993
Hello Everyone,

I have a problem with connecting to my vpn via L2TP/Ipsec.(Tried using PC & Android)

I'm actually able to connect to it via the Softether client and OpenVPN.

1)My Server is running on RaspberryPi
2)Already did the port forward(UDP 500 & 4500)
3)The setting for l2tp/ipsec is ON as the picture shown (http://imgur.com/TCWC4vl)
4)Local Bridge is used

I did a google search for the error(789) that I received from PC side but still unable to solve the problem.
I'm pretty sure that the pre-shared key is correct, username and password is valid.
Even if I made the server offline, the error that I received was still the same.

May I know if there's any extra setting that needs to be done before I can actually connect it via L2TP/IPSec?
I am willing to open a remote session via TeamViewer if it's needed.

Much appreciate for your help.

Re: Problem with L2TP/IPSec

Posted: Mon Sep 15, 2014 4:53 pm
by letun4eg
Hi! Check 1701/UDP port.

Re: Problem with L2TP/IPSec

Posted: Mon Sep 15, 2014 5:07 pm
by qupfer
Error 789 souds like a windows client?

Most problems are certifcate errors (MS check it for validation) or not enabled/allowed NAT-T on client side. (its not allowed by default)

Take a look at this post:
http://www.vpnusers.com/viewtopic.php?f ... =mmc#p5580

Re: Problem with L2TP/IPSec

Posted: Tue Sep 16, 2014 2:12 am
by jiaqi1993
letun4eg wrote:
> Hi! Check 1701/UDP port.

I have actually enabled all these ports
http://imgur.com/elmUlA5
including 1701,443,4500,500,5000,1194

It connects when I'm using the local network ip. But when I want to use the public ip, it rejects( using android phone)

Re: Problem with L2TP/IPSec

Posted: Tue Sep 16, 2014 5:58 am
by letun4eg
If you can connect in the local network and cann't connect outside - check port forwarding if you using nat.

Re: Problem with L2TP/IPSec

Posted: Wed Sep 24, 2014 7:34 am
by thisjun
Could you connect another L2TP server?
http://www.vpngate.net/en/

Re: Problem with L2TP/IPSec

Posted: Wed Sep 24, 2014 9:40 am
by jiaqi1993
thisjun wrote:
> Could you connect another L2TP server?
> http://www.vpngate.net/en/

Hi thisjun, I'm able to connect to the public l2tp server.

Wondering if my ISP blocks the L2TP traffic.

Only able to connect via local IP.

Re: Problem with L2TP/IPSec

Posted: Mon Sep 29, 2014 3:40 am
by crashcarstar
It appears I'm having almost the exact same issue. I can connect just fine from inside my network but can't once I try from the public side. My ports are forwarded and I even tried putting the server into DMZ and it still didn't help.

Re: Problem with L2TP/IPSec

Posted: Mon Sep 29, 2014 12:38 pm
by crashcarstar
I went to bed and when I tried it the morning, it seemed to work.

Re: Problem with L2TP/IPSec

Posted: Tue Sep 30, 2014 2:42 pm
by jiaqi1993
crashcarstar wrote:
> I went to bed and when I tried it the morning, it seemed to work.

May I have a screenshot of the port forwarding to allow me to check if I missed out some port

Thanks

Re: Problem with L2TP/IPSec

Posted: Wed Oct 01, 2014 4:02 am
by jiaqi1993
Strange problem now, it can connect sometimes.

Re: Problem with L2TP/IPSec

Posted: Thu Oct 09, 2014 6:14 am
by thisjun
Could you show me your VPN Server log?

Re: Problem with L2TP/IPSec

Posted: Sat Jun 03, 2017 6:00 pm
by starikoff72
I have the same problem.
When i use L2TP client on win7, i have a 789 error.
Android L2TP client doesn,t connect too.
But i can connect to my server via Softether client on port 5555.
Ports 1701, 500, 4500 on server are opened in iptables.
And there is nothing in server security log.
Does it mean, that provider on the server-side blocks l2tp traffic?

Re: Problem with L2TP/IPSec

Posted: Thu Jun 15, 2017 5:37 am
by thisjun
Does the server have global IP address?

Re: Problem with L2TP/IPSec

Posted: Mon Jun 19, 2017 5:53 am
by starikoff72
thisjun wrote:
> Does the server have global IP address?
Yes, it has.
I can connect it via softether vpn client, but can not connect via windows l2tp client and android l2tp client.

Re: Problem with L2TP/IPSec

Posted: Thu Jun 22, 2017 4:55 am
by kneel
>> Does the server have global IP address?
>Yes, it has.

I have seen this with server running on AWS - in this case, the server has a private IP and the public IP is DMZed to the server. This screws with IPSec. If your ifconfig does NOT show your public IP, this could be the problem.
This does turn up in the logs though, IIRC.

Re: Problem with L2TP/IPSec

Posted: Thu Jul 06, 2017 7:25 am
by thisjun
SoftEther VPN Client can connect to the VPN server which doesn't have global IP address.