Cannot connect with Iphone, but PC works

[Captainquark]

Dear all,

I am running a (home) VPN server for quite a while, and I know that the very first setup worked for both, PC and Iphone. Since I upgraded my installation, I can only connect to my VPN using a PC. When I try to connect using my Iphone, I get the message "The L2TP-VPN-Server does not answer. Please try again or check your settings, or request assistance from your administrator." . I use an Iphone 6 to test.

Here are the details about my setup:
**
1. Operating system name and the type of CPU-bits
Windows Server 2008 R2 Standard, 64bit

2. The result of "ifconfig –a" (UNIX) or "ipconfig /all" (Windows)
see attachment
[attachment=2]ipconfig.txt[/attachment]

3. The result of "uname –a" (UNIX) or "systeminfo" (Windows)
see attachment
[attachment=1]systeminfo.txt[/attachment]

4. The build number of SoftEther VPN
Version 4.18, build 9570

5. Which SoftEther VPN component are you using?
SoftEther VPN Server

6. Whether or not there is a NAT or Firewall between your VPN server and the Internet.
(If there is a NAT or Firewall, you should open a TCP port for the VPN listener.)
There is a router in between. I have opened TCP 443, 992, 1194 and 5555 for PC connections to my VPN server, and UDP 500 and 4500 for L2TP connections using my Iphone.

7. Are you using SecureNAT?
(If so, why don't you use the Local Bridge function instead?
The performance of SecureNAT is lower than Local Bridge, and it consumes
much of CPU time. You should not use SecureNAT except very limited situation.)
Please see http://www.softether.org/index.php?titl ... T_Function
I use the local bridge function.

8. Your current vpn_server.config or vpn_bridge.config file should be attached on the post.
(You may hide your confidential information on these config files if included)
see attached file
[attachment=0]vpn_server.config.txt[/attachment]
**
Any help is very much appreciated!
Thanks and regards,
Cap'

[eastavin]

Captainquark
You did not say what you upgraded? I would consider backing out the upgrades until your system is restored to working order. Then upgrade one thing at a time and keep testing. Having said that working from the current state:

A caveat: I am not an IPhone user but here is what I have experienced with Android clients.

The first thing I would check is did you enter the correct IP address in your L2TP client? ... as the message says the system did not answer.

Next I would check if you entered the Forwarding routes 0.0.0.0/0 into the L2TP client.

Did you enter the preshared key correctly? Messing up the capitals and lowercase is not unusual.

Do you have more than 1 hub on your server? You might use the format of userid@hub for your username to ensure you are going to the right hub. Even with 1 hub its a good idea in case you add or delete a hub in future.

Next i would check the firewall to ensure the port forwards you made actually took place in your router. You might reapply them.

Next i would check to see if you forwarded TCP or UDP. In your note you typed >> There is a router in between. I have opened TCP 443, 992, 1194 and 5555 for PC connections to my VPN server, and UDP 500 and 4500 for L2TP connections using my Iphone. <<

While this sounds good I noticed that you said you opened TCP 1194. If you tried to connect to this with Open VPN instead of L2TP using the sample file provided by Softether VPN Server the attempt would fail as it requires UDP 1194. It is the only port the sample file connects to. However after I checked your server config file I noticed that it shows UDP 1194 is set ok - provided that is the current file you sent.

That aside the remaining ports look ok. So I feel that your issue is in either the client config or the firewall. If you have more info let us know.

[thisjun]

I can't find configuration about IPsec pre-shared key and DefaultHub in your server configuration file.
Please check it again.

[Captainquark]

Thanks guys for your suggestions and hints. I'd like to answer them one after the other:

- Using correct IP - I doublechecked several times what I put in there. I used the Softether Dynamic name, and my own alias through DuckDNS, as well as the IP itself.

- FW route 0.0.0.0 - I cannot find this option in my Iphone. Can anyone give me a hint whether it is possible to enter such a route in the phone?

- PSK - I doublechecked half a dozen times if I entered it correctly. I also tried different ones to make sure it's not a "special-character"-thingy.

- Hubs - No I have only one hub in my server. I tried it with both, username only and username@hubname.

- Ports - not sure how I could test this? Actually, that's the thing I "fear" most, because it says "not responding". I just don't know how to test if it works.

- UDP 1194 - yes, that's the current file I attached.

- I did delete the info about pre-shared key and DefaultHub fromthe file, as I feel this is sensitive data that should not be made public. Rest assured it is there in the original file.

Thanks for your support!
Cap'

[Captainquark]

Sorry, I forgot to mention that I only use the Softether VPN client to connect to this setup, no OpenVPN is in use. However, I don't know which program is currently run on the IPhone to connect, as it's built in the iOS.

[Captainquark]

I just tried to check if the UDP ports are really open on the router, here's the Output from pentools.com:
PORT STATE SERVICE
500/udp open isakmp
4500/udp open|filtered nat-t-ike

So I guess the ports should be accessible?

[PaulC]

See here: - http://www.vpnusers.com/viewtopic.php?f=7&t=5581

It seems that iOS and android devices struggle to get a DHCP IP address when using a DHCP server that's not provided by SecureNAT

if you configure DHCP there, it should work.

Rgds

paul

[Captainquark]

Thanks, Paul. I just responded in http://www.vpnusers.com/viewtopic.php?f=7&t=2698

[mark.barl]

found today and I'm telling the world! iphone L2TP does not like non alphanumeric characters in the secret. Solved my problem.

[Captainquark]

Thanks, but did not solve mine, unfortunately.

[Captainquark]

All,
I have given up and switched to OpenVPN. Worked like a charm on both, PC and Iphone, from the very first try.
Thanks to anyone who tried to help me, though.
Kind regards,
Cap'