l2tp faid server did not respond

[klimdos]

Hi there

server with fake IP (behind NAT)

client - l2tp (iphone)

... it is no connecting (server did not respond)
and no one error into server logs files.

in same time when I am trying with SoftEther Client - success.

2016-09-20 15:31:50.845 On the TCP Listener (Port 0), a Client (IP address xx.xx.xx.66, Host name "xx.xx.xx.66", Port number 55379) has connected.
2016-09-20 15:31:50.845 For the client (IP address: xx.xx.xx.66, host name: "xx.xx.xx.66", port number: 55379), connection "CID-7-06A80B9777" has been created.
2016-09-20 15:31:50.846 SSL communication for connection "CID-7-06A80B9777" has been started. The encryption algorithm name is "RC4-MD5".
2016-09-20 15:31:52.164 [HUB "VPNAx"] The connection "CID-7-06A80B9777" (IP address: xx.xx.xx.66, Host name: xx.xx.xx.66, Port number: 55379, Client name: "SoftEther VPN Client", Version: 4.21, Build: 9613) is attempting to connect to the Virtual Hub. The auth type provided is "Password authentication" and the user name is "sasha".
2016-09-20 15:31:52.164 [HUB "VPNAx"] Connection "CID-7-06A80B9777": Successfully authenticated as user "sasha".
2016-09-20 15:31:52.164 [HUB "VPNAx"] Connection "CID-7-06A80B9777": The new session "SID-SASHA-2" has been created. (IP address: xx.xx.xx.66, Port number: 55379, Physical underlying protocol: "TCP/IP via VPN Azure (IPv4)")
2016-09-20 15:31:52.164 [HUB "VPNAx"] Session "SID-SASHA-2": The parameter has been set. Max number of TCP connections: 2, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2016-09-20 15:31:52.166 [HUB "VPNAx"] Session "SID-SASHA-2": VPN Client details: (Client product name: "SoftEther VPN Client", Client version: 421, Client build number: 9613, Server product name: "SoftEther VPN Server (64 bit)", Server version:...)
2016-09-20 15:31:56.372 On the TCP Listener (Port 0), a Client (IP address xx.xx.xx.66, Host name "xx.xx.xx.66", Port number 55387) has connected.
2016-09-20 15:31:56.372 For the client (IP address: xx.xx.xx.66, host name: "xx.xx.xx.66", port number: 55387), connection "CID-8-7EC28619DB" has been created.
2016-09-20 15:31:56.372 SSL communication for connection "CID-8-7EC28619DB" has been started. The encryption algorithm name is "RC4-MD5".
2016-09-20 15:31:57.044 Connection "CID-8-7EC28619DB" has been terminated.

Please advice how to troubleshooting it

[raafat]

Hello There!. Make sure that both 4500/UDP and 500/UDP are accessible over Internet. Again, make sure about that. Once you finish that job, follow this guide :

https://softether.org/4-docs/2-howto/9. ... VPN_Server

remember it's L2TP/IPSec PSK not anything else!

Good luck (:

[moatazelmasry]

Additionally to rafaat answer:

- Is the l2tp protocol enabled on SoftEther server?
- Is port 1701 reachable

Open the server log file of softether, start your l2tp connection and see if anything at all is being written to the file, if not, most probably it is a NAT/firewall problem and not a Softether problem at all

cheers

[raafat]

moatazelmasry wrote:
> Additionally to rafaat answer:
>
> - Is the l2tp protocol enabled on SoftEther server?
> - Is port 1701 reachable
>
> Open the server log file of softether, start your l2tp connection and see
> if anything at all is being written to the file, if not, most probably it
> is a NAT/firewall problem and not a Softether problem at all
>
> cheers

No need for port 1701 to be reachable (:.

[klimdos]

---------------------------------------------
Powershell listing

PS C:\Users\a> telnet k........ax.vpnazure.net 500
Connecting To k......ax.vpnazure.net...Could not open connection to the host, on port 500: Connect failed

telnet k........ax.vpnazure.net 443 - successes
----------------------------------------------
bash listing

root:~# nmap k...ax.vpnazure.net

Starting Nmap 6.00 ( http://nmap.org ) at 2016-09-22 10:05 MSK
Nmap scan report for k.....ax.vpnazure.net (xxx.158.6.123)
Host is up (0.32s latency).
Not shown: 988 filtered ports
PORT STATE SERVICE
53/tcp closed domain
70/tcp closed gopher
80/tcp closed http
88/tcp closed kerberos-sec
443/tcp open https
514/tcp closed shell
992/tcp closed telnets
999/tcp closed garcon
1723/tcp closed pptp
3389/tcp closed ms-wbt-server
5001/tcp closed commplex-link
8888/tcp closed sun-answerbook

Nmap done: 1 IP address (1 host up) scanned in 15.34 seconds
--------------------------------------------------

Is that means I have no chance to reach my device behind NAT?

[raafat]

If you want to use L2TP/IPSec, then you must open UDP/4500 and UDP/500 and forward them to your SE server. If you can't open those two ports, can you open other ports ?, what about using OpenVPN ?, there is an application which you can use on your IPhone

[moatazelmasry]

@rafaat. As far as I know you need port 1701. Port 500 and 4500 are used initially to establish phase1 ISAKMP and phase2 ESP (IKEv1)
The packets are transported then through port 1701, while port 500,4500 are still in used for IPSec/IKEv1 messages

[thisjun]

VPN Azure doesn't support L2TP/IPSec.