Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
-
panpanrobot
- Posts: 3
- Joined: Fri Apr 04, 2025 2:56 pm
Post
by panpanrobot » Fri Apr 04, 2025 3:52 pm
Hi SoftEther community,
I'm able to connect to my SoftEther VPN server through the proprietary protocol but not using IPsec / L2TP. Can you pinpoint a problem in my setup? (All names/passwords are substituted except the hub name.)
- In the router in front of the server, I have opened ports 500, 4500, and 1701 UDP (I also opened ESP and AH for testing with no luck).
- In the SERVER (Windows 10), I have unblocked vpnsmgr_x64.exe and vpnserver_x64.exe.
- I checked "Enable L2TP Server Function (L2TP over IPsec)" with the IPsec PSK of "vpn".
- My hub, "VPN_Home", has a user "panpan" with password authentication "password1". "VPN_Home" is default.
- The dynamic DNS is panpan.softether.net
- On the CLIENT Windows 11, I've got the server DNS, L2TP/IPsec with PSA, PSA, username (with no "@VPN_Home" or "VPN_Home/panpan") and password, proxy set to none (auto didn't work either), Allowed protocols are CHAP and MS-CHAP v2.
- On the CLIENT Android all the same except the forwarding routes has "0.0.0.0/0".
On Windows 11 client, I tried the AssumeUDPEncapsulationContextOnSendRule registry fix with no luck. On Android, I tried an app instead. No luck.
I'm at my wit's end! Any ideas?
-
solo
- Posts: 1613
- Joined: Sun Feb 14, 2021 10:31 am
Post
by solo » Fri Apr 04, 2025 11:54 pm
Disable any IPsec/L2TP function on the server computer which might conflict with SoftEther VPN Server's IPsec/L2TP function. If the UDP ports (500, 4500 and 1701) conflicts with other programs, IPsec communication will not work well.
For example, disable the "Routing and Remote Access" service on Windows Server.
https://www.softether.org/4-docs/2-howt ... .2F_L2TPv3
-
panpanrobot
- Posts: 3
- Joined: Fri Apr 04, 2025 2:56 pm
Post
by panpanrobot » Mon Apr 07, 2025 4:24 pm
Thanks for the idea, solo. The "Routing and Remote Access" service was offline. I don't think any other services are using the ports. Any other ideas?
-
solo
- Posts: 1613
- Joined: Sun Feb 14, 2021 10:31 am
Post
by solo » Tue Apr 08, 2025 3:04 am
panpanrobot wrote: ↑Fri Apr 04, 2025 3:52 pm
I'm able to connect to my SoftEther VPN server through the proprietary protocol...
On SE client disable NAT-T and if you can't connect now to panpan.softether.net (NOT vpnazure.net), your port forwarding is useless because ISP is blocking incoming connections.
-
panpanrobot
- Posts: 3
- Joined: Fri Apr 04, 2025 2:56 pm
Post
by panpanrobot » Tue Apr 08, 2025 11:46 pm
Hm, I can't connect locally. Does that provide a hint? I'll keep the ISP possibility in mind, but I see that other Verizon users are successfully getting through via L2TP/IPsec on different solutions.
-
solo
- Posts: 1613
- Joined: Sun Feb 14, 2021 10:31 am
Post
by solo » Tue Apr 08, 2025 11:51 pm
Then this case is closed.
