Cannot connect via L2TP by manual setting in Windows7

[darkdancer]

My server manager connection problem resolved by using a older version of softether VPN, it seems that 4.06 is unstable

I am not using 4.04 client/server/manager suite.

But even when I enabled L2TP service on the VPN server, I still cannot connect via windows' own setting.

I can connect by using softether VPN client, so I believe it is not an issue about firewall or the server setting. When I try to use manual setting(yes, I double checked server_ip/username/pswd/preshared_secret), I always get 809 error from windows.

Has anyone encountered similar problems as I do? Any suggestion will be helpful!

Configuration file is attached
Thank you so much!

[darkdancer]

Is there any special setting I need to do to be able to use l2tp?
Do I need to install l2tp server on my server first to really enable l2tp service?

Thanks

[CateFul]

same here, two Mac OS systems on the same client network work just fine. The Windows 7 client keeps getting error 809. Even followed Microsoft kb http://support.microsoft.com/kb/926179 to no avail.

The softether client software on the Windows 7 works without any problems, but the native Windows L2TP/IPSec client does not work. Looks like to me the IPSec part of the communication doesn't go through.

Here's my log(looks like it timed out at the 08:30:17.803 mark on IPSec ESP session):

2014-04-27 08:27:46.792 IPsec IKE Session (IKE SA) 10 (Client: 7) (110.184.79.252:49152 -> 119.9.73.176:4500): The client initiates a QuickMode negotiation.
2014-04-27 08:27:46.792 IPsec ESP Session (IPsec SA) 15 (Client: 7) (110.184.79.252:49152 -> 119.9.73.176:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x9DC7482F, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2014-04-27 08:27:46.792 IPsec ESP Session (IPsec SA) 15 (Client: 7) (110.184.79.252:49152 -> 119.9.73.176:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0xC5D3747, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2014-04-27 08:27:47.149 IPsec ESP Session (IPsec SA) 15 (Client: 7) (110.184.79.252:49152 -> 119.9.73.176:4500): This IPsec SA is established between the server and the client.
2014-04-27 08:30:17.803 IPsec ESP Session (IPsec SA) 13 (Client: 7) (110.184.79.252:49152 -> 119.9.73.176:4500): This IPsec SA is deleted.
2014-04-27 08:30:17.803 IPsec ESP Session (IPsec SA) 13 (Client: 7) (110.184.79.252:49152 -> 119.9.73.176:4500): This IPsec SA is deleted.
2014-04-27 08:38:49.987 Administration mode [RPC-92]: The log file on the server "yalongcapital.com" (log file "server_log/vpn_20140427.log") has been downloaded.

Please help!

[CateFul]

CateFul wrote:
> same here, two Mac OS systems on the same client network work just fine. The Windows
> 7 client keeps getting error 809. Even followed Microsoft kb
> http://support.microsoft.com/kb/926179 to no avail.
>
> The softether client software on the Windows 7 works without any problems, but the
> native Windows L2TP/IPSec client does not work. Looks like to me the IPSec part of
> the communication doesn't go through.
>
> Here's my log(looks like it timed out at the 08:30:17.803 mark on IPSec ESP session):
>
> 2014-04-27 08:27:46.792 IPsec IKE Session (IKE SA) 10 (Client: 7)
> (110.184.79.252:49152 -> 119.9.73.176:4500): The client initiates a QuickMode
> negotiation.
> 2014-04-27 08:27:46.792 IPsec ESP Session (IPsec SA) 15 (Client: 7)
> (110.184.79.252:49152 -> 119.9.73.176:4500): A new IPsec SA (Direction: Client
> -> Server) is created. SPI: 0x9DC7482F, DH Group: (null), Hash Algorithm: SHA-1,
> Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or
> 3600 seconds
> 2014-04-27 08:27:46.792 IPsec ESP Session (IPsec SA) 15 (Client: 7)
> (110.184.79.252:49152 -> 119.9.73.176:4500): A new IPsec SA (Direction: Server
> -> Client) is created. SPI: 0xC5D3747, DH Group: (null), Hash Algorithm: SHA-1,
> Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or
> 3600 seconds
> 2014-04-27 08:27:47.149 IPsec ESP Session (IPsec SA) 15 (Client: 7)
> (110.184.79.252:49152 -> 119.9.73.176:4500): This IPsec SA is established between
> the server and the client.
> 2014-04-27 08:30:17.803 IPsec ESP Session (IPsec SA) 13 (Client: 7)
> (110.184.79.252:49152 -> 119.9.73.176:4500): This IPsec SA is deleted.
> 2014-04-27 08:30:17.803 IPsec ESP Session (IPsec SA) 13 (Client: 7)
> (110.184.79.252:49152 -> 119.9.73.176:4500): This IPsec SA is deleted.
> 2014-04-27 08:38:49.987 Administration mode [RPC-92]: The log file on the server
> "yalongcapital.com" (log file "server_log/vpn_20140427.log") has
> been downloaded.
>
> Please help!

BTW, server side is the latest 4.06 Build 9437 on CentOS 6.5 64 bit. Client side include two Mac OS 10.9.2(both works perfect), one Windows 7 Ultimate 64 bit which is the client with error 809.

[CateFul]

I messed around with the server side settings a bit and I found out that if I enable raw L2TP (no IPSec encryption) and use MS Chap or PAP on the client side, the Windows machine will connect just fine. So this is probably an IPSec issue. Anybody knows how to fix this?

[CateFul]

SOLUTION FOUND!

I digged deeper into the log files and found out that Windows 7 by default is disabling IPSec on PPP. Don't know why but this is how it is.

Here's how to fix this:

1. Go to windows registry, locate the following keys and delete it.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters]
"ProhibitIpSec"=dword:00000001

2. Restart

3. On the VPN connection properties page, tick MS-CHAP v2. Connect.

This solved the error 809 for me!