All of my experience with VPN's are with Sonicwalls, but that hasn't really helped me here.
That's cool, SonicWalls are good stuff.
The debug info on the Almond+ will not look familiar. I will grab a screen shot of a sample connect and disconnect and post it up. May not get it done until tomorrow. Then you can look at a known good sample and compare it to your info.
The basic info you shared (though system logs would be more helpful at this point) makes me wonder if you are getting through to your A+ from the outside at all. The puzzling thing is, you ARE able to connect using a different method. So really, in the logs, we should see the connect attempt and a specific reason for the failure. Not a generic, can't connect to the server kind of message.
I swear I read the Local IP was supposed to be the same as the routers LAN IP.
Depend on the VPN software, you can actually specify which IP to use, static, DHCP allocated, etc. on a per client basis.
But yes, the Local IP is that of the router. Changing it to something else should have forced another error which would show up in the system log.
When you change it to something else, go ahead and test your PPTP connection and watch it fail, then check the System Logs. Then change it back to the local IP of the router, watch the successful connect in the System logs with PPTP and then watch the connect attempt with IPSec in the logs.
Also I do have the VPN enabled.
Had to ask. Often the simple things are overlooked.
I changed it to a known unused one ouside my DHCP and I still get the errors both on LTE and Wi-Fi (Wi-Fi is a different IP scheme)
For now, let's stick with the LTE debug.
Being on a separate WiFi network but still behind the A+ (if that's what you are talking about) leads to route debugging and we'd need to verify a number of things. So the easiest way to proceed is debugging from a network that is absolutely on the other side of the Interweb from your residential ISP. IF you mean a WiFi network at a different location, work, friend, family, etc. then it should be fine though you do run the risk of some funky routing stuff creating problems, it is unlikely. I am using my VPN from a dozen remote locations, using several different ISPs, behind a fistful of different routers/networks/firewalls. All of them do exactly what they should, allow me to tunnel as needed.
I guess I can bring my A+ to work and try it on an open WAN port we use for testing, because I know no ports are blocked there.
If you can, that'd be great. Though IF the issue is with any of your firewall mods on the A+, anticipate similar results.
IOS has always been the latest public release.
Brave Soul. I lag back a dot release or two until it is well baked in the public soak.
I think I mentioned it, but PPTP does work.
Which makes me think 2 things.
You must be hitting the Server with the initial connect attempt and the debug logs should show it OR a firewall/iptables/routing mod has hosed up some basic functionality.
I haven't made any real changes to my A+ past port forwards, none of which are for IPSec or L2TP. Even deleted them all to be sure.
Haha "real" changes. Port Forwarding can crush you when dynamically allocated ports get called. Do you uPnP turned on?
When deleting, there is deleting and then there is
deleting.
Which interface do you use for your mods?
Web Interface?
OpenWRT?
Command Line?
Last thought AND
Last Resort, and this is a risky one, so proceed with your own best judgement.
Create a separate "test" user id/password combo.
PM me the details and I will try a remote test and look at local debug info.
Probably better off contacting Securifi Tech Support before doing this, you have no idea who folks are on a forum and I sure wouldn't let a stranger into my "house". But I'll make the offer because you seem to be struggling a bit with this. Your call.
