Help with IPSec/L2TP VPN server please

[Lectoid]

I can get PPTP VPN server working fine from my iPhone to the Almont+.

I can not get IPSec to work on my iPhone or windows PC (Don't have anything else to test with). For reference I set up sonicwalls at least once a month so I have an idea of how to set up VPN's.

On the Almond+, I have it set as:
VPN Server: IPSec Server
IPSec Policy: Pre-shared key
Pre-shared key: (secret)
Local Endpoint: (WAN IP address of almond+)
Local IP:  192.168.1.1

and below I set up a user and password for an account.


On the iPhone I have it set as:
Type: L2TP
Server: (WAN IP address of almond+)
account: (user)
password: (password)
Secret: (secret)

What am I missing? When I try to connect I get "The L2TP-VPN server did not respond. Try reconnecting..."

Is there a log I can view in the almond+? I didn't see any activity in the system log when working on this.

Thanks!!

[razzfazz]

Shouldn't you be using type "IPSec" on the phone, not "L2TP"?

[Lectoid]

I tried that, didn't work either. I researched this and I think I saw someone mention you use L2TP for this type.

If you go in to the OpenWRT part, then services, then VPN server. You will see L2TP under pre-shared key when the IPSec option is chosen.

[Ashok]

@ Lectoid,

Which mode are you using the Almond+?

[Lectoid]

Just like a normal router. I thought there was a screen where you pick but I can't see it from the web interface. But like I said it's just set up like any home router would be.

[Lectoid]

Is anyone else having this issue?

[Ashok]

@ Lectoid,

To diagnose the issue, is it possible for you to try connecting any other device apart from iPhone.

[Lectoid]

I mentioned in my first post I had also tried my windows PC. Let me see if I can get the specific error.

"The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

PC VPN settings:
Server name: (WAN IP of Almond+)
VPN Type: Layer 2 tunneling protocol with IPsec (L2TP/IPsec)
 - advanced settings - user preshared key for authentication: (secret)
user name: (user)
password: (pass)

[cff]

If you are using IPSec on the Almond+, you should be using IPSec on the iPhone (or any other device) also.

I have the same issue, BTW. I can get L2TP to work, but not IPSec (same error as you are getting). I have seen others with the same issue on this forum also. I would suspect it related to my ISP, but I use various other IPSec connections with no issue, so I am guessing it's related to the Almond+.

[Lectoid]

Is there anyone that can help with this?

I have a new phone and still getting same errors. Almond + has 83 firmware on it now.

I also can't connect from my Windows PC. I've verified all the passwords. Went in to advanced settings of the VPN and set the preshared key.

Is there a log on the Almond+ I can view while trying to connect to see what the errors are?

I can get the PPTP to work, but that's not secure.

[SecureComp]

Is there anyone that can help with this?

I have a new phone and still getting same errors. Almond + has 83 firmware on it now.

I also can't connect from my Windows PC. I've verified all the passwords. Went in to advanced settings of the VPN and set the preshared key.

Is there a log on the Almond+ I can view while trying to connect to see what the errors are?

I can get the PPTP to work, but that's not secure.

Sorry missed this earlier.

I use VPNs on a regular basis, including with the Almond+ with Linux, Android and IOS clients.

On the A+ side;

IPSEC
PRE-SHARED
simple key phrase to start, basic alphanumeric, increase strength later
LOCAL ENDPOINT - verify external IP, I'm sure you have it right, just double check
LOCAL IP - pick something outside of the DHCP range, do not specify some Static Lease

On the Client side, starting with the iPhone (which IOS?)

TYPE L2TP
SERVER = WAN IP
ACCOUNT=usename, create a new one and make sure changes are saved or committed
RSA SECURE ID = OFF
PASSWORD=password for user
SECRET=keyphrase
SEND ALL TRAFFIC=ON
PROXY OFF

PC Client;
L2TP over IPSEC
Same as above

Android Client;
L2TP/IPSEC/PSK
L2TP secret (not used)
IPSec Identifier (not used)
IPSec Pre Shared Key
Do Not Specify DNS Search Domains, DNS Servers, Forwarding Routes

[SecureComp]

Server Did Not Respond means;
1) the VPN Server is not actually running, there is a Check Box that must be Checked
2) ports are blocked by the ISP
3) ports are blocked by a Firewall

Have you done any custom work on your Firewall settings?

May want to do a quick dump of your iptables to take a look or use OpenWRT and review the firewall setup. If you did make any changes in an effort to sort something, those changes may be creating an issue.

[SecureComp]

And of course, when testing from your phone, make sure WiFi is turned off and that you are actually using the cellular network  to find your A+ WAN port.

[SecureComp]

There is LOTS of debug info in the System Log.
You may not recognize it if you haven't debugged VPN's before.

[Lectoid]

All of my experience with VPN's are with Sonicwalls, but that hasn't really helped me here.

I swear I read the Local IP was supposed to be the same as the routers LAN IP. Also I do have the VPN enabled.

I changed it to a known unused one ouside my DHCP and I still get the errors both on LTE and Wi-Fi (Wi-Fi is a different IP scheme)

I guess I can bring my A+ to work and try it on an open WAN port we use for testing, because I know no ports are blocked there.

IOS has always been the latest public release.

I think I mentioned it, but PPTP does work.

I haven't made any real changes to my A+ past port forwards, none of which are for IPSec or L2TP. Even deleted them all to be sure.