D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: Aeronia on November 17, 2011, 07:33:53 AM

Title: DFL 260 - L2TP VPN TUNNEL
Post by: Aeronia on November 17, 2011, 07:33:53 AM

Hi, i m tring for several days to configure unsuccessfully a L2TP VPN canal 

2011-11-17
16:24:25   Info   IPSEC
1802703         


ike_sa_negotiation_completed
ike_sa_completed
local_peer="192.168.1.220:4500 ID 192.168.1.220" remote_peer="masked:4500 ID 192.168.1.2" initiator_spi="ffe16a2d 54e67b33" responder_spi="04ad4a3d a03847e4" int_severity=6
2011-11-17
16:24:25   Info   IPSEC
1802024         


ike_sa_negotiation_completed
options="Responder, NAT-T" mode="Main Mode" auth="Pre-shared keys" encryption=3des-cbc keysize= hash=sha1 dhgroup=2 bits=1024 lifetime=28800
2011-11-17
16:24:25   Warning   IPSEC
1800102         


ipsec_event
message="It is recommended to use non-IP identities with NAT-T to avoid ID collision"
2011-11-17
16:24:25   Warning   IPSEC
1800102         


ipsec_event
message="NAT-T initial contact notification with IP identity 192.168.1.2"
2011-11-17
16:24:25   Info   CONN
600001   IPsecBeforeRules   UDP   wan
core   masked
192.168.1.220   4500
4500   conn_open
conn=open

2011-11-17
16:25:29   Info   IPSEC
1802708         


ike_sa_destroyed
ike_sa_killed
ike_sa=" Initiator SPI ESP=0xffe16a2d, AH=0x54e67b33, IPComp=0x4ad4a3d"
2011-11-17
16:25:29   Notice   IPSEC
1800105         


ike_delete_notification
local_ip=192.168.1.220 remote_ip=masked cookies=ffe16a2d54e67b3304ad4a3da03847e4 reason="Received delete notification"
2011-11-17
16:25:25   Info   IPSEC
1803024         


xauth_exchange_done
statusmsg="Authentication failed"
2011-11-17
16:25:25   Info   IPSEC
1803021         


ipsec_sa_statistics
done=14 success=0 failed=14
2011-11-17
16:25:25   Warning   IPSEC
1800109         


ike_quickmode_failed
local_ip=192.168.1.220 remote_ip=masked cookies=ffe16a2d54e67b3304ad4a3da03847e4 reason="Timeout"
2011-11-17
16:25:25   Warning   IPSEC
1803020         


ipsec_sa_failed
no_ipsec_sa
statusmsg="Timeout"
2011-11-17
16:25:25   Info   IPSEC
1800102         


ipsec_event
message=" Remote Proxy ID 192.168.1.2 udp:1701"
2011-11-17
16:25:25   Info   IPSEC
1800102         


ipsec_event
message=" Local Proxy ID masked  udp:1701"
2011-11-17
16:25:25   Info   IPSEC
1802703         


ike_sa_negotiation_completed
ike_sa_completed
local_peer="192.168.1.220:4500 ID 192.168.1.220" remote_peer="masked:4500 ID 192.168.1.2" initiator_spi="ffe16a2d 54e67b33" responder_spi="04ad4a3d a03847e4" int_severity=6
2011-11-17
16:25:25   Info   IPSEC
1800102         


ipsec_event

I ve used the PDF tutorial "How_to_configure_L2TP_for_roaming_users" for the configuration.



It s a client-to-lan VPN.

Have you a idea of the problems ?

Regards.

Title: Re: DFL 260 - L2TP VPN TUNNEL
Post by: danilovav on November 17, 2011, 10:42:15 AM

Disable XAuth - username/password entered into Windows VPN client will be checked by user auth rule.

Title: Re: DFL 260 - L2TP VPN TUNNEL
Post by: Aeronia on November 17, 2011, 11:25:07 AM

IKE XAuth is already turned off :(

Title: Re: DFL 260 - L2TP VPN TUNNEL
Post by: danilovav on November 19, 2011, 01:49:53 PM

Quote

xauth_exchange_done
statusmsg="Authentication failed"

What is it?
Maybe, you've set it on client?

Title: Re: DFL 260 - L2TP VPN TUNNEL
Post by: Aeronia on November 20, 2011, 02:54:35 PM

My client is basic VPN connection from windows, i haven t see Xauth on it ...   :-\

Title: Re: DFL 260 - L2TP VPN TUNNEL
Post by: danilovav on November 21, 2011, 12:19:21 AM

Does 192.168.1.2 your client?
Probably, its NAT (router) doesn't support IPsec NAT-T
Try to use PPTP or SSL VPN (if your device is DFL-260E)