HI im new to this forum and looking for some guidance.
I currently have a draytek vigor 2920 and have managed to create a dial in user with a username and password for me to remote into my office.

this works fine and I have followed the traces via the log and can follow them almost to check.

I now have a remote ip phone that im trying to create the same. The phone (alcatel-lucent) has a built in vpn server and I have entered the remote ip address and PSK as per instructions, with the telephone system ip address set within the phone ready for connection once the VPN is is successful.

I have ran a trace and entered the login credentials the same as the pc but the phone will not connect, it just cycles.

attached the logs from the draytek, which shows an attempt to connect but does not.

I have spoken to Alcatel and the stated to router must support the following:

Other VPN server can be used but with the supported cipher protocols and algorithms: IKEv1 + EAP-Xauth, AES-256, SHA256, Diffie-Hellmann group 16 and 5

does the draytek router I have support or can be modified to work on these or do I need another model ?

thank you in advance

Diagnostics >> Syslog Explorer




Web Syslog USB Syslog




Enable Web Syslog Export | Refresh | Clear |
Syslog Type UserFirewallCallWANVPNAll Display Mode Stop record when fullsAlways record the new event




Time

Message

2017-06-28 21:03:17 Responding to Main Mode from 81.168.93.162
2017-06-28 21:03:17 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
2017-06-28 21:02:35 Responding to Main Mode from 81.168.93.162
2017-06-28 21:02:35 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
2017-06-28 21:02:12 Responding to Main Mode from 81.168.93.162
2017-06-28 21:02:12 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
2017-06-28 21:01:59 Responding to Main Mode from 81.168.93.162
2017-06-28 21:01:59 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
2017-06-28 21:01:52 Responding to Main Mode from 81.168.93.162
2017-06-28 21:01:52 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
2017-06-28 21:01:48 Responding to Main Mode from 81.168.93.162
2017-06-28 21:01:48 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
2017-06-28 20:58:49 Responding to Main Mode from 81.168.93.162
2017-06-28 20:58:49 IKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0

selectt wrote: attached the logs from the draytek, which shows an attempt to connect but does not.

I have spoken to Alcatel and the stated to router must support the following:

Other VPN server can be used but with the supported cipher protocols and algorithms: IKEv1 + EAP-Xauth, AES-256, SHA256, Diffie-Hellmann group 16 and 5

does the draytek router I have support or can be modified to work on these or do I need another model ?

I'm no expert, but I think you're looking in the right place; the log seems to show the connection falling at the first hurdle. Presumably the lack of EAP-Xauth prevents it going any further than attempting the key exchange?.

Some clues, I unearthed:

https://www.draytek.co.uk/support/guides/kb-teleworker-xauth-3900 Using XAuth with the latest/greatest Vigor 3900 and Vigor 2960, when equipped with latest software.


Vigor 2920 spec. No mention of XAuth I'm pretty sure it's not present.

Vigor 2960 spec. XAuth and IKE Phase 1 Diffie-Helman Groups 1,2,5 & 14 get a mention ... but no Group 16

Vigor 3900 spec. The spec. for the 3900 doesn't seem to have been updated to reflect the capabilities of the latest firmware.

many thanks for your time to reply.

i think ill invest in a 3900 and see if that cures the issue.

the connection attempt is being made and like you have said it looks like a authentication issues/capability of router

cheers