Hi, is anyone experiencing VPN issues using L2TP/IPSec to a mixture of Draytek routers and ISP's from the Windows built in client, multiple devices ( Win10, Win7, Server 2019) had the same effect, this started around end of Feb?
The connection timed out with the error The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer

We have been experiencing this for a few weeks and initially lost access to over 20 VPN endpoints as well as our own for about a week when connecting from various sites/ISP's using multiple laptops, then inexplicably some started restoring the ability to connect over about a week.
We are now left with 3 locations with problems, 2 have Draytek 2960 routers, both on 1.5.1.2 FW.

In 2 locations we were able to connect from the same laptop's and PC's on our network if we ditched our VDSL and allowed our 2862Ln to fail over to a 4G connection or used a backup ADSL connection on a 2nd router but one of these locations has stopped responding today no matter what ISP connection is used.
The 3rd location that is refusing connections is on BTnet with a 2960 installed after the BTnet Cisco router and they insist nothing their end or on their managed Cisco router is preventing connection.
At all the sites with problems the only way we can connect is by LAN-LAN IPsec tunnel from our 2862Ln.

We have contacted various ISP's but they are not aware of anything and say they have not had any reports from other users.

its all very strange......Any advice much appreciated

I would have thought the most likely thing to have changed, is the Windows end - Software as a Service, and-all-that

It could even be something that Microsoft broke in February and fixed in March!

I think you're going to have to use Syslog at the Vigor end, to try and narrow down where the negotiation is failing. I'm not sure how much info Windows writes to the Dialup-network logging for L2TP/IPsec (but worth investigating).

Thanks for your input Hornbyp, that was my 1st thought but with the same effect being seen on multiple laptops / PC's and Win 10 and Win7 I concluded it was probably unlikely especially since Win7 no longer receives updates from MS.

looks like I'll probably have to dig deeper as you suggest, will reply on this post when/if I get to the bottom of it
Thanks

We use the built in client sparingly but I think I have seen a few tickets with this error or similar in the last week or so. I cant help any more than that at the moment.

techcareict wrote:
I concluded it was probably unlikely especially since Win7 no longer receives updates from MS.

Aren't the Windows 7 Clients on Extended Support ? :shock:

Ok, bit of a development.
We have another client with a 2960 with 1.5.1 FW that had been accepting L2TP connections externally but not via our 2862Ln and has just started refusing all L2TP connections from all locations.
On checking the FW it appears it has auto updated to 1.5.1.2, We usually set FW to manual update so its a bit puzzling why its set to auto but it could be an oversight.

Looking at remaining effected sites they are a mix of 2960 and 2862 devices, the 2960 all have FW 1.5.1.2 and the 2862's all have FW 3.9.4.1_BT
I'm now starting to think the remaining problem may be related to latest FW and not just the 2960, Our own 2862Ln was updated 3.9.4.2_BT recently I think but I cant be certain exactly when.

We are going to roll back some FWs and will come back and post results.


On the other replies,
@hornbyp, Thanks for pointing that out but the win7 installs we are using are OEM and not enrolled in ESU

Thanks @quaz01, I hadn't noticed them...