DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

OSX 10.5.6 and L2TP/IPSEC

  • northerngit
  • Topic Author
  • User
  • User
More
08 Jan 2009 09:48 #1 by northerngit
OSX 10.5.6 and L2TP/IPSEC was created by northerngit
Hi All,

Trying to use the inbuilt OSX VPN client to connect to a 2820n v3.3.0 PPTP works flawlessly, but


The documentation for L2TP on the Draytek site looks from the screenshots to be for OSX 10.4 and an ancient Draytek.

http://www.draytek.com/support/support_note/router/application/vpn_solution/2/A/d_pptp.php

The initial IPSEC connection establishes, but the L2TP timesout. From a tcpdump, the OSX machine requests information from the Draytek, but gets no response.

Thu Jan 8 08:44:57 2009 : IPSec connection started
Thu Jan 8 08:44:57 2009 : IPSec phase 1 client started
Thu Jan 8 08:44:57 2009 : IPSec phase 1 server replied
Thu Jan 8 08:44:57 2009 : IPSec phase 1 established
Thu Jan 8 08:44:58 2009 : IPSec phase 2 started
Thu Jan 8 08:44:58 2009 : IPSec phase 2 established
Thu Jan 8 08:44:58 2009 : IPSec connection established
Thu Jan 8 08:44:58 2009 : L2TP sent SCCRQ
Thu Jan 8 08:45:18 2009 : L2TP cannot connect to the server

This is not a firewall issue. Anyone able to shed some light, or details their own expiriences?

Cheers,

J.

Please Log in or Create an account to join the conversation.

More
08 Jan 2009 15:44 #2 by gcp
Replied by gcp on topic OSX 10.5.6 and L2TP/IPSEC
I found the same thing happened to me all the time. I switched back to PPTP.

Please Log in or Create an account to join the conversation.

  • northerngit
  • Topic Author
  • User
  • User
More
05 Feb 2009 18:23 #3 by northerngit
Replied by northerngit on topic OSX 10.5.6 and L2TP/IPSEC
I've been working with Draytek support, and after connecting to the office 2820 to rectify our L2TP/IPSEC issues for OSX, I received the following disappointing email.

"Hello,

Thank you for your email, It seems that L2TP with IPSEC is a known issue and is not recommended as well on DrayTek, I would suggest is to create a Remote Worker Profile with IPSEC or PPTP ; as L2TP without IPSEC is not encrypted and with IPSEC is causing or known to cause problems behind a router or being natted."

So in short, a fundamental advertised feature doesn't work, with no mention of a fix. Further investigation reveals that L2TP/IPSEC issues with NAT affect many devices. A warning in the manual would be nice, rather than spending over a week with support. Whom you would believe would simply tell you this at the start...

After the botched firmware updates and flakey wireless, this really takes the cake.

Please Log in or Create an account to join the conversation.

More
28 May 2009 16:14 #4 by coderus
Replied by coderus on topic OSX 10.5.6 and L2TP/IPSEC
For the achive's, but I have this working fine with the latest 3.3.0 firmware on a 2820vn and with 10.5.6 machine (where the 2820vn is attached to cable modem).

One observation where you VPN into does seem problematic as I have gotten cases where PPTP works and L2TP doesn't and then the other way round. So having both setup I beleive is useful, as then you have one or the other option available to connect.

Please Log in or Create an account to join the conversation.