DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Vigor2830 dial-in user VPN access issues and L2TP with IPSEC
- captain-midnight
- Topic Author
- Offline
- New Member
Less
More
- Posts: 8
- Thank you received: 0
22 Oct 2011 18:50 #69767
by captain-midnight
Vigor2830 dial-in user VPN access issues and L2TP with IPSEC was created by captain-midnight
Currently have 2x issues: -
1. Configuring multiple username/password remote dial-in users ONLY allows 1x username (and the same) to successfully connect via L2TP with IPSEC VPN encryption?
2. The only fully authenticated and L2TP with IPSEC encryption VPN is ALWAYS displayed in the 2830 VPN connection management in 'black' and doesn't show any encryption detail - whereas the Draytek Smart VPN Client clearly states in the IPSEC tab on the connection that ESP encryption is indeed in opperation? Both client and router are configured to 'must' have encryption to connect?
Further info for issue 1 - my biggest issue:
I've recently bought a 2830 router and all is working except 'multiple' remote dial-in VPN user access? Fireware is 3.3.6.
I've setup 3x user account details and all are the same except their usernames and passwords. On testing the VPN which is L2TP with IPSEC, only 1x of the usernames will successfully connect and establish the VPN.
So, in case the remote user username/passwords were corrupt, I've used the reset to factory defualts option and recreated a single remote access username/password - VPN works 100% of the time, now created a 2nd username/password exactly the same way as the first and as before now only the 1st username/password created is allowed to successfully establish a viable VPN?
All additional username/passwords created fail the L2TP with IPSEC VPN connection authentication stating that the username/password is NOT valid on the domain - even though NON of the username/password combinations are in anyway configured on the domain protected by the 2830.
Any help on this would be appreciated on enabling all configured remote dial-in users to successfully connect via the L2TP VPN with IPSEC encryption.
1. Configuring multiple username/password remote dial-in users ONLY allows 1x username (and the same) to successfully connect via L2TP with IPSEC VPN encryption?
2. The only fully authenticated and L2TP with IPSEC encryption VPN is ALWAYS displayed in the 2830 VPN connection management in 'black' and doesn't show any encryption detail - whereas the Draytek Smart VPN Client clearly states in the IPSEC tab on the connection that ESP encryption is indeed in opperation? Both client and router are configured to 'must' have encryption to connect?
Further info for issue 1 - my biggest issue:
I've recently bought a 2830 router and all is working except 'multiple' remote dial-in VPN user access? Fireware is 3.3.6.
I've setup 3x user account details and all are the same except their usernames and passwords. On testing the VPN which is L2TP with IPSEC, only 1x of the usernames will successfully connect and establish the VPN.
So, in case the remote user username/passwords were corrupt, I've used the reset to factory defualts option and recreated a single remote access username/password - VPN works 100% of the time, now created a 2nd username/password exactly the same way as the first and as before now only the 1st username/password created is allowed to successfully establish a viable VPN?
All additional username/passwords created fail the L2TP with IPSEC VPN connection authentication stating that the username/password is NOT valid on the domain - even though NON of the username/password combinations are in anyway configured on the domain protected by the 2830.
Any help on this would be appreciated on enabling all configured remote dial-in users to successfully connect via the L2TP VPN with IPSEC encryption.
Please Log in or Create an account to join the conversation.
- captain-midnight
- Topic Author
- Offline
- New Member
Less
More
- Posts: 8
- Thank you received: 0
23 Oct 2011 12:13 #69772
by captain-midnight
Replied by captain-midnight on topic Re: Vigor2830 dial-in user VPN access issues and L2TP with I
Update:
The reason why only 1x of the 3x usernames was working via L2TP is what looks like a bug in the way the remote-user vpn is setup in my box. Whenever a new remote user is added via the wizard, at the end instead of going to the connection manager, if I selected to access more detailed configuration and made user I re-typed in the user password before hitting OK that username would now work.
Currently looking at the encryption now as all user accounts work if encryption level is set to 'none' or 'nice to have' instead of 'must'.
The reason why only 1x of the 3x usernames was working via L2TP is what looks like a bug in the way the remote-user vpn is setup in my box. Whenever a new remote user is added via the wizard, at the end instead of going to the connection manager, if I selected to access more detailed configuration and made user I re-typed in the user password before hitting OK that username would now work.
Currently looking at the encryption now as all user accounts work if encryption level is set to 'none' or 'nice to have' instead of 'must'.
Please Log in or Create an account to join the conversation.
- captain-midnight
- Topic Author
- Offline
- New Member
Less
More
- Posts: 8
- Thank you received: 0
25 Oct 2011 12:52 #69799
by captain-midnight
Replied by captain-midnight on topic Re: Vigor2830 dial-in user VPN access issues and L2TP with I
SOLVED:
The whole issue was caused by the Smart VPN Client - the registry settings that it was supposed to change had not in fact been changed due to an unknown reason.
After completely removing the software and trying again and comaring with a completely different remote user machine, L2TP with IPSec encryption is now fully working.
Just to note: the original error of 'PPP CHAP Authentication' failure as detailed in the 2830 router logs is unfortunately as previously stated completely misleading and hopefully future firmware versions may give mode debuging info - which would actually pinpoint the exact issues.
The whole issue was caused by the Smart VPN Client - the registry settings that it was supposed to change had not in fact been changed due to an unknown reason.
After completely removing the software and trying again and comaring with a completely different remote user machine, L2TP with IPSec encryption is now fully working.
Just to note: the original error of 'PPP CHAP Authentication' failure as detailed in the 2830 router logs is unfortunately as previously stated completely misleading and hopefully future firmware versions may give mode debuging info - which would actually pinpoint the exact issues.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek