DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

LAN -> WAN L2TP IPSec VPN Oddness

More
06 Jun 2017 00:30 #89053 by hornbyp
Replied by hornbyp on topic Re: LAN -> WAN L2TP IPSec VPN Oddness
Found some Draytek instructions here: Built-in VPN client – Windows 7 to Vigor Router – L2TP over IPsec . They're using a 2925, but I don't think that matters.

The steps are all what you would expect - but there's some troubleshooting advice :-
Code:
Note : If the L2TP over IPSec tunnel from Windows 7 to Vigor router could not be established successfully, please check the settings below : 1. In Control Panel >> Administrative Tools >> Services, please make sure the IPSec Policy Agent service is started. 2. In Control Panel>> Administrative Tools >> Services, please make sure IKE and AuthIP IPSec Keying Modules are started. 3. Please check if the ProhibitIpSec value is 0 on Windows registry >> HKEY_LOCAL_MACHINE >> SYSTEM >> CurrentControlSet >> services >> RasMan >> Parameters >> ProhibitIpSec. If it is not, please change the value to 0, and restart Windows 7 to try again. The steps are : a. a. Open regedit. etc etc


From my experiments, if ProhibitIpSec <> 0, the Shared Key exchange step is just omitted - and CHAP fails with "Bad Username/Password" (which it isn't). (If required ports are blocked at the firewall, CHAP never even starts).

I've normally used the Smart VPN Client (I've always viewed it as a 'configuration assistant', since I believe it just uses the underlying Windows functionality). Actually, I've never had a great deal of success with the built-in client in the past - probably because of that ProhibitIpSec setting!

There is something weird about the way the Smart VPN Client manipulates it though. On Windows 7, if you ENABLE L2TP/LT2p over IPsec in the client, it works, but sets ProhibitIpSec to 1 - which stops the built-in client working!?! :roll:
If you manually set ProhibitIpSec back to zero, it effectively stops the Smart VPN Client working; it no longer allows L2TP over IPsec...

The (same) Smart VPN Client on Windows 10 does not do this. Also, the L2TP support option changes from "Enable OR Disable" to "L2TP over IPsec OR L2TP"

UPDATE - I've just discovered that there's a later version of Smart VPN Client than the one I'm using, so I'll have a look and see if it changes anything when I get a minute

Please Log in or Create an account to join the conversation.

  • iamq-yesiam
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
13 Jul 2017 08:54 #89249 by iamq-yesiam
Replied by iamq-yesiam on topic Re: LAN -&gt; WAN L2TP IPSec VPN Oddness
Did you mange to try the newer client out and any joy?

Please Log in or Create an account to join the conversation.

More
16 Jul 2017 14:14 #89261 by hornbyp
Replied by hornbyp on topic Re: LAN -&gt; WAN L2TP IPSec VPN Oddness
I did try it, but didn't notice any differences.

Please Log in or Create an account to join the conversation.

  • iamq-yesiam
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
18 Jul 2017 18:02 #89269 by iamq-yesiam
Replied by iamq-yesiam on topic Re: LAN -&gt; WAN L2TP IPSec VPN Oddness
No worries - once I get some more time I'll have a play.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami