DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
LAN -> WAN L2TP IPSec VPN Oddness
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
06 Jun 2017 00:30 #89053
by hornbyp
Replied by hornbyp on topic Re: LAN -> WAN L2TP IPSec VPN Oddness
Found some Draytek instructions here:
Built-in VPN client – Windows 7 to Vigor Router – L2TP over IPsec
. They're using a 2925, but I don't think that matters.
The steps are all what you would expect - but there's some troubleshooting advice :-
From my experiments, if ProhibitIpSec <> 0 , the Shared Key exchange step is just omitted - and CHAP fails with "Bad Username/Password" (which it isn't). (If required ports are blocked at the firewall, CHAP never even starts).
I've normally used the Smart VPN Client (I've always viewed it as a 'configuration assistant', since I believe it just uses the underlying Windows functionality). Actually, I've never had a great deal of success with the built-in client in the past - probably because of that ProhibitIpSec setting!
There is something weird about the way the Smart VPN Client manipulates it though. On Windows 7, if you ENABLE L2TP/LT2p over IPsec in the client, it works, but sets ProhibitIpSec to 1 - which stops the built-in client working!?!
If you manually set ProhibitIpSec back to zero, it effectively stops the Smart VPN Client working; it no longer allows L2TP over IPsec...
The (same) Smart VPN Client on Windows 10 does not do this. Also, the L2TP support option changes from "Enable OR Disable" to "L2TP over IPsec OR L2TP "
UPDATE - I've just discovered that there's a later version of Smart VPN Client than the one I'm using, so I'll have a look and see if it changes anything when I get a minute
The steps are all what you would expect - but there's some troubleshooting advice :-
Code:
Note :
If the L2TP over IPSec tunnel from Windows 7 to Vigor router could not be established successfully, please check the settings below :
1. In Control Panel >> Administrative Tools >> Services, please make sure the IPSec Policy Agent service is started.
2. In Control Panel>> Administrative Tools >> Services, please make sure IKE and AuthIP IPSec Keying Modules are started.
3. Please check if the ProhibitIpSec value is 0 on Windows registry >> HKEY_LOCAL_MACHINE >> SYSTEM >> CurrentControlSet >> services >> RasMan >> Parameters >> ProhibitIpSec.
If it is not, please change the value to 0, and restart Windows 7 to try again. The steps are :
a. a. Open regedit. etc etc
From my experiments, if ProhibitIpSec <> 0
I've normally used the Smart VPN Client (I've always viewed it as a 'configuration assistant', since I believe it just uses the underlying Windows functionality). Actually, I've never had a great deal of success with the built-in client in the past - probably because of that ProhibitIpSec
There is something weird about the way the Smart VPN Client manipulates it though. On Windows 7, if you ENABLE L2TP/LT2p over IPsec in the client, it works, but sets ProhibitIpSec
If you manually set ProhibitIpSec
The (same) Smart VPN Client on Windows 10 does not do this. Also, the L2TP support option changes from "
UPDATE - I've just discovered that there's a later version of Smart VPN Client than the one I'm using, so I'll have a look and see if it changes anything when I get a minute
Please Log in or Create an account to join the conversation.
- iamq-yesiam
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 68
- Thank you received: 0
13 Jul 2017 08:54 #89249
by iamq-yesiam
Replied by iamq-yesiam on topic Re: LAN -> WAN L2TP IPSec VPN Oddness
Did you mange to try the newer client out and any joy?
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
16 Jul 2017 14:14 #89261
by hornbyp
Replied by hornbyp on topic Re: LAN -> WAN L2TP IPSec VPN Oddness
I did try it, but didn't notice any differences.
Please Log in or Create an account to join the conversation.
- iamq-yesiam
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 68
- Thank you received: 0
18 Jul 2017 18:02 #89269
by iamq-yesiam
Replied by iamq-yesiam on topic Re: LAN -> WAN L2TP IPSec VPN Oddness
No worries - once I get some more time I'll have a play.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek