10894 questions

12980 answers

20232 comments

26371 members

0 votes
131 views 1 comments
by

Hello to all, 

Recently i had an issue with VPN tunnel L2TP over IPSec. 

The configuration was used from Teltonika Wiki. 

I try to realise the remote VPN connection from Windows PC machine. 

I get the next issue " The L2TP Connection Attempt Failed Because the Security Layer Encountered a Processing Error" 

I Had on a Microsoft-CHAP and LCP Etensions also i re-enable the IPSec Windows services, but it didn't help. 

Could anybody help me with that issue?

 

1 Answer

0 votes
by

Hello,

I've managed to configure and connect to my RUT955 using L2TP/IPsec Windows client. I'll share some details from my end, perhaps it'll be enough to get you connected to your IPsec server. Please note, however, that encryption is hard-coded on the Windows client and it cannot be changed easily (requires some registry modification on Windows machine as far as I am aware). I'd highly recommend choosing another VPN protocol if you want or must use only specific encryption/hash and PFS methods.

Starting on the router, IPsec instance is configured as follows:

Instance settings

  • Remote endpoint - empty
  • Authentication method - Pre-shared key
  • Local identifier - %any
  • Remote identifier - %any
  • Multiple secrets - ON

Global secrets settings [add new] 
  • ID selector - %any
  • Type - psk
  • Secret - YourIPsecPassphrase

 Connection settings

  • Mode - Start
  • Type - Transport
  • Bind to - Select L2TP interface
  • Key exchange - IKEv1

Proposal settings

Any setting should work here, make sure to leave the "Force crypto proposal" unchecked unless you know specifically which encryption algorithm, authentication and DH group is used by the Windows client. If you want to force the crypto proposal on the server side, select the following settings:

PHASE 1

  • Encryption algorithm - AES 256
  • Authentication - SHA1
  • DH group - ECP384
PHASE 2
  • Encryption algorithm - AES 256
  • Hash algorithm - SHA1
  • PFS group - No PFS

I'm sure there are some other possible combinations but this is what both of my devices (server and client) negotiated automatically and, whenever I tried forcing proposal, the tunnel would establish successfully every time.

When configuring settings on Windows, you don't have to change any settings by default - all that needs to be done is:

  • Configure connection name (any string)
  • Configure IPsec server IP address (must be public or reachable by Windows client)
  • Select appropriate VPN type (L2TP/IPsec with pre-shared key for this configuration example)
  • Enter pre-shared key (passphrase)
  • Type of sign-in info - username and password (enter them in appropriate fields below) 

That should be it. Save & apply the settings on Windows workstation and try connecting to the IPsec server. The connection should be established shortly.

If this solves your issue or if you're still having difficulties, please let me know.

Best regards,

Tomas. 

by
Hello Tomas,

Thank you fro your answering.

Probably i try your configuration but my issue is still present.

Probably i cannot use my L2TP tunnel in IPSec configuration (Bind to option). There is nothing to choose as well.

I try to make a PPTP tunneling but this issue is still present. That is why i'm thinking that the main problem in my Windows machine.

Also i try to enable remote connection via HTTP to router's Web UI (because the main task is to assign the Web UI remotely) but my web browser doesn't assign it.