question

kaderkader-5406 avatar image
1 Vote"
kaderkader-5406 asked ricardosolisvillegas-4678 commented

problem connecting a VPN server with L2TP/IPSEC security

I just deployed a VPN server under Windows server 2019. My problem is this message during the connection: the l2tp connection attempt failed because the security layer encountered an error.

This test was done on the server itself locally, whereas with the connection in PPTP mode it works without any problem.

I would like to have your opinion please, because it is the first time that I do it with Windows. Usually I do it with Pfsense.

The machine is installed on hyper-v.

Thanks in advance!
Greeting.

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ricardosolisvillegas-4678 avatar image
0 Votes"
ricardosolisvillegas-4678 answered ricardosolisvillegas-4678 commented

@kaderkader-5406

Please confirm if the steps taken so far from you are the ones below:

-VPN Properties >>>>>>>>> Routing and Remote Access>>>>>>>>>Allow custom IPSec policy for L2TP/IKEv2 connection
-IPv4 tab >>>>>>>>> Enable IPv4 forwarding >>>>>>>>>Static address pool
-NAT tab >>>>>>>>> New interface >>>>>>>>> Public interface connected to Internet >>>>>>>>>Enable NAT on this interface
-Port tab >>>>>>>>> VPN Server(L2TP/IPSec on this server)
-Change IP address to 127.0.0.1
-Restart required
-Firewall settings configuration >>>>>> Inbound/outbound rules (allow Routing and remote access) >> Allow the connection
-VPN user profile set up (Allow the user connection)
-Recall to share the PSK(Preshared KEY with all users)

Looking forward to your feedback,

Cheers,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If after all those steps, you realize that the issue still happening I would recommend to use wireshark and share the pcap file please.

See you!

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·
ricardosolisvillegas-4678 avatar image ricardosolisvillegas-4678 ricardosolisvillegas-4678 ·

Hi again @kaderkader-5406

Almost forget.... If your server is behind a NAT devices you require to use NAT-T(NAT Traversal)...

See you!

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·

Hello,

yes, this is the correct configuration.

0 Votes 0 ·

Hi

Do you have any update on this?

Regards,

0 Votes 0 ·
kaderkader-5406 avatar image kaderkader-5406 ricardosolisvillegas-4678 ·

Just I downloaded the latest iso from the Microsoft site

0 Votes 0 ·
Show more comments
ricardosolisvillegas-4678 avatar image
0 Votes"
ricardosolisvillegas-4678 answered

Hello @kaderkader-5406

Thank you for your post.

If you made testing about it... I just wonder if there is NAT in between as well as the following settings are set up correctly:

server name/address
authentication method
User Credentials

Also, review the next article.

https://www.wintips.org/fix-the-l2tp-connection-attempt-failed-because-the-security-layer-encountered-a-processing-error-during-initial-negotiations-with-the-remote-computer-solved/

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

kaderkader-5406 avatar image
0 Votes"
kaderkader-5406 answered ricardosolisvillegas-4678 commented

Hello, yes the server is behind a Pfsense firewall.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @kaderkader-5406

Thank for your answer.

I wonder if you have any packet capture for this as well as logs...

BR,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·
kaderkader-5406 avatar image
0 Votes"
kaderkader-5406 answered ricardosolisvillegas-4678 commented

Tomorrow I will send you the screenshots.
greeting.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Many thanks and I shall wait for it.

BR,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.



0 Votes 0 ·
kaderkader-5406 avatar image
0 Votes"
kaderkader-5406 answered ricardosolisvillegas-4678 commented

205221-vpn-erreur.png



vpn-erreur.png (56.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello

Thank you for your details.

Please go throug this in order to get the issue solve.

https://windowsreport.com/vpn-error-789/

Looking forward to your feedback,

Best Regards,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 Vote 1 ·
ricardosolisvillegas-4678 avatar image
0 Votes"
ricardosolisvillegas-4678 answered

Hi @kaderkader-5406

I am hoping you were able to get this working as intended. Please let me know if anything else is required.

Best Regards,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

kaderkader-5406 avatar image
0 Votes"
kaderkader-5406 answered ricardosolisvillegas-4678 commented

for the moment I am doing the tests because it works well with windows server 2022 with the latest updates, on windows 10 it also works well with the latest updates but not with windows 2019 the problem still arises

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Understood.

Did you share the pcap file that I asked you previously?

BR,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·
ricardosolisvillegas-4678 avatar image ricardosolisvillegas-4678 ricardosolisvillegas-4678 ·

@kaderkader-5406

Do you have any chance to work now?

Looking forward to your feedback,

0 Votes 0 ·
kaderkader-5406 avatar image
0 Votes"
kaderkader-5406 answered ricardosolisvillegas-4678 commented

the problem came from PFSENS. Thanks for your help.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Many thanks for your update on this.

Your welcome @kaderkader-5406

Have a good one!!

Regards,

1 Vote 1 ·