none
Problem on VPN RRS feed

  • Dotaz

  • Hi everyone!

    I just Set up an L2TP VPN Server on Windows Server 2012 but I don't manage to enter.

    The UDP ports are opened, 500 and 4500 only on the router and 1701 only the firewall.

    I set up the shared key but when I try to connect from a client, after about 30' of loading, the connection simply is not achieved, without error messages.

    I visited the log page and i have only these few lines:

    "SRVNEO","RAS",06/06/2020,11:29:27,4,,,,,,,,"192.168.1.8",,,"192.168.1.8",,,,,,,,,,0,,,,,,8,,,,"1",,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,
    "SRVNEO","RAS",06/06/2020,11:29:28,4,,,,,,,,"192.168.1.8",,,"192.168.1.8",,,,,,,,,,0,,,,,,7,,,,"1",,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,
    "SRVNEO","RAS",06/06/2020,11:32:34,4,,,,,,,,"192.168.1.8",,,"192.168.1.8",,,,,,,,,,0,,,,,,8,,,,"1",,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,
    "SRVNEO","RAS",06/06/2020,11:32:39,4,,,,,,,,"192.168.1.8",,,"192.168.1.8",,,,,,,,,,0,,,,,,7,,,,"1",,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,

    Do you have any suggestions?

    sobota 6. června 2020 9:52

Všechny reakce

  • Hi ,

    >>The UDP ports are opened, 500 and 4500 only on the router and 1701 only the firewall.

    I noticed that you only open UDP 500 & 4500 on the router and only open 1701 on the firewall.

    The ports needed to be both open on your router and the Server's firewall for the L2TP protocol to work are as follows:

    UDP 500
    UDP 4500
    TCP 1701

    ESP (value 50)  

    For your reference:

    L2TP VPN Using Microsoft RRAS

    Which ports to unblock for VPN traffic to pass-through?

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    pondělí 8. června 2020 2:53
    Moderátor
  • Ok. The UDP and TCP ports are now opened but how could i enable ESP (value 50)?

    Can I read any log to understand why the VPN is not working?

    pondělí 8. června 2020 10:20
  • Hi ,

    As the picture below, you can create custom rule and then enable IP protocol number 50:

    For your reference:

    Protocol Numbers

    If you still cannot connect VPN, please check the event log to see if there are something related for us to troubleshooting.

    Also, temporally disable firewall to narrow the issue, if the problem still happens, then the issue should not be related with firewall.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   


    středa 10. června 2020 6:20
    Moderátor
  • Hi ,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                   

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    pátek 12. června 2020 3:18
    Moderátor
  • I disabled the firewall but nothing changed.

    The log file looks similat to the one attached in the first post. Can you help me to interpret?

    pátek 12. června 2020 5:43
  • Hi ,

    Please post the error message from event log, this can help us troubleshooting better.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    pátek 12. června 2020 6:24
    Moderátor
  • Maybe the problem is here: "[needed] secondary WAN address for all L2TP related connections."

    I have only a WAN address (xxx.ddns.net)

    In the client side i have this error:

    Nothing on the server side, event viewer window


    neděle 14. června 2020 15:09
  • Hi ,

    You might run the following from an elevated command prompt and reboot your machine:

    REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

    Here is a similar thread discussed before, you could have a look:

    Configure IPsec/L2TP VPN Clients

    L2TP/IPsec VPN fails to connect on Windows 10 - Works fine on iOS

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope this can help you.

    Best Regards,

    Candy




    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   


    středa 17. června 2020 3:13
    Moderátor
  • It didn't solve my problem.

    What about this step? How can i set up this?

    2. Be sure to use a different public IP address for your L2TP traffic as the primary WAN IP cannot be used for this purpose. This is mainly because if you do have VPN tunnels active on your router, the ports 500 and 4500 will be prioritized for the tunnels and won't be available to use for the L2TP traffic. So configure a secondary WAN address for all L2TP related connections.

    pondělí 22. června 2020 19:16