Reply
Regular Member
Posts: 332
Registered: ‎06-07-2015
Kudos: 62
Solutions: 4
Accepted Solution

L2tp connection failing

Bought a few ER-X units for some remote site testing and I am working on setting up an L2TP VPN.  I followed the instructions and everything committed just fine but the VPN on Windows 10 will not connect.  Comes up with the following error:

 

"The L2TP connection attempt failed because the security layer encountered a processing error during the initial negotiations with the remote computer"

 

ANy thoughts?  can provide any details needed....

 


Accepted Solutions
Ubiquiti Employee
Posts: 2,706
Registered: ‎10-05-2015
Kudos: 1018
Solutions: 221

Re: L2tp connection failing

Hi @Novais DDNS and dhcp interface eth0 should be fine for the settings. For Windows 10 can you go to properties for the VPN interface > security, and make sure that MSCHAPv2 is checked?

View solution in original post


All Replies
Ubiquiti Employee
Posts: 2,706
Registered: ‎10-05-2015
Kudos: 1018
Solutions: 221

Re: L2tp connection failing

Do other clients connect successfully? You might want to double check the pre-shared key is set properly. I believe in Windows it is on the Security tab for VPN settings and click advanced.

Regular Member
Posts: 332
Registered: ‎06-07-2015
Kudos: 62
Solutions: 4

Re: L2tp connection failing

Hi @UBNT-Jordan, I am the only one trying to connect.  I verified the key info and the remote settings on the router.  The only config item i had concern with is the routing, I used the DHCP setting instead of the nexthop setting becuase we have a DHCP internet connection for these routers.  Was that correct?   This is the setup instructions i used.

https://help.ubnt.com/hc/en-us/articles/204959404-EdgeMAX-Set-up-L2TP-over-IPsec-VPN-server

 

Regular Member
Posts: 332
Registered: ‎06-07-2015
Kudos: 62
Solutions: 4

Re: L2tp connection failing

I also have the VPN in Windows 10 to connect via a DDNS address rather than the IP.  I tried the IP direct but with the same results.

Ubiquiti Employee
Posts: 2,706
Registered: ‎10-05-2015
Kudos: 1018
Solutions: 221

Re: L2tp connection failing

Hi @Novais DDNS and dhcp interface eth0 should be fine for the settings. For Windows 10 can you go to properties for the VPN interface > security, and make sure that MSCHAPv2 is checked?

New Member
Posts: 26
Registered: ‎06-01-2015
Kudos: 25

Re: L2tp connection failing

[ Edited ]

I was just about to mention that as well.  I forgot what error I was receiving on Windows 10 but it was indeed due to MSCHAPv2 not being checked.

 

Here is how I have mine setup on Windows 10 (Anniversary Release)

Created connection in the Windows 10 GUI then opened network adapters and changed the properties as shown in the images below.  This is working with me as well as a buddy of mine who connects up as well.  

Windows 10 - 1.PNGWindows 10 - 2.PNGWindows 10 - 3.PNG

 

Exact CLI used for initial config (I have two static IP addresses, however my ISP assigns my public facing which is why you see the interface "pppoe0".

 

I essentially used the tutorial previously posted https://help.ubnt.com/hc/en-us/articles/204959404-EdgeMAX-Set-up-L2TP-over-IPsec-VPN-server and modified for my setup.

 

configure
set vpn ipsec ipsec-interfaces interface pppoe0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
show vpn ipsec
set vpn l2tp remote-access outside-address 72.16.xx.xx
set vpn l2tp remote-access client-ip-pool start 172.16.4.20
set vpn l2tp remote-access client-ip-pool stop 172.16.4.30
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret hardPSK123
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username testuser password testuserpw
set vpn l2tp remote-access mtu 1492
set vpn l2tp remote-access dns-servers server-1 172.16.2.1
set vpn l2tp remote-access dns-servers server-2 8.8.8.8
commit
show vpn l2tp remote-access

 

Firewall policies in the GUI for "WAN_LOCAL" or whatever you have it labeled as.

Firewall.PNG

 

The two added are "Allow L2TP" and "AllowESP", I had allow ESP first which would cause the VPN to not connect.

 

Established Member
Posts: 1,868
Registered: ‎05-01-2013
Kudos: 388
Solutions: 50

Re: L2tp connection failing

windows 10 has lots of vpn issues. let me see if I can find some of the articles that helped me

If I am drunk, ill be calm.
If I'm calm, I'll be nice and if I'm nice...
I wont go to hell!
New Member
Posts: 26
Registered: ‎06-01-2015
Kudos: 25

Re: L2tp connection failing

Side note, you can also change/view the config if you already have it setup in the GUI by clicking "Config Tree" and drilling down in "VPN".

Regular Member
Posts: 332
Registered: ‎06-07-2015
Kudos: 62
Solutions: 4

Re: L2tp connection failing

Thanks Everyone!!  The change of the MSCHAP-V2 in the VPN properties made it work.  Thanks for all the help.

Regular Member
Posts: 332
Registered: ‎06-07-2015
Kudos: 62
Solutions: 4

Re: L2tp connection failing

just had a strange probelm on my desktop while configuring the L2TP connection to my remote site.  The desktop wouldn't connect while it had a static IP assigned to the ethernet adapter but when i changed it to DHCP then it connected no problem.  Why would the static IP of my PCs ethernet adapter affect the remote connection?  The VPN is considered another adapter...

Member
Posts: 107
Registered: ‎05-22-2014
Kudos: 94
Solutions: 3

Re: L2tp connection failing

Word of warning here, the GUI in Windows 10 for L2TP/IPSec VPN connections uses PEAP-MSCHAPv2 by default which isn't supported with the current pppd that the EdgeMax firmware uses.

 

PEAP-MSCHAPv2 doesn't work properly too with a RADIUS server as the current pppd doesn't support forwarding EAP-TLS based messages to the RADIUS server. There are known patches in Red Hat's Bugzilla that implements PEAP-MSCHAPv2 for RADIUS configurations but that patch isn't even applied to the current pppd that the EdgeMax ships with.

If you are courageous enough (albeit completely unsupported), you can compile the pppd with that patch applied on a Debian Wheezy MIPS machine, replace the pppd that the router had and attempt RADIUS based EAP-TLS or PEAP authentication with it.

New Member
Posts: 11
Registered: ‎11-18-2016
Solutions: 1

Re: L2tp connection failing

I am having NO luck with my Win10 L2TP connection.  I have followed all the various guides, made the registry change, ensured protocols on adapter etc. but to no avail. I am at witts end and admittidly have a low level of skills.  Also I know the VPN is working as I can connect from my Android device with consistency.

 

A somewhat scrubbed config is attached.  As most already know, the error message I get on the WIN10 machine is: "The L2TP connection attempt failed because the securigy layer encountered a processing error during inital negotiations with the remote computer."

 

Also note I have tried this on multiple WIN10 machines and also across several different networks to rule out other variables.

 

Thanks in advance  to anyone willing to assist a NOOB.

 

New Member
Posts: 11
Registered: ‎11-18-2016
Solutions: 1

Re: L2tp connection failing

I would hate to start another thread on this well discussed topic, hoping that someone can assist. I have redone all the rules and configuration again in the hopes that this would fix the issue, but it did not.

Again, Android clients connect to the L2TP VPN just fine, and I have made the well documented changes to WIN10 machines for MS-CHAP v2 as well as the registry changes and done so on several machines and attempts to connect via different networks coming into the ER.
New Member
Posts: 1
Registered: ‎12-07-2017

Re: L2tp connection failing

Member
Posts: 219
Registered: ‎02-12-2013
Kudos: 69
Solutions: 18

Re: L2tp connection failing

I don't have Windows, so just searched what I could find, and it looks like some double NAT might be causing this and/or disabled services in Windows:
https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/96945/vpn-l2tp-issue-with-...
https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/ - look at point 5.
Hope it helps - if not, good luck, and please post back if you find your solution. Otherwise it might be better to start your own thread, since a lot of people doesn't read Solved threads.
New Member
Posts: 3
Registered: ‎11-11-2017

Re: L2tp connection failing

[ Edited ]

I’m having the same issues that Tomadoggy has.   My iPhone connects but windows 10 doesn’t.   I have the reg key added.  I made sure the MS CHap is enabled.   No luck.

 

i found this link as well and will try implementing that and check the firewall on the USG.  But I’m running out of time with my client and may have to fire up a open vpn server which is overkill since it’s just a one man shop.

 

any help will be appreciated and if I find any success I’ll post the solution here.

Regular Member
Posts: 738
Registered: ‎11-06-2013
Kudos: 229
Solutions: 26

Re: L2tp connection failing

Windows 10 works fine as long as you change the adapter to use MS-CHAP v2. It is not enabled by default.

 

Selection_403.png

Selection_405.png

Selection_406.png

This setting. The second radio button is not checked by default.

Selection_408.png

New Member
Posts: 3
Registered: ‎11-11-2017

Re: L2tp connection failing

Yes I keep reading that but sadly it’s not working for me.   I have no idea what’s wrong but I’ve made sure that it selected.

 

the client has DDNS and the dsl modem is in pass through. I have public IP on USG.

 

i can connect with iPhone.

 

when I connect with laptop I get error.  USG logs shows an attempt made.  But the USG then “Ignores request with ID xxxxx, already processing.

 

I reset shared keys to simple passwords to test.  Get positive result on iPhone and fails on laptop.  Any help would be appreciated 

 

thanks

New Member
Posts: 3
Registered: ‎11-11-2017

Re: L2tp connection failing

Working now.   

 

I was getting event logs showing I connected but then I’d disconnect.  Error 720 and 631.

 

I decided to refresh my network settings.  I removed all vpn programs.  Then went to device drivers and removed all mini ports and my wireless and Ethernet card drives.  Then scanned the hardware and they all came back.

 

tested VPN and boom...connected...

New Member
Posts: 2
Registered: ‎04-22-2016

Re: L2tp connection failing

I know this is an old thread but I have been banging my head against the wall trying to troubleshoot the same issue with a Windows 10 1803 client. Having the same problem. This computer is set with a static IP address and has been for a long time. I just now changed it to dhcp and my VPN connection worked. Change it back to static and it stops working. I do find that if I change it back to static and issue an ipconfig /flushdns it works sometimes but not reliably. Not sure what to think about this. Anyone with any fresh ideas?

Reply