09-04-2016 05:11 PM
Bought a few ER-X units for some remote site testing and I am working on setting up an L2TP VPN. I followed the instructions and everything committed just fine but the VPN on Windows 10 will not connect. Comes up with the following error:
"The L2TP connection attempt failed because the security layer encountered a processing error during the initial negotiations with the remote computer"
ANy thoughts? can provide any details needed....
09-07-2016 02:04 PM
09-06-2016 08:59 AM
Do other clients connect successfully? You might want to double check the pre-shared key is set properly. I believe in Windows it is on the Security tab for VPN settings and click advanced.
09-06-2016 10:16 AM
Hi @UBNT-Jordan, I am the only one trying to connect. I verified the key info and the remote settings on the router. The only config item i had concern with is the routing, I used the DHCP setting instead of the nexthop setting becuase we have a DHCP internet connection for these routers. Was that correct? This is the setup instructions i used.
09-07-2016 02:04 PM
09-07-2016 06:16 PM - edited 09-07-2016 06:34 PM
I was just about to mention that as well. I forgot what error I was receiving on Windows 10 but it was indeed due to MSCHAPv2 not being checked.
Here is how I have mine setup on Windows 10 (Anniversary Release)
Created connection in the Windows 10 GUI then opened network adapters and changed the properties as shown in the images below. This is working with me as well as a buddy of mine who connects up as well.
Exact CLI used for initial config (I have two static IP addresses, however my ISP assigns my public facing which is why you see the interface "pppoe0".
I essentially used the tutorial previously posted https://help.ubnt.com/hc/en-us/articles/204959404-EdgeMAX-Set-up-L2TP-over-IPsec-VPN-server and modified for my setup.
set vpn ipsec ipsec-interfaces interface pppoe0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
show vpn ipsec
set vpn l2tp remote-access outside-address 72.16.xx.xx
set vpn l2tp remote-access client-ip-pool start 172.16.4.20
set vpn l2tp remote-access client-ip-pool stop 172.16.4.30
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret hardPSK123
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username testuser password testuserpw
set vpn l2tp remote-access mtu 1492
set vpn l2tp remote-access dns-servers server-1 172.16.2.1
set vpn l2tp remote-access dns-servers server-2 184.108.40.206
show vpn l2tp remote-access
Firewall policies in the GUI for "WAN_LOCAL" or whatever you have it labeled as.
The two added are "Allow L2TP" and "AllowESP", I had allow ESP first which would cause the VPN to not connect.
09-07-2016 06:26 PM
windows 10 has lots of vpn issues. let me see if I can find some of the articles that helped me
If I'm calm, I'll be nice and if I'm nice...
I wont go to hell!
10-12-2016 01:22 PM
just had a strange probelm on my desktop while configuring the L2TP connection to my remote site. The desktop wouldn't connect while it had a static IP assigned to the ethernet adapter but when i changed it to DHCP then it connected no problem. Why would the static IP of my PCs ethernet adapter affect the remote connection? The VPN is considered another adapter...
10-12-2016 09:08 PM
Word of warning here, the GUI in Windows 10 for L2TP/IPSec VPN connections uses PEAP-MSCHAPv2 by default which isn't supported with the current pppd that the EdgeMax firmware uses.
PEAP-MSCHAPv2 doesn't work properly too with a RADIUS server as the current pppd doesn't support forwarding EAP-TLS based messages to the RADIUS server. There are known patches in Red Hat's Bugzilla that implements PEAP-MSCHAPv2 for RADIUS configurations but that patch isn't even applied to the current pppd that the EdgeMax ships with.
If you are courageous enough (albeit completely unsupported), you can compile the pppd with that patch applied on a Debian Wheezy MIPS machine, replace the pppd that the router had and attempt RADIUS based EAP-TLS or PEAP authentication with it.
03-23-2018 06:27 PM
I am having NO luck with my Win10 L2TP connection. I have followed all the various guides, made the registry change, ensured protocols on adapter etc. but to no avail. I am at witts end and admittidly have a low level of skills. Also I know the VPN is working as I can connect from my Android device with consistency.
A somewhat scrubbed config is attached. As most already know, the error message I get on the WIN10 machine is: "The L2TP connection attempt failed because the securigy layer encountered a processing error during inital negotiations with the remote computer."
Also note I have tried this on multiple WIN10 machines and also across several different networks to rule out other variables.
Thanks in advance to anyone willing to assist a NOOB.
03-27-2018 09:03 AM
Again, Android clients connect to the L2TP VPN just fine, and I have made the well documented changes to WIN10 machines for MS-CHAP v2 as well as the registry changes and done so on several machines and attempts to connect via different networks coming into the ER.
04-06-2018 09:54 AM
Tomadoggy, I'm in the exact same boat. I can connect with my iphone without issue, but I cant get a win10 or win7 PC to connect. I've tried the MSCHAP 2 setting and it didnt make any difference.
04-06-2018 04:52 PM
https://blogs.technet.microsoft.com/rrasblog/2009/08/12/troubleshooting-common-vpn-related-errors/ - look at point 5.
Hope it helps - if not, good luck, and please post back if you find your solution. Otherwise it might be better to start your own thread, since a lot of people doesn't read Solved threads.
04-07-2018 07:34 PM - edited 04-07-2018 07:35 PM
I’m having the same issues that Tomadoggy has. My iPhone connects but windows 10 doesn’t. I have the reg key added. I made sure the MS CHap is enabled. No luck.
i found this link as well and will try implementing that and check the firewall on the USG. But I’m running out of time with my client and may have to fire up a open vpn server which is overkill since it’s just a one man shop.
any help will be appreciated and if I find any success I’ll post the solution here.
04-07-2018 08:43 PM
Yes I keep reading that but sadly it’s not working for me. I have no idea what’s wrong but I’ve made sure that it selected.
the client has DDNS and the dsl modem is in pass through. I have public IP on USG.
i can connect with iPhone.
when I connect with laptop I get error. USG logs shows an attempt made. But the USG then “Ignores request with ID xxxxx, already processing.
I reset shared keys to simple passwords to test. Get positive result on iPhone and fails on laptop. Any help would be appreciated
04-07-2018 10:09 PM
I was getting event logs showing I connected but then I’d disconnect. Error 720 and 631.
I decided to refresh my network settings. I removed all vpn programs. Then went to device drivers and removed all mini ports and my wireless and Ethernet card drives. Then scanned the hardware and they all came back.
tested VPN and boom...connected...