DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Problem wi L2TP/IPSEC VPN

More
08 Oct 2010 13:46 #64152 by echoes
Replied by echoes on topic Problem wi L2TP/IPSEC VPN
Hi to all,

L2TP over IPSec VPN works fine for me but with a strange problem.

I get the same error "Access denied because username and/or password is invalid on the domain" if for any reason the teleworker disconnected from VPN connection and change the IP from ISP, then try to connect again...

I use 3G connection (Vodafone) to connect to vigor 2930n but same thing happent also if I make a connection from a typical ADSL,connect to VPN,disconnect VPN,restart teleworker router to change IP and try to connect again to VPN.

If disconnect only the VPN connection and connected back again there are no errors.

I've tried almost all versions Smart VPN client that I found and had from the past without success.The latest one that I use is version 4.0.0.2

I found only one "tricky way" to solve temporary this problem.
Just mark & unmark the "PAP Authentication" at Smart VPN client :roll:

Vigor firmware version: 3.3.0

Any help will be appreciated !

Regards,
George

Please Log in or Create an account to join the conversation.

  • paul_rogers6
  • Topic Author
  • Offline
  • New Member
  • New Member
More
12 Oct 2010 12:38 #64220 by paul_rogers6
Replied by paul_rogers6 on topic Problem wi L2TP/IPSEC VPN
Dear All

I have managed, after a fashion, to fix the problem previously described.

Initially I checked the logs on the router and discovered that a message to the effect that "CHAP Authentication Failed" was being logged. I then tried enabling the "Authentication Method" and setting it to CHAP (on the client). This also failed.

I then upgraded the VPN client to 4.0.0.2 as suggested by Voodle. Still no luck, but enabling the "Authentication Method" and setting to CHAP then fixed the problem.

So, in summary the fix was to upgrade to 4.0.0.2 of the client and set the Authentication Method to CHAP (also on the client).

Regards

Paul

Please Log in or Create an account to join the conversation.

More
12 Oct 2010 13:50 #64225 by echoes
Replied by echoes on topic Problem wi L2TP/IPSEC VPN
Dear Paul,

at my case this didn't help.

I use 4.0.0.2 last two weeks but every time that teleworker change IP..the same error with or without authentication, PAP or CHAP :cry:
Also, even without authentication, L2TP use CHAP by default.

So, for now I've change the whole 'project' from L2TP to SSL...

Thanks for the feedback!

Regards,
George

Please Log in or Create an account to join the conversation.

More
22 Oct 2011 19:45 #69770 by captain-midnight
Replied by captain-midnight on topic Re: Problem wi L2TP/IPSEC VPN
Hi,

This info may or may not help, but I've just got a 2830 and correctly configured 3x remote dial-in users and find, out of the 3x users configured one 1x always authenticates and successfully connects via VPN using L2TP with IPSEC. The other 2x always complain of an incorrect username/password not valid on the domain - this error is completely misleading and not really what is going on at all.

All my testing has been conducted from the same remote site connected via single fixed ADSL, to a central site where the router is located with a fix ISP IP address.

I'm going to play with the CHAP/MS-CHAP settings on both router and client to see if I can remove this issue.

Please Log in or Create an account to join the conversation.

More
23 Oct 2011 12:17 #69773 by captain-midnight
Replied by captain-midnight on topic Re: Problem wi L2TP/IPSEC VPN
Update on previous post.

The original posters error message is issued by windows pc's as a mask for completely different errors. I've had this message alot and it was ONLY related to issues with encryption algorythems selected NOTHING to do with username/password issues.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami