View Single Post
  #2  
Old May 6th 20, 03:14 PM posted to uk.telecom.broadband
Martin Brown[_2_]
external usenet poster
 
Posts: 244
Default W10 L2TP question

On 06/05/2020 14:44, Graham J wrote:
Two virtually identical laptops trying to connect via a dial-up VPN
using L2TP - one connects - the other fails.* I have syslog output from
the Vigor router that they try to connect with.

Both laptops are apparently fuly up-to-date.

Reference Judy: Windows 10 Build 1909 version 18363.778 - this one works

Reference Simon: Windows 10 Build 1909 version 18363.815 - this one fails.

Both are sitting side by side on the same table.

Both connect by WiFi to the same router.

Both can be made to work if they and the router are configured for PPTP;
but not if they and the router are configured for L2TP.

Both have the same configuration for the VPN, checked by comparing the
setup screens, parameter by parameter:

Username
Password
IP address of target router
PPP settings have "Enable LCP Extensions" checked
Security: L2TP/IPSec - advanced = Use certificate
Data encryption = Optional
Use EAP = No
Allow protocols CHAP and MS-CHAP-V2

Target router is Vigor 2860 (but same problem occurs with a V2832).
Setting is:
VPN remote access: PPTP, IPSec, L2TP
IPSec General: certificate = None, Method, Basic, AH = Enable
Dial-in user: Type = L2TP, IPSec policy = None
Username & Password.

Syslog on V2860:

For good connection: Judy - starts with

141May* 6 12:09:52 V2860n: L2TP == Control(0xC802)-L-S Ver:2 Len:97,
Tunnel ID:0, Session ID:0, Ns:0, Nr:0

141May* 6 12:09:52 V2860n: L2TP client from 213.205.192.17:62117 ...

141May* 6 12:09:52 V2860n: L2TP == Control(0xC802)-L-S Ver:2 Len:103,
Tunnel ID:6, Session ID:0, Ns:0, Nr:1

... and continues to show the connection being established.


For failing connection: Simon - starts with

141May* 6 12:13:23 V2860n: IKE ==, Next Payload=ISAKMP_NEXT_SA,
Exchange Type = 0x2, Message ID = 0x0

141May* 6 12:13:23 V2860n: Responding to Main Mode from 213.205.192.17

141May* 6 12:13:23 V2860n: Matching General Setup key for dynamic ip
client...


[snip]

The only common parameter is the IP address of the originating site.

The two laptops are clearly behaving very differently.* But I can't see
any difference between them.

Any ideas?


Can you back up Simon and then use a restore point to take it back to
18363.778?

Or more risky backup Judy create a restore point and then and advance it
to .815. Might be worth looking for any known VPN SNAFUs in MSKB.

Or find yet another laptop and test the VPN connectivity with that at
progressively more updates applied until it fails.


--
Regards,
Martin Brown