Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1265
Views
0
Helpful
2
Replies

Cisco RV340 Error connecting clients to L2TP server

VyacheslavTuchkov94367
Level 1
Level 1

‎05-15-2021 01:22 PM

Hello

An L2TP server is configured on the Cicso RV340, a separate IPSec profile for clients is set up (screenshots l2tp_server and l2tp_profile)
Clients under Windows connected without problems (client settings in the win_client screenshot).
But clients on MacOS did not connect, which is why the Client - to - Site VPN was configured on the router.

After that, L2TP clients stopped connecting, error 789 from the client's side.
The logs of RV340 contain the following entries (screenshot log_rv340):

2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [IKE] ID_PROT request with message ID 0 processing failed
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [NET] sending packet: from 188.235.1.195 [500] to 213.159.206.154 [4] (76 bytes)
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [ENC] generating INFORMATIONAL_V1 request 3826952141 [HASH N (PLD_MAL)]
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [IKE] message parsing failed
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [ENC] could not decrypt payloads
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [ENC] Invalid HASH or PSK!
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [ENC] invalid ID_V1 payload length, decryption failed?
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [NET] received packet: from 213.159.206.154 [4500] to 188.235.1.195 [4500] (76 bytes)

Client - to - Site VPN has been disabled, but L2TP clients still won't connect. 

Could it also be related to the fact that the router has a GRE tunnel?

I cannot reset the configuration of the router. it is under construction. Is it possible to fix L2TP connectivity without drastic measures?

Labels:
Preview file
77 KB
Preview file
376 KB
Preview file
417 KB
Preview file
667 KB
0 Helpful
2 Replies 2

nagrajk1969
Spotlight
Spotlight

‎05-15-2021 05:59 PM

can you set the authentication to PAP on the Mac-l2tp-ipsec clients? The server (and the windows clients) uses PAP for auth

 

 

0 Helpful

VyacheslavTuchkov94367
Level 1
Level 1

‎05-15-2021 06:55 PM - edited ‎05-15-2021 07:00 PM

Windows clients use PAP type authentication (win_pap screenshot)

Unfortunately macOS doesn't allow PAP selection. For this reason, Client-to-Site was chosen because MacOS allows VPN Cisco IPSec.

The result should have been:
- L2TP would be used by Windows clients
- C-t-S would be used by MacOS clients

But due to an error when connecting to the L2TP server, now even Windows clients do not work.

Preview file
20 KB
0 Helpful
Customers Also Viewed These Support Documents