cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

518
Views
0
Helpful
2
Replies

Cisco RV340 Error connecting clients to L2TP server

Hello

An L2TP server is configured on the Cicso RV340, a separate IPSec profile for clients is set up (screenshots l2tp_server and l2tp_profile)
Clients under Windows connected without problems (client settings in the win_client screenshot).
But clients on MacOS did not connect, which is why the Client - to - Site VPN was configured on the router.

After that, L2TP clients stopped connecting, error 789 from the client's side.
The logs of RV340 contain the following entries (screenshot log_rv340):

2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [IKE] ID_PROT request with message ID 0 processing failed
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [NET] sending packet: from 188.235.1.195 [500] to 213.159.206.154 [4] (76 bytes)
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [ENC] generating INFORMATIONAL_V1 request 3826952141 [HASH N (PLD_MAL)]
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [IKE] message parsing failed
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [ENC] could not decrypt payloads
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [ENC] Invalid HASH or PSK!
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [ENC] invalid ID_V1 payload length, decryption failed?
2021-May-15, 17:09:10 MSK
info
vpn
charon: 15 [NET] received packet: from 213.159.206.154 [4500] to 188.235.1.195 [4500] (76 bytes)

Client - to - Site VPN has been disabled, but L2TP clients still won't connect. 

Could it also be related to the fact that the router has a GRE tunnel?

I cannot reset the configuration of the router. it is under construction. Is it possible to fix L2TP connectivity without drastic measures?

2 REPLIES 2
nagrajk1969
Enthusiast

can you set the authentication to PAP on the Mac-l2tp-ipsec clients? The server (and the windows clients) uses PAP for auth

 

 

Windows clients use PAP type authentication (win_pap screenshot)

Unfortunately macOS doesn't allow PAP selection. For this reason, Client-to-Site was chosen because MacOS allows VPN Cisco IPSec.

The result should have been:
- L2TP would be used by Windows clients
- C-t-S would be used by MacOS clients

But due to an error when connecting to the L2TP server, now even Windows clients do not work.