L2TP VPN on USG - quick how-to - ZyXEL | DSLReports Forums (Page 3)

Author	All Replies
Rogier @xs4all.nl	reply to Rogier Re: L2TP VPN on USG - quick how-to As an update to the above: I just checked on my Apple devices, and find they connect to 10.64.64.64 as an IP address. Strange, as that is not my WAN IP. Any idea to whether this is normal?
	to forum · permalink · 2012-03-31 10:18:03 ·
bigboy join:2000-12-04 Palo Alto, CA Reviews: ·SONIC.NET	reply to Brano L2TP_POOL required? Quick question - I am able to get things working with the example here (and in the Zyxel doc). The examples always use a separate subnet for L2TP connections, which I'm sure is best practices, but would L2TP work if I have the connections use, say, LAN1? The reason why I'm asking is that the only way I can get things to work on my Macbook (Lion) is if I have all my traffic through the VPN tunnel. I suspect that I might have to manually add a route to push LAN1 packets through my L2TP_POOL address on my laptop, whereas if I was already on a LAN1 address, the subnetting makes it work automagically. I guess I could try it, but I'm afraid of breaking it after my glitch and lost configuration from a few weeks ago. Better ask first than be sorry!
	to forum · permalink · 2012-04-06 17:39:23 ·
RemoteMike join:2012-04-12	reply to Brano Re: L2TP VPN on USG - quick how-to Brano! Than you very much for this great how-to. Its the best I found, now that I am searching a week to help me get my USG 20W ZDL 3.0 work with L2tp. Anyway I am somehow too stupid to get it right. It would be great if you can give me one further hint. 1. I keyed in the whole configuration as you described. Including you firewall rules, and all objects. 2. A. With the build in OSX 10.7.3 VPN Client: I get 12.04.12 07:57:51.432 racoon: IKE Packet: receive success. (Information message). 12.04.12 07:57:54.435 racoon: IKE Packet: transmit success. (Phase1 Retransmit). 12.04.12 07:57:54.458 racoon: IKE Packet: receive success. (Information message). 12.04.12 07:57:57.461 racoon: IKE Packet: transmit success. (Phase1 Retransmit). 12.04.12 07:57:57.482 racoon: IKE Packet: receive success. (Information message). 12.04.12 07:58:09.493 racoon: IKE Packet: transmit success. (Phase1 Retransmit). 12.04.12 07:58:09.514 racoon: IKE Packet: receive success. (Information message). 12.04.12 07:58:12.000 kernel: Validation failed, dataSuffix: 12.04.12 07:58:12.000 kernel: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12.04.12 07:58:12.000 kernel: vnode_validate_compressed_file_Type4 error: 22 12.04.12 07:58:12.000 kernel: Validation failed, dataSuffix: 12.04.12 07:58:12.000 kernel: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12.04.12 07:58:12.000 kernel: vnode_validate_compressed_file_Type4 error: 22 12.04.12 07:58:18.215 pppd: IPSec connection failed B. With the ipsecuritas »www.lobotomo.com/products/IPSecuritas/ Client I get a similar error: Authentication failed C. With the iPhone iOS 5.1 it times out. On the USG 20W it is always the same: IKE - Process is trying 3 times. It shows the cookie pairs =x012345678/x012345678 Then it says "Authentication failed" probably due to mismatch in shared secret. What I did: I tried different pre-shared keys - with/without numbers and then HEX: 0x12345678 etc. No success - always the same errors I checked the encryption, DH-group, Hash-types - no success. I cannot believe I do not manage to get Phase1 running :-( Should I reflash the firmware of the USG? Any hint is more than welcome. Thanx
	to forum · permalink · 2012-04-12 08:24:39 ·
Brano I hate Vogons Premium,MVM join:2002-06-25 Burlington, ON kudos:6	Unfortunately I don't have OSX or iOS to test this with so hopefully someone else with OSX experience can pitch in. From what I'm seeing is that you indeed seem to have Pre-shared key mismatch. ... check it again on both sides.
	to forum · permalink · 2012-04-12 10:05:09 ·

RemoteMike join:2012-04-12	Thank you for the quick response - I cross my fingers, hope for the best and will keep digging into that matter.
	to forum · permalink · 2012-04-12 16:15:28 ·
mbaran @rr.com	reply to Brano I've followed this guide to a T on a USG 20 with the new 3.0 firmware which allows for L2TP. I am getting the error message of SPI: 0x0 SEQ 0x0 No rule found, Dropping packet [count=xx]. I can sign on fine, and I get an IP within the subnet I chose, but from there it does nothing. I cannot ping any of the servers, nor can I browse out to the internet.
	to forum · permalink · 2012-04-12 18:06:51 ·
Anav Sarcastic Llama? Naw, Just Acerbic Premium join:2001-07-16 Dartmouth, NS kudos:3	reply to Brano Brano I have an IMAC at home, and would like to test to see if I can connect to you over ssl vpn. Are you up to the idea.........
	to forum · permalink · 2012-04-12 18:27:38 ·
mbaran @rr.com	reply to mbaran I solved my own issue. The remote network and my local network were both on the 192.168.1.0/24 network. This was causing funny issues with routes. I logged in from a MiFi which was the 192.168.0.0/24 network and all was well. Thanks for the tutorial!
	to forum · permalink · 2012-04-13 16:40:27 ·
Anav Sarcastic Llama? Naw, Just Acerbic Premium join:2001-07-16 Dartmouth, NS kudos:3	reply to Brano Regarding L2TP over ipsec for the MAC. One of the steps I have seen is to ensure its at the top of the services running ..... Network tab sprocket symbol at the bottom to open it up. (speaking about the mac os x part)
	to forum · permalink · 2012-04-13 18:10:15 ·

Equipment Support > Hardware By Brand > ZyXEL > L2TP VPN on USG - quick how-to

Re: L2TP VPN on USG - quick how-to

L2TP_POOL required?

Re: L2TP VPN on USG - quick how-to