dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6014
share rss forum feed

pedrinhokt

join:2013-03-06
Framingham, MA

USG20 L2TP VPN works via win xp fine, but not Win 7 x64 sp2

Here is the situation. I have a USG20 setup with l2tp VPN according to February user manual release. I do not need to connect smart phones to it. It is running the latest v3 q4 firmware. I am able to connect to the VPN and RDP into my server from any computer running Windows XP. I cannot get it to connect with Windows 7 PRO. I have the firewall disabled now on the router and on the local windows 7 computer, and still can't connect. I am even able to connect to the VPN on Windows 7 if I am WITHIN the same network, but not outside the network. I am able to connect from outside the network via XP mode on the very same computer I cannot connect on Win 7 pro. I have done a clean install of windows on the machine to make sure it's not an AV or anything else causing issues. I have spent 3-4 days on this forum I swear looking for answers but nobody seems to have "the" same issue. Any suggestions? Please... Thanks in advance


asgatlat

join:2012-05-10
France

what is the message error you get on win 7 when you try to connect on vpn (outside the same network) ?


pedrinhokt

join:2013-03-06
Framingham, MA

error 789 (pictured) Thanks again very much for your help

asgatlat

join:2012-05-10
France

sorry for my capture that's in french, but be sur to have PAP activated


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
reply to pedrinhokt

Fix your Phase 1 and Phase 2 according to this »L2TP VPN on USG - quick how-to (Win7 updated)


pedrinhokt

join:2013-03-06
Framingham, MA

still getting error 789... arghhhh the thing that drives me crazy is that it works with Win XP from outside and works with Win7 within the network, so everything is setup sort of right... there's just like one TINY little thing somewhere causing this....

I do have it setup according to the manual, and not according to Brano's L2TP VPN on USG.... I will try that later today or early tomorrow and see if works. I will post the result. Thanks again very much for your input.


pedrinhokt

join:2013-03-06
Framingham, MA

1 edit

Brano,

I tried your L2TP VPN on USG tutorial... with updated windows 7 phase 1 and phase 2 and I have the same result. Connects with Windows XP perfect, inside and outside the network. Connects with Windows 7 only inside the network, not outside the network. Same error 789... thankfully there are no bridges or high rise buildings anywhere near my home or office (to jump off of).... this is going to drive me crazy... any other ideas? Again.. Thanks in advance. I can't thank you or anybody else in this forum enough for any help...

edit 11:24pm: i was beginning to think that maybe this firewall was bad... I have another office setup with the same firewall, so I remoted in to that office and setup a vpn there with the same result, I find it hard to believe that both boxes are bad.


caremc

join:2013-04-20
Covington, KY

Hello,
I'm experiencing the same as above, but with a Zyxel USG 200 (latest fw), and Windows 7 64 bit as you wrote.

Error 789 in the Event Viewer, doesn't matter how many different parameters I'm trying out.

Didn't try on Windows XP, though, will post back after doing it so we can be sure it's the same issue for both.

I bookmarked this post, let's hope any of us finds a solution and report back here!



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

1 edit

Although I run linux as primary I've rebooted to my Windows 7 Premium Home SP1 today to test the L2TP VPN and it works with my original settings as posted here »L2TP VPN on USG - quick how-to (Win7 updated)


Win7 VPN settings


Either there's some difference between Win7 Home & Pro or you have something miss-configured or there's some bug we're not aware of.

beedix

join:2013-04-22

I'm also in the same boat except with a USG 50. I've followed the steps Brano outlined and the result in the same (789 error).

Connecting through my iPhone works perfectly, however.


JPedroT

join:2005-02-18
kudos:1
reply to pedrinhokt

Did anybody try to enable logging and look at what the logs says?



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

1 edit
reply to beedix

How do you all test the VPN connection?

You have to test it from WAN side! i.e. from office, internet coffee or a friend's house or (what I do) turn on your wifi hotspot on your android or iphone, connect your PC to it (make sure cable is unplugged and that your wifi is indeed connected to your phone). This way you go out through 3g/4g network and back in through your WAN interface.
Testing from inside LAN even with loopback on won't work.


beedix

join:2013-04-22
reply to JPedroT

JPedroT, I did try to enable logging. The log file was enormous (even when clearing it just before the connection attempt) and didn't provide any tidbits. I found the debug line with the passed error value of 789 but the surrounding debug lines offered no information.

Brano, I tried two different ways with the same results:
1) At my work\office. I'm on a domain in this case so initially I suspected policy firewall could be of issue even though I didn't see anything in the domain firewall rules that would prevent the connection.
2) I used a Wifi hotspot as well (T-Mobile 4G) and my results were identical. Pretty handy to have one of these around for testing the firewall and routing.

I wonder if there is a better way to log the windows end in a more useful manor. I know the Zyxel Ipsec VPN client has a console and the Shrew client looks like it has a trace logger of some sort. I'd really like to get to the bottom of this. I'd post screenshots of everything, but the fact that the iOS connection works perfectly and I've replicated the settings from Brano's link leads me to believe this would not add much value.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

On Windows are you using Shrew client or native Windows VPN?
I've tested only with native Windows VPN client.


beedix

join:2013-04-22

Brano, for the L2TP VPN that I'm trying to get working, I use Windows VPN client.

I have had Shrew and Zyxel's clients installed when setting up the Ipsec VPN which works fine, by the way. These clients were only installed on my work PC.

As for the L2TP VPN client (Windows 7 x64), I've tried on not only my work computer, but on a laptop (using hotspot) and another home computer (using hotspot) all running Windows 7 x64 and all producing the same error. These computers do\did not have other Ipsec VPN clients installed.


JPedroT

join:2005-02-18
kudos:1
reply to pedrinhokt

Brano your Win7 is it x64 or x32?



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

Windows 7 Premium Home SP1 x64


pedrinhokt

join:2013-03-06
Framingham, MA
reply to JPedroT

By the way. I spent about a week trying to get this to work, and then I just stopped trying and decided to use the SSL vpn. I only needed one user to access the network, so it was ok. However, I do have a second user that will need access, so figuring this out would be nice so I don't have to buy a SSL license. I had to deploy the USG 20 at the client's side, so I just ordered a brand new USG 20 and once it comes in I will continue this quest. I could just buy a ASA505 but with the higher cost and additional license for users (20-25 network users), it gets expensive quick! Thanks again.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to pedrinhokt

It works for me using smartphone. I have not tried it externally with a computer but do have a cwappy ole netbook running windows that I could test with.


beedix

join:2013-04-22
reply to Brano

Well, I've been able to replicate the problem which appears to be a conflict between the Zyxel ipsec VPN client (or the underlying greenbow components) and the windows L2TP client. I can "fix" the 789 problem consistently and replicate it consistently.

Here are the steps that I use to show the conflict:

1) I setup the L2TP connection on a fresh Windows 7 SP1 install. Works great.
2) I close the L2TP tunnel.
3) I install Zyxel ipsec VPN client v3.1.204.61.64 but do not open a tunnel or setup a connection (this is the latest 64-bit version from the website)
4) I attempt to reopen the L2TP connection. I get error 789
5) I uninstall Zyxel ipsec VPN client.
6) I attempt to reopen the L2TP connection. I get error 789
7) I reboot.
8) I open the L2TP connection. Works Great



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

Just use Win7 native VPN client.

...glad to hear that you've resolved it


mejohnm

join:2013-01-20

I second this. I also went through a good week figuring this stuff out. The Win7 native VPN client works great.


beedix

join:2013-04-22
reply to Brano

In my case, I need both clients depending on the work I'm performing. Uninstalling\Re-installing is kind of ridiculous.

I use the L2TP connection for basic security. But I need straight ipsec for connection to one of my work clients.

So I don't have the option to just use what is built into windows unfortunately.

I was hoping to use the ZyXEL ipsec client. Thats obviously not an option. Nor is TheGreenBow. The only option that seems to work is Shrew's ipsec VPN. That client can be installed and not impact the windows built-in L2TP client.


markim

join:2013-05-15

Hello,

Try this:

Gateway Phase1 AES128|SHA1; 3DES|SHA1
VPN Phase 2 the same Encrypt and Authentication.

If still no success remove the 3DES|SHA1 from both (Gateway and VPN) and give it a try.

Good luck!

Best Regards!