L2tp Error 789

[G-Stress]

Hopefully someone can let me know if I'm doing something wrong here. I have a VM running 2k3 with RRAS I have setup a PPTP and L2TP VPN. I'm able to connect to the PPTP VPN connection fine, but the L2TP everytime I get error 789.

So far none of the MS knowledge base articles have seem to help. As for the L2TP VPN I have set a pre-shared key for the connection with a basic policy. After I establish a connection this way I'll configure CA. I have gotten this to work before a long time ago, but I'm wondering if it might be an issue with the router's I have.

My configuration is Modem --> Linksys RVS4000 --> Netgear WNR1000v2 acting as a switch. I have TCP/UDP 1701 forwarded all the way to the VM, now I'm not sure what else to do. I believe the last time I had this working I was using a wrt54gs.

I am able to connect via locally just not over WAN.

[Infiltrator]

I found this forum thread on the internet, it might help you shed some lights.

http://www.pcreview.co.uk/forums/thread-1575568.php

Let me know how you go

[digip]

I'm not sure LT2P can be done on the WAN with your router setup without a static route between the two networks or direct cable connections. The reason it works locally is because of layer 2 being local on the same subnet. Layer 2 cant route via IP over a WAN unless encapsulated in some manner ( I think IPSEC) or the two networks are using some other types of routers such as high end Cisco devices that do direct layer 2 switching between the two locations (Frame Relay or L2F) and the ISP or Telecom in the middle switching traffic to each location for them. Are you using IPSEC as well? If so, I think you need to have port 500 or something like that forwarded as well.

Edited May 24, 2010 by digip

[G-Stress]

Ok this brings me to a hault. I thought when setting up L2TP IPSec was part of it. I didn't know I could setup a L2TP connection without IPSec. I guess the Train Signal Lab I'm watching is a bit confusing.

That being said I'm not sure if I'm using IPSec. In the connection on the client (windows 7) I have it set on L2TP with IPSec so I thought L2TP and IPSec were the same thing?

As far as IPSec I see a policy setting in the DC Security Policy and the Domain Security Policy if that's what (IPSec) is.

I'm not sure how exactly to configure that part as the Virtual Instructor has not covered that.

Forgive me for my lack of knowledge. I could have swore I had this working over the WAN about 2 years ago with a wrt54gs using CA. :(

[digip]

L2TP by itself doesnt do encryption, but with things like IPSEC you can encrypt the contents of what is flowing through your tunnel. To get from network to network, I believe you need to have it encapsulated within another protocol in order to hop networks over IP but don't quote me on that. I haven't worked with this stuff in a long time, and don't remember a lot of it. The only place I ever set it up was on Cisco routers using Frame Relay and such.

See if this applies to your problem: http://support.microsoft.com/kb/326751

[G-Stress]

I've seen that link before last time I was trying to mess with this I tried that ProhibitIPSec reg edit and was not successful. I think it's like you said though it might not work over the WAN with my equitment. I'm going to use my wrt54gs again and give that a shot, because I thought I had it working that way.

Unless anyone knows of another way to establish a good secure L2TP connection to home. I like DD-WRT and use the built in PPTP server, would be nice if there was a firmware or way to do the same with L2TP.

[digip]

Whats wrong with normal VPN setup or even SSH? What do you need to access from your machine? Also, your wrt router, if you set up dd-wrt and such you can use it as a vpn gateway directly anyway.

[Infiltrator]

Why don't you try using OpenVPN which is a lot easier to set up and to manage as well.

[G-Stress]

My whole purpose is for learning experience. I'm doing a course over server 2k3, AD, VPN's and all that, but I believe in their scenario's their using enterprise equipment. I do use PPTP and SSH tunnel which is nice, I just wanted to step it up a notch and get a little dirty with L2TP.

I'll set this up again with one of my wrt54gs and post back if I get it working. Just a thought, I remember reading a thread here something about a virtual router I believe? Is there a way I could say run say a cisco IOS? via a VM and L2TP to that?

I have no current experience with cisco router's or switches, but have been looking for a good affordable once that supports the cisco VPN client and GB LAN.

@ Infiltrator,

I've yet to see a good working tutorial where anyone has managed to get OpenVPN working. I believe Sparda attempted sometime ago I saw a post and asked him if he got it working and I think he said he was still having issues's. Another member said at one point he would write a tutorial and I PM'ed him to see if he still planned to do so, but he is a very busy person and I'm sure just don't have the time.

I do use Adito OpenVPN-als. have been since the mention of it the show and love it. It's a bit to easy though. I like a challenge and would like to setup the version from here: http://openvpn.net/

Edited May 26, 2010 by G-Stress