Question VPN L2TP/IPSec - can't connect

[chenks]

i have enabled L2TP/IPSec, configured as required, but can't seem to get a device to connect to it.

1701, 500. 4500 UDP open and pointing to NAS on the router (EdgeRouter).

on android phone, added VPN L2TP/IPSec PSK.
entered IP
entered IPSec preshared key
entered username/password (of allowed user)

clicked connect, attemped then fails.

check the log on the NAS, no log entries to show any attempted connection.
NAS firewall not currently enabled.

any ideas what the issue is?

DS1019+ DSM 6.2.2-24922 Update 4

 

[Rusty]

You testing this inside LAN or via wan?

 

[chenks]

WAN.
NAS is on LAN, phone is not on LAN.

 

[fredbert]

You can eliminate the Internet router by connecting from the LAN/WLAN using the NAS IP.

Check your Auto Block list.

 

[chenks]

i'll need to wait until i'm home to try a LAN-LAN connection.
there are no IPs in the block list.

 

[fredbert]

The other obvious question: is the Android device directly connected to the Internet (mobile data) or from inside a third party WiFi network. If it's the latter then there could be access controls to block VPNs and other traffic types.

 

[chenks]

android device is direct connected to internet (4G).

 

[chenks]

OK an inconclusive test.
at home connected to WIFI (same IP range as NAS).
changed VPN client to use local LAN IP of NAS rather than external IP.

attempt 1 - failed
attempt 2 - failed
attempt 3 - success
attempt 4 - failed
attempt 5 failed

also tried it using the external IP whilst still connected to local WIFI

attempt 1 - failed
attempt 2 - success
attempt 3 - failed
attempt 4 - failed
attempt 5 failed

 

[fredbert]

Try OpenVPN?

 

[chenks]

that's not really fixing the problem though.

 

[Rusty]

OK an inconclusive test.
at home connected to WIFI (same IP range as NAS).
changed VPN client to use local LAN IP of NAS rather than external IP.

attempt 1 - failed
attempt 2 - failed
attempt 3 - success
attempt 4 - failed
attempt 5 failed

also tried it using the external IP whilst still connected to local WIFI

attempt 1 - failed
attempt 2 - success
attempt 3 - failed
attempt 4 - failed
attempt 5 failed

Results same with a different device apart from that android device?

 

[chenks]

i have an iphone i could try it on.

 

[chenks]

iphone just says "VPN server did not respond"

 

[chenks]

just had a thought. my router (Edgerouter) has OpenVPN built in, i wonder if it's a port clash?
although OpenVPN shouldn't be using the same ports.

 

[akahan]

Router might also need to be specifically configured to pass through VPN traffic (and not merely port forward). This is typically found under a "security" tab or similar. For example, on the Synology router, it looks like this:

 

[chenks]

Router might also need to be specifically configured to pass through VPN traffic (and not merely port forward). This is typically found under a "security" tab or similar. For example, on the Synology router, it looks like this:

but then surely it would fail 100% of the time?
the fact i can connect like 20% of the time suggests that the router is already allowing the traffic thru.

 

[akahan]

No, both your "successful" tests were from inside your own LAN. The fact that you were pointIng at the WAN address didn't make a difference. It's not like the packets went out onto the internet and then came back in.

 

[chenks]

i did the same tests on 4G though, and got the same success rate.

 

[akahan]

Ah, you hadn't mentioned that.

 

[jeyare]

Check in your Edge Router for L2TP
Firewall:
enable Protocol 50, to be sure - not Port 50