Question VPN L2TP/IPSec - can't connect

Currently reading
Question VPN L2TP/IPSec - can't connect

295
32
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
i have enabled L2TP/IPSec, configured as required, but can't seem to get a device to connect to it.

1701, 500. 4500 UDP open and pointing to NAS on the router (EdgeRouter).

on android phone, added VPN L2TP/IPSec PSK.
entered IP
entered IPSec preshared key
entered username/password (of allowed user)

clicked connect, attemped then fails.

check the log on the NAS, no log entries to show any attempted connection.
NAS firewall not currently enabled.

any ideas what the issue is?

DS1019+ DSM 6.2.2-24922 Update 4
 
i'll need to wait until i'm home to try a LAN-LAN connection.
there are no IPs in the block list.
 
OK an inconclusive test.
at home connected to WIFI (same IP range as NAS).
changed VPN client to use local LAN IP of NAS rather than external IP.

attempt 1 - failed
attempt 2 - failed
attempt 3 - success
attempt 4 - failed
attempt 5 failed

also tried it using the external IP whilst still connected to local WIFI

attempt 1 - failed
attempt 2 - success
attempt 3 - failed
attempt 4 - failed
attempt 5 failed
 
OK an inconclusive test.
at home connected to WIFI (same IP range as NAS).
changed VPN client to use local LAN IP of NAS rather than external IP.

attempt 1 - failed
attempt 2 - failed
attempt 3 - success
attempt 4 - failed
attempt 5 failed

also tried it using the external IP whilst still connected to local WIFI

attempt 1 - failed
attempt 2 - success
attempt 3 - failed
attempt 4 - failed
attempt 5 failed
Results same with a different device apart from that android device?
 
just had a thought. my router (Edgerouter) has OpenVPN built in, i wonder if it's a port clash?
although OpenVPN shouldn't be using the same ports.
 
Router might also need to be specifically configured to pass through VPN traffic (and not merely port forward). This is typically found under a "security" tab or similar. For example, on the Synology router, it looks like this:

1578434156132.png
 
Router might also need to be specifically configured to pass through VPN traffic (and not merely port forward). This is typically found under a "security" tab or similar. For example, on the Synology router, it looks like this:

but then surely it would fail 100% of the time?
the fact i can connect like 20% of the time suggests that the router is already allowing the traffic thru.
 
No, both your "successful" tests were from inside your own LAN. The fact that you were pointIng at the WAN address didn't make a difference. It's not like the packets went out onto the internet and then came back in.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Can't offer any solution, but can you try a different VPN type? OpenVPN? Is your router on the latest...
Replies
2
Views
1,443
  • Question
So you have two sites with identical local IP subnets and even IP assignments? If trying to connect from...
Replies
2
Views
1,052
Did you try to directly connect using the NAS's LAN IP? And that also fails? How exactly are you...
Replies
3
Views
1,540
That would be an option as well ofc. Still depends on the router and how much OP has control over it, but...
Replies
5
Views
1,760
No VPN client setup on the router is "one for all", not SSID specific.
Replies
1
Views
1,316
Update: ISP changed IP address and other issues on the router, problem solved.
Replies
6
Views
2,522

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top