Question VPN L2TP/IPSec - can't connect

295
32
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
i have enabled L2TP/IPSec, configured as required, but can't seem to get a device to connect to it.

1701, 500. 4500 UDP open and pointing to NAS on the router (EdgeRouter).

on android phone, added VPN L2TP/IPSec PSK.
entered IP
entered IPSec preshared key
entered username/password (of allowed user)

clicked connect, attemped then fails.

check the log on the NAS, no log entries to show any attempted connection.
NAS firewall not currently enabled.

any ideas what the issue is?

DS1019+ DSM 6.2.2-24922 Update 4
 
i'll need to wait until i'm home to try a LAN-LAN connection.
there are no IPs in the block list.
 
OK an inconclusive test.
at home connected to WIFI (same IP range as NAS).
changed VPN client to use local LAN IP of NAS rather than external IP.

attempt 1 - failed
attempt 2 - failed
attempt 3 - success
attempt 4 - failed
attempt 5 failed

also tried it using the external IP whilst still connected to local WIFI

attempt 1 - failed
attempt 2 - success
attempt 3 - failed
attempt 4 - failed
attempt 5 failed
 
OK an inconclusive test.
at home connected to WIFI (same IP range as NAS).
changed VPN client to use local LAN IP of NAS rather than external IP.

attempt 1 - failed
attempt 2 - failed
attempt 3 - success
attempt 4 - failed
attempt 5 failed

also tried it using the external IP whilst still connected to local WIFI

attempt 1 - failed
attempt 2 - success
attempt 3 - failed
attempt 4 - failed
attempt 5 failed
Results same with a different device apart from that android device?
 
just had a thought. my router (Edgerouter) has OpenVPN built in, i wonder if it's a port clash?
although OpenVPN shouldn't be using the same ports.
 
Router might also need to be specifically configured to pass through VPN traffic (and not merely port forward). This is typically found under a "security" tab or similar. For example, on the Synology router, it looks like this:

1578434156132.png
 
Router might also need to be specifically configured to pass through VPN traffic (and not merely port forward). This is typically found under a "security" tab or similar. For example, on the Synology router, it looks like this:

but then surely it would fail 100% of the time?
the fact i can connect like 20% of the time suggests that the router is already allowing the traffic thru.
 
No, both your "successful" tests were from inside your own LAN. The fact that you were pointIng at the WAN address didn't make a difference. It's not like the packets went out onto the internet and then came back in.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Hi Fredbert, I followed your "lazy" tip and it works fine. Thanks :)
Replies
8
Views
939
Anyone have VPN split tunneling and have functionality as described below, using an android VPN app...
Replies
0
Views
735

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top