Question VPN L2TP/IPSec - can't connect

Currently reading
Question VPN L2TP/IPSec - can't connect

284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
i have enabled L2TP/IPSec, configured as required, but can't seem to get a device to connect to it.

1701, 500. 4500 UDP open and pointing to NAS on the router (EdgeRouter).

on android phone, added VPN L2TP/IPSec PSK.
entered IP
entered IPSec preshared key
entered username/password (of allowed user)

clicked connect, attemped then fails.

check the log on the NAS, no log entries to show any attempted connection.
NAS firewall not currently enabled.

any ideas what the issue is?

DS1019+ DSM 6.2.2-24922 Update 4
 

fredbert

Moderator
NAS Support
Subscriber
4,075
1,614
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
Last edited:
You can eliminate the Internet router by connecting from the LAN/WLAN using the NAS IP.

Check your Auto Block list.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
i'll need to wait until i'm home to try a LAN-LAN connection.
there are no IPs in the block list.
 

fredbert

Moderator
NAS Support
Subscriber
4,075
1,614
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
The other obvious question: is the Android device directly connected to the Internet (mobile data) or from inside a third party WiFi network. If it's the latter then there could be access controls to block VPNs and other traffic types.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
android device is direct connected to internet (4G).
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
OK an inconclusive test.
at home connected to WIFI (same IP range as NAS).
changed VPN client to use local LAN IP of NAS rather than external IP.

attempt 1 - failed
attempt 2 - failed
attempt 3 - success
attempt 4 - failed
attempt 5 failed

also tried it using the external IP whilst still connected to local WIFI

attempt 1 - failed
attempt 2 - success
attempt 3 - failed
attempt 4 - failed
attempt 5 failed
 

Rusty

Moderator
NAS Support
6,095
1,785
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
OK an inconclusive test.
at home connected to WIFI (same IP range as NAS).
changed VPN client to use local LAN IP of NAS rather than external IP.

attempt 1 - failed
attempt 2 - failed
attempt 3 - success
attempt 4 - failed
attempt 5 failed

also tried it using the external IP whilst still connected to local WIFI

attempt 1 - failed
attempt 2 - success
attempt 3 - failed
attempt 4 - failed
attempt 5 failed
Results same with a different device apart from that android device?
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
just had a thought. my router (Edgerouter) has OpenVPN built in, i wonder if it's a port clash?
although OpenVPN shouldn't be using the same ports.
 
421
166
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Router might also need to be specifically configured to pass through VPN traffic (and not merely port forward). This is typically found under a "security" tab or similar. For example, on the Synology router, it looks like this:

1578434156132.png
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
Router might also need to be specifically configured to pass through VPN traffic (and not merely port forward). This is typically found under a "security" tab or similar. For example, on the Synology router, it looks like this:

but then surely it would fail 100% of the time?
the fact i can connect like 20% of the time suggests that the router is already allowing the traffic thru.
 
421
166
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
No, both your "successful" tests were from inside your own LAN. The fact that you were pointIng at the WAN address didn't make a difference. It's not like the packets went out onto the internet and then came back in.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
i did the same tests on 4G though, and got the same success rate.
 

jeyare

Subscriber
2,486
833
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
Check in your Edge Router for L2TP
Firewall:
enable Protocol 50, to be sure - not Port 50
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

No VPN client setup on the router is "one for all", not SSID specific.
Replies
1
Views
126
Update: ISP changed IP address and other issues on the router, problem solved.
Replies
6
Views
241
Thank you for your help ! Doesn't work with incognito, weird. At least I have other solutions....
Replies
10
Views
332
You are confusing what a VPN actually is with the way people often use it. People tend to use VPN to...
Replies
10
Views
359
  • Poll
I use SSL-VPN especially from mobile devices as there is no configuration file to import. It's also what...
Replies
2
Views
435
I just thought of something that makes no sense, at least to me. Ok, I can't connect on my phone using any...
Replies
8
Views
402
  • Question
Try and access your NAS via SSH as root and go to var/logs/messages. Check the content of that file at the...
Replies
1
Views
245

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top