Winskitech711 Posted November 28, 2010 Share Posted November 28, 2010 At home, I cannot connect into my work VPN when I?m plugged into my router (which is running DD-WRT) or using wireless. If I plug directly into my cable modem, I can connect in just fine. What?s wrong? What I?ve tried: Reset modem Reset router In DD-WRT: Security tab>Firewall tab: SPI firewall is disabled In DD-WRT: Security tab>VPN Passthrough tab: All passthroughs (IPSec, PPTP, L2TP) are enabled In DD-WRT: Setup tab>Advanced Routing tab: Operating mode is Gateway Checked in my modem (Arris TM722) status page, didn?t see any way to set the modem to bridged mode Checked on my computer, firewall is disabled My specs: Modem: Arris TM722 Cable provider: Comcast Router: Linksys WRT54GL DD-WRT version: DD-WRT v24-sp2 (07/22/09) mini - build 12548M NEWD Eko CPU model (from DD-WRT): Broadcom BCM5352 chip rev 0 Computer OS: Windows 7 32-bit Thanks in advance, Adam Link to comment Share on other sites More sharing options...
Winskitech711 Posted November 28, 2010 Author Share Posted November 28, 2010 Additional information: My VPN connection type is L2TP. I am using a pre-shared key. The error message I get is ?Error 789: The l2tp connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.? I?ve googled that error and tried the following: Stopped and restarted both the "IKE and AuthIP IPsec Keying Modules" service and the "IPsec Policy Agent" service My windows firewall is not turned on so that cannot be blocking the VPN connection as far as I know The SPI firewall is turned off on the router I have not set any ports or services blocked on the router I have turned off all Anti-Virus programs None of this has resolved my problems. Possible solutions? Has anyone run into this before? Thanks again, Adam Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 28, 2010 MVC Share Posted November 28, 2010 And when you plug directly into the TM722 what IP address do you get? I can not tell from the manual if it does nat or not, but it provides telephone access so quite often there is nat involved. Is it private 10.x.x.x, 192.168.x.x, 172.16-31.x.x? Link to comment Share on other sites More sharing options...
Winskitech711 Posted December 1, 2010 Author Share Posted December 1, 2010 More information and a deeper mystery. I can connect exactly once to my work VPN from my laptop which is plugged directly into my cable modem. If I disconnect and try to reconnect I get an ?Error 809: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g., firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem. ? I can reset the modem and try to connect again, I get the same error message. The time I could connect to my work VPN my IP address started with 98.223.XXX.XXX. My work is using Openswan to handle their VPN duties and no one else has mentioned connection issues. In addition I?ve also tried setting a single address in my DMZ, assigning that address to my laptop, then trying to connect, but that doesn?t work either. This gets weirder and weirder the more I troubleshoot it? Anyone have any ideas? Thanks in advance, Adam Link to comment Share on other sites More sharing options...
Inertia Posted December 1, 2010 Share Posted December 1, 2010 Is there a Subnet conflict? the subnet your router and computers are on (eg 192.168.0.1/24) matches, overlaps or contains the same subnet the VPN itself wants to assign (eg 192.168.0.1/29) -To eliminate this login to the router and change the router LAN IP address so that it is on a different subnet, the DHCP server settings should change themselves to match when you do this and move the client computers across to the new subnet at the same time. Try putting the router on 192.168.15.1 for example Let us know how it goes. Link to comment Share on other sites More sharing options...
offroadaaron Posted December 1, 2010 Share Posted December 1, 2010 98.223.XXX.XXX. will be an outside or global IP address without any NAT'ing most likely and when you connect to your router you would probably be receiving a 192.168.x.x address. What is the device terminating the VPN and what client program are you using? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 1, 2010 MVC Share Posted December 1, 2010 OK couple of things windows 7 and NAT-T can be a problem.. So clearly could be an issue - since you say it works when directly connected to the modem, and a public IP 98.233 I assume your using just the native windows client, and not a 3rd party client like NCP or thegreenbow, etc. This is for vista and 2k8 but I believe it still applies http://support.microsoft.com/kb/926179 Link to comment Share on other sites More sharing options...
Winskitech711 Posted December 2, 2010 Author Share Posted December 2, 2010 @Inertia: There is not a subnet conflict on my network, everything but the routers get's IPs handed out to them dynamically. @offroadaaron: I get the 98.xxx.xxx.xxx address when I'm plugged directly into my modem. @BudMan: I had high hopes of your suggested fix working but unfortunately it did not. Same 789 error. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 2, 2010 MVC Share Posted December 2, 2010 And is this server behind a NAT as well?? BTW as to your subnet conflict -- not talking about your network.. talking about the network you connect too.. I doubt its your problem but to explain what he was talking about your network 192.168.1.0/24 work network 192.168.1.0/24 When you create a connection between them, how does your machine know to use the vpn to talk to a 192.168.1.0/24 address??? To your machine that network is directly connected - no need to go down a vpn tunnel to connect to it, etc. So are you going to answer the questions?? Are you using the windows 7 vpn client or 3rd party? Also do you have any vpn clients installed that your not using, ie cisco client could conflict with the built in client for ipsec stuff, etc. Link to comment Share on other sites More sharing options...
Recommended Posts