Cannot connect to external VPN

[Winskitech711]

At home, I cannot connect into my work VPN when I?m plugged into my router (which is running DD-WRT) or using wireless. If I plug directly into my cable modem, I can connect in just fine. What?s wrong?

What I?ve tried:

Reset modem

Reset router

In DD-WRT: Security tab>Firewall tab: SPI firewall is disabled

In DD-WRT: Security tab>VPN Passthrough tab: All passthroughs (IPSec, PPTP, L2TP) are enabled

In DD-WRT: Setup tab>Advanced Routing tab: Operating mode is Gateway

Checked in my modem (Arris TM722) status page, didn?t see any way to set the modem to bridged mode

Checked on my computer, firewall is disabled

My specs:

Modem: Arris TM722

Cable provider: Comcast

Router: Linksys WRT54GL

DD-WRT version: DD-WRT v24-sp2 (07/22/09) mini - build 12548M NEWD Eko

CPU model (from DD-WRT): Broadcom BCM5352 chip rev 0

Computer OS: Windows 7 32-bit

Thanks in advance,

Adam

[Winskitech711]

Additional information: My VPN connection type is L2TP. I am using a pre-shared key. The error message I get is ?Error 789: The l2tp connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.?

I?ve googled that error and tried the following:

Stopped and restarted both the "IKE and AuthIP IPsec Keying Modules" service and the "IPsec

Policy Agent" service

My windows firewall is not turned on so that cannot be blocking the VPN connection as far as I know

The SPI firewall is turned off on the router

I have not set any ports or services blocked on the router

I have turned off all Anti-Virus programs

None of this has resolved my problems. Possible solutions? Has anyone run into this before?

Thanks again,

Adam

[+BudMan MVC]

And when you plug directly into the TM722 what IP address do you get? I can not tell from the manual if it does nat or not, but it provides telephone access so quite often there is nat involved.

Is it private 10.x.x.x, 192.168.x.x, 172.16-31.x.x?

[Winskitech711]

More information and a deeper mystery. I can connect exactly once to my work VPN from my laptop which is plugged directly into my cable modem. If I disconnect and try to reconnect I get an ?Error 809: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g., firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem. ?

I can reset the modem and try to connect again, I get the same error message.

The time I could connect to my work VPN my IP address started with 98.223.XXX.XXX.

My work is using Openswan to handle their VPN duties and no one else has mentioned connection issues. In addition I?ve also tried setting a single address in my DMZ, assigning that address to my laptop, then trying to connect, but that doesn?t work either. This gets weirder and weirder the more I troubleshoot it?

Anyone have any ideas?

Thanks in advance,

Adam

[Inertia]

Is there a Subnet conflict? the subnet your router and computers are on (eg 192.168.0.1/24) matches, overlaps or contains the same subnet the VPN itself wants to assign (eg 192.168.0.1/29)

-To eliminate this login to the router and change the router LAN IP address so that it is on a different subnet, the DHCP server settings should change themselves to match when you do this and move the client computers across to the new subnet at the same time.

Try putting the router on 192.168.15.1 for example

Let us know how it goes.

[offroadaaron]

98.223.XXX.XXX. will be an outside or global IP address without any NAT'ing most likely and when you connect to your router you would probably be receiving a 192.168.x.x address.

What is the device terminating the VPN and what client program are you using?

[+BudMan MVC]

OK couple of things windows 7 and NAT-T can be a problem.. So clearly could be an issue - since you say it works when directly connected to the modem, and a public IP 98.233

I assume your using just the native windows client, and not a 3rd party client like NCP or thegreenbow, etc.

This is for vista and 2k8 but I believe it still applies

http://support.microsoft.com/kb/926179

[Winskitech711]

@Inertia: There is not a subnet conflict on my network, everything but the routers get's IPs handed out to them dynamically.

@offroadaaron: I get the 98.xxx.xxx.xxx address when I'm plugged directly into my modem.

@BudMan: I had high hopes of your suggested fix working but unfortunately it did not. Same 789 error.

[+BudMan MVC]

And is this server behind a NAT as well??

BTW as to your subnet conflict -- not talking about your network.. talking about the network you connect too.. I doubt its your problem but to explain what he was talking about

your network 192.168.1.0/24

work network 192.168.1.0/24

When you create a connection between them, how does your machine know to use the vpn to talk to a 192.168.1.0/24 address??? To your machine that network is directly connected - no need to go down a vpn tunnel to connect to it, etc.

So are you going to answer the questions?? Are you using the windows 7 vpn client or 3rd party? Also do you have any vpn clients installed that your not using, ie cisco client could conflict with the built in client for ipsec stuff, etc.