IPSec vpn connection
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi everyone,
I have a tp-link ER605 at home and would like to set it up so I can connect to my home network from somewhere else.
I followed this guide (link) on how to set up IPSec and L2TP. However when I try to connect to the vpn, it fails.
When I inspect the packets with wireshark, I see that the router responds with an AUTHENTICATION_FAILED (even though I filled in the correct pre-shard key).
I'm a bit lost on how to investigate this further, so any suggestions would be welcome.
One last note: Before I want to open up this port at my service provider, I would like to verify that everything works correctly. Therefore, I'm using a pc on my local network to connect to the vpn. I don't know if this is a problem? I illustrated my current setup below:
---------------- -------------------------- --------------------- ------------------
| internet | ---- | service provider | ------- | tp-link | -------- | my device |
| | | modem | | ER605 router | | |
---------------- --------------------------- --------------------- -----------------
I configured my vpn client to connect to the WAN ip address of my tp-link. So my packets go from 'my device' -> 'tp-link' -> 'modem' -> 'tp-link'
Hi Virgo,
Thanks for your reply. I had a look at the manuals you sent. I tried replicating those settings (setting the parameters according to my ip ranges).
I also used a windows pc to connect to the vpn with the same settings as in your manual.
However, I get an error when trying to connect to the vpn 'The modem (or other reporting device) has reported an error.
When tracing the communication with wireshark, I get the following communcation:
The last two messages (StopCCN) report
Layer 2 Tunneling Protocol
Packet Type: Control Message Tunnel Id=11 Session Id=0
Length: 54
Tunnel ID: 11
Session ID: 0
Ns: 0
Nr: 1
Control Message AVP
1... .... .... .... = Mandatory: True
.0.. .... .... .... = Hidden: False
.... ..00 0000 1000 = Length: 8
Vendor ID: Reserved (0)
AVP Type: Control Message (0)
Message Type: Stop_Control_Notification (4)
Assigned Tunnel ID AVP
1... .... .... .... = Mandatory: True
.0.. .... .... .... = Hidden: False
.... ..00 0000 1000 = Length: 8
Vendor ID: Reserved (0)
AVP Type: Assigned Tunnel ID (9)
Assigned Tunnel ID: 40638
Result-Error Code AVP
1... .... .... .... = Mandatory: True
.0.. .... .... .... = Hidden: False
.... ..00 0001 1010 = Length: 26
Vendor ID: Reserved (0)
AVP Type: Result-Error Code (1)
Result code: General error, Error Code indicates the problem (2)
Error code: A generic vendor-specific error occurred (6)
Error Message: No Authorization
This would indicate that the client (windows pc) didn't provide any authorization (or incorrect information)?
Even though I correctly filled in the username and password (and pre-shared key)
So it means the tunnel doesn't show up, right?
Have you seen this one: https://www.tp-link.com/support/faq/1629/
Step9 is the point, need to check two options like the image.
Hi Virgo,
I enabled the two options in my vpn configuration. However, windows still complains that the connection can't be set up (same error as before).
The network trace changed however (there is no more 'stop' message...)
I also checked the system log on my tp link router to check if any errors show up there, but unfortunately no errors:
After giving it another try, I now get more logs in wireshark:
However, still not a successfull connection. I've included the full wireshark logs in case somebody wants to look at the details. wireshark logs
The StopCCN message is sent with error 'No authorization'.
Thanks and kind regards,
Matthias