Cannot set up the L2TP-VPN

Cannot set up the L2TP-VPN

Cannot set up the L2TP-VPN
Cannot set up the L2TP-VPN
2024-08-25 20:33:40 - last edited 2024-08-27 00:52:17
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.4.1 Build 20240117 Rel.57421

 

I followed the instructions to configure https://www.tp-link.com/us/support/faq/3050/

When I attempt to connect from my laptop I get the message: The L2TP-VPN server did not respond.

 

I thought it *might* be because my ISP is blocking inbound connections, so I set up a fake internet connection to my ER7206 to test this.

 

From my laptop (198.51.100.2) on this fake internet, I can ping the router (192.0.2.5)

I set up the VPN connection as documented, and keep getting the "did not respond" error.  How can I further troubleshoot?  

 

I know that routing is working from my laptop to the router.  What is missing?

I did find an error in my VPN policy and now I'm a little closer.

and I see the following errors in my logs:

root@ralphwolf:/var/log/remotelogs/192.168.150.1# tail -5000 omada.log | grep LAN1 | more
2024-08-25T19:01:00.862875-04:00 pi.hole  2024-08-25 17:59:58 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: DHCP client getting IP succeeded. (IP-Address=192.0.2.5, Mask=255.255.255.0, Gateway=
192.0.2.1)#015
2024-08-25T19:01:00.862903-04:00 pi.hole  2024-08-25 18:00:03 Omada Controller_6A5E93-Goodhaven - - - [WAN/LAN1] of [gateway:GoodHaven-B4-B0-24-9F-63-2C:B4-B0-24-9F-63-2C] is up.#015
2024-08-25T19:01:51.125202-04:00 pi.hole  2024-08-25 18:00:34 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: IKE negotiation began in responder mode. (Mode=Main Mode, Peers=192.0.2.5<->198
.51.100.2)#015
2024-08-25T19:01:51.125278-04:00 pi.hole  2024-08-25 18:00:34 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: Phase 1 of IKE negotiation succeeded. (Peers=192.0.2.5<->198.51.100.2)#015
2024-08-25T19:01:51.125344-04:00 pi.hole  2024-08-25 18:00:35 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: Phase 2 of IKE negotiation succeeded. (Peers=192.0.2.5<->198.51.100.2)#015
2024-08-25T19:05:12.471327-04:00 pi.hole  2024-08-25 18:04:30 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: IKE negotiation began in responder mode. (Mode=Main Mode, Peers=192.0.2.5<->198
.51.100.2)#015
2024-08-25T19:05:12.471372-04:00 pi.hole  2024-08-25 18:04:30 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: Phase 1 of IKE negotiation succeeded. (Peers=192.0.2.5<->198.51.100.2)#015
2024-08-25T19:05:12.471467-04:00 pi.hole  2024-08-25 18:04:31 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: Phase 2 of IKE negotiation succeeded. (Peers=192.0.2.5<->198.51.100.2)#015
2024-08-25T19:06:02.703145-04:00 pi.hole  2024-08-25 18:05:02 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: IKE negotiation began in responder mode. (Mode=Main Mode, Peers=192.0.2.5<->198
.51.100.2)#015
2024-08-25T19:06:02.703172-04:00 pi.hole  2024-08-25 18:05:02 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: Phase 1 of IKE negotiation succeeded. (Peers=192.0.2.5<->198.51.100.2)#015
2024-08-25T19:06:02.703235-04:00 pi.hole  2024-08-25 18:05:03 Omada Controller_6A5E93-Goodhaven - - - WAN/LAN1: Phase 2 of IKE negotiation succeeded. (Peers=192.0.2.5<->198.51.100.2)#015

 

Any recommendations?

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Cannot set up the L2TP-VPN-Solution
2024-08-26 21:09:33 - last edited 2024-08-27 00:52:17

It turned out that I had a password typo that was blocking me.  Thankfully I have logging setup via rsyslog and was able to find that message in the error log.

 

I was able to connect, and my dns lookups work properly, BUT for some reason I have to use the IP address to be able to connect.  For example,

I can do nslookup marvin.local and get the IP address, but ssh marvin.local fails. 

If I ssh to marvin's IP address, that works.

 

Any ideas?

Recommended Solution
  0  
  0  
#2
Options
6 Reply
Re:Cannot set up the L2TP-VPN-Solution
2024-08-26 21:09:33 - last edited 2024-08-27 00:52:17

It turned out that I had a password typo that was blocking me.  Thankfully I have logging setup via rsyslog and was able to find that message in the error log.

 

I was able to connect, and my dns lookups work properly, BUT for some reason I have to use the IP address to be able to connect.  For example,

I can do nslookup marvin.local and get the IP address, but ssh marvin.local fails. 

If I ssh to marvin's IP address, that works.

 

Any ideas?

Recommended Solution
  0  
  0  
#2
Options
Re:Cannot set up the L2TP-VPN
2024-08-27 00:52:10

Hi @LeadershipGeek

Thanks for posting in our business forum.

LeadershipGeek wrote

It turned out that I had a password typo that was blocking me.  Thankfully I have logging setup via rsyslog and was able to find that message in the error log.

 

I was able to connect, and my dns lookups work properly, BUT for some reason I have to use the IP address to be able to connect.  For example,

I can do nslookup marvin.local and get the IP address, but ssh marvin.local fails. 

If I ssh to marvin's IP address, that works.

 

Any ideas?

You should contemplate if mDNS is possible to travel over the VPN tunnel.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#3
Options
Re:Cannot set up the L2TP-VPN
2024-08-27 01:08:21

  @Clive_A thanks for the idea and I'm confused by it. 
 

I am able to connect to my DNS servers at my office. And nslookup works for resolution of hosts at my office. I'm trying to connect to THEM.

 

why would MDNS be relevant to this use case?

  0  
  0  
#4
Options
Re:Cannot set up the L2TP-VPN
2024-08-27 01:34:55

Hi @LeadershipGeek 

Thanks for posting in our business forum.

LeadershipGeek wrote

  @Clive_A thanks for the idea and I'm confused by it. 
 

I am able to connect to my DNS servers at my office. And nslookup works for resolution of hosts at my office. I'm trying to connect to THEM.

 

why would MDNS be relevant to this use case?

It matters. You might wanna search for this.

I read a piece of news recently that the .local will be officially reserved for link-local. Not sure if that will change the .local from the mDNS level to the TLD.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#5
Options
Re:Cannot set up the L2TP-VPN
2024-08-28 13:50:04

  @Clive_A - wow. I've done some reading and it seems that you're right about mdns and vpns. 
 

I'm still a little confused. Maybe I'm thinking too old school but I have actual DNS entries in my dnsmasq server for each of the hosts I want to access. And running nslookup returns the correct address. 
 

I'm just starting to learn about this new stuff, but are you saying that DNS servers actually resolve .local differently when I go to look up the name for a connection to the host?  That may be true, and if so it's news to me. 

  0  
  0  
#6
Options
Re:Cannot set up the L2TP-VPN
2024-08-29 01:42:11

Hi @LeadershipGeek 

Thanks for posting in our business forum.

LeadershipGeek wrote

  @Clive_A - wow. I've done some reading and it seems that you're right about mdns and vpns. 
 

I'm still a little confused. Maybe I'm thinking too old school but I have actual DNS entries in my dnsmasq server for each of the hosts I want to access. And running nslookup returns the correct address. 
 

I'm just starting to learn about this new stuff, but are you saying that DNS servers actually resolve .local differently when I go to look up the name for a connection to the host?  That may be true, and if so it's news to me. 

It is a multicast, not a regular DNS UDP which has a specific destination(to the DNS server). They are similar in the concept of getting the IP back but not really the same.

You can look it up of course because you define the DNS server by nslookup under the context. But that does not automatically get you through when you use .local. Which is mDNS.

If you intend to say this is a problem with the DNS, then you should still check the DNS instead of the VPN tunnel.

My point is that the same protocols are not traveling through the VPN tunnel due to its specialty. Some are only for the locals. When you travel through the VPN tunnel, you have different ways to access it instead of the way you use in locally. Some don't work.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#7
Options