Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN "Certificate" issues

Status
Not open for further replies.
aroostook

aroostook

IS-IT--Management
Jun 15, 2005
74
US
I'm trying to connect to a Win2K server running RRAS. I've set up the client-side to connect via PPTP (not Automatic, which is the default). Still, I get this error message:

"A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate. No L2TP calls will be accepted."

Any ideas? Your help is appreciated.

PS: I suspect it may be a problem with the setup on the server. Someone else did the setup and said they did something to disable it. Someone ELSE then came along and supposedly "fixed" that. I tried setting up RRAS on a lab machine, and didn't have this problem.
 
Sort by date Sort by votes
Some additional info:

The client computer is WinXP SP2.
The firewall at the destination is a Linksys BEFW11S4.

Thanks!
 
Upvote 0 Downvote
For L2TP/IPSec to work the RRAS server needs to have a Computer Certificate to identify itself to L2TP/IPSec clients, without one as you have seen it won't negotiate L2TP/IPSec VPN connections. PPTP will still work however. If you don't want to use L2TP/IPSec and only want PPTP then you can delete the L2TP/IPSec ports on the server, you don't need to as it will only negotiate PPTP connections.

If you want L2TP/IPSec then you need to get a Computer Certificate on the Server - either buy one from an online CA or implement your own Corporate CA. Windows 2000/2003 has a CA you can add, however some thought needs to go into the design for it - i.e. don't just install it and hope it will work 'by default'.

HTH

Andy
 
Upvote 0 Downvote
Nope, we want PPTP. And I try to connect using PPTP. Why I get this L2TP error is beyond me.

We think, at this point, it could be the firewall. It's a Linksys BEFW11S4 v4, and I remember reading someplace that version 4 is problematic for PPTP passthrough. Never saw anything more on that, though. We're getting the latest patch for it. I hope that's all we need. :(
 
Upvote 0 Downvote
To allow PPTP through your firewall (i.e. inbound from the Internet) you need to allow TCP port 1723 and IP protocol 47. If the Firewall is NATing everything then you need to add some port forwarders for both these protocols to your Windows RRAS server.

For L2TP/IPSec you need to allow IKE (UDP 500), IPSec NAT-T (UDP 5500) and L2TP on UDP port 1701.

HTH

Andy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
212
StevenFromSouth
StevenFromSouth
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
196
DrB0b
DrB0b
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
185
DrB0b
DrB0b
bechna
  • Locked
  • Question
Unable to connect to VPN windows server 2019
Replies
0
Views
169
bechna
bechna
FreeSoldier
  • Locked
  • Question
Server 2012 R2 VPN Encryption
Replies
1
Views
193
tacohunter
tacohunter

Part and Inventory Search

Sponsor

Back
Top