Well, I posted this in the VPN foru

[eLinux]

Well, I posted this in the VPN forum but it sunk to the bottom of the page again and, considering I went through many many past threads, I have a feeling this one is going to sink to the bottom of the sea without an answer in the VPN forum...

Maybe someone here can help me.

Okay...well, I went and tinkered with Windows 2003 for endless hours today trying to get IPsec connection to work. I finally found a really great article which gave me a rough idea on how to set it up...

I went to the Windows 2k3 IP Security Policy editor and worked through that...

Now here's the problem I'm having.

I'm trying to connect to the server using my Windows XP laptop. It's set up with the *SAME* pre-shared key as the 2k3 server. I check the usual settings in the properties, and tell it to connect...

Problem is when I tell the client *only* to connect using L2TP/IPsec, it fails to connect citing:

"Error 741: The local computer does not support the required data encryption type."

This is quite strange. All the settings in the RRAS setup have pretty much default encryption settings... But the client refuses to connect.

What's even more interesting is the second I put the connection type to "Automatic" it connections almost instantly. The icon on the tray states that I'm using MS CHAP v2, and I'm connected using "WAN Miniport (PPTP)."

This is too weird...am I'm in an IPsec tunnel if it connects using the PPTP method? What's going on? I am assuming I'm not since it fails when I tell it to use L2TP/IPsec...

Please help! What could I be doing wrong?

 

[fberryman]

I think I would put a sniffer on the client (tcpdump or ethereal) and find out what is going on. But if all you want is a connection, what is wrong with automatic?

 

[sammyboy1]

Have you managed to resolve this problem?

I am having exactly the same problem!!

Thanks

 

[Lequang]

-I guest that the server VPN service is up and waiting connections?

-XP encryption method may not talk to server method.

- Look at thee tunnel on server to see if you connection is really VPN/IPSec.

 

[sammyboy1]

How do I check the tunnel on the server to see if it is VPN/Ipsec, please clarify?

The only tunnel I can create to my VPN server is PPTP.

 

[Lequang]

http://pptpclient.sourceforge.net/

This website might help you.

I might help you more if I get the following info:

- The server: what is the IP range and the setup of VPN properties
- the XP: IP range adn VPN properties.

 

[sammyboy1]

My VPN server is Win2003. VPN clients are assigned addresses via DHCP 172.16.x.x, the VPN server has a 172.16.x.x address, will this matter?
L2TP / PPTP ports are available.
External NIC is pointing to 10.10.x.x
Internal NIC = 172.16.x.x
VPN server also acts as Internet gateway for private IP adress range.

XP client is configured to point at our ADSL router's Public IP address. TCP port 1723 & UDP Ports 1701,500 are open. Internal router IP is 10.10.x.x, static route has been configured to point to 172.16.x.x range.

 

[sammyboy1]

In addition the info above, I have no filters applied on the VPN server & there is no Windows 2003 firewall configured on the external interface.