DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Host to LAN L2TP with IPSec VPN using Win7 client. Possible?

  • gizmo911uk
  • Topic Author
  • Offline
  • New Member
  • New Member
More
09 Sep 2010 17:14 #63735 by gizmo911uk
Hi all,

I have a DrayTek Vigor 2820Vn and I'm trying to set up a Host to LAN (Teleworker to Vigor) L2TP with IPSec Policy VPN Connection using Windows 7 (Pro, 32bit) as my client.

I've successfully set up a Host to LAN VPN connection using L2TP with IPSec Policy on my iPhone but with the same settings I cannot get connected with my Windows 7 laptop.

I've tried setting up the VPN connection using both the Smart VPN Client and doing it manually. But both fail to connect.


Before I delve to deep into this, has anyone successfully set up a L2TP with IPSec Policy VPN Connection with a Windows 7 client?


Many Thanks
Gary

Please Log in or Create an account to join the conversation.

More
15 Sep 2010 10:43 #63782 by mordorf
Yes I can connect to L2TP VPN from a Windows 7 client but only when it is connected to a different network. If I try testing the VPN from the local network to the 2820 then it never connects. I have a mobile broadband dongle that I can use for testing.
[/img]

Please Log in or Create an account to join the conversation.

More
15 Sep 2010 12:27 #63783 by slarty01
Hi I'm just trying this myself and I found exactly the same with PPTP you can connect outside the LAN to the Vigor 2820VN via any network you choose. But for the life of me I can not get Windows 7 to get a L2TP VPN with an IKE Key to work from outside. Has anyone a step by step guide on setup for this as the guides by Draytek are an older firmware version and don't really explain this to a novice very well.

Please Log in or Create an account to join the conversation.

More
15 Sep 2010 18:54 #63786 by mordorf
This is how mine is configured and it works fine.

Draytek Configuration:

VPN and Remote Access >

Remote Access Control:
Select all option boxes

IPSec General Setup:
Enter a Pre-Shared Key (make a note of this as you will need it later)
De-select all option boxes except for 3DES

Remote Dial-in User:
Create a User by clicking a number on the left
Select:

Enable this account

PPTP
IPSec Tunnel
L2TP with IPSec Policy
Nice to Have (drop down selection box)

Enter a username
Enter a password or select mOTP and enter a PIN and Secret (note both as you will need this information to configure the mOTP client).

Netbios Naming Packet - Pass
Multicast via VPN - Block

De-select all other option boxes


Draytek Smart VPN Client Configuration:

Click INSERT

Enter a Profile name
Enter the public IP address or host name of the Draytek router
Enter the Remote Dial-in username
Enter password or select mOTP and configure the mOTP secret
Select L2TP over IPSec
Select Use default gateway on remote network (routes all external bound traffic through VPN)
De-select all other options

Click OK

Enter the Pre Shared Key from the Draytek configuration

Click OK

You may also need to create a firewall rule that enables traffic to flow. Try without first and if it you can connect but can't access anything add a firewall rule that allows the local subnet from WAN->LAN

Hope this helps.

Please Log in or Create an account to join the conversation.

  • gizmo911uk
  • Topic Author
  • Offline
  • New Member
  • New Member
More
17 Sep 2010 11:57 #63827 by gizmo911uk
Thanks for your replies guys.

Just after getting an L2TP with IPSec VPN connection working on my Windows 7 client.

In the end it was relatively straight forward.

After reading the 'Built in VPN client - Windows Vista to Vigor Router - IPSec’ how-to in the FAQs I came across the following point:

"Note: Vigor Router don't accept Diffie-Hellman Group 2 algorithm but Vista uses Diffie-Hellman Group 2 algorithm by default. We have to change the setting before creating IPSec tunnel to Vigor Router."

Windows 7 is the same. So to change this I opened up ‘Windows Firewall with Advanced Security’ (click Start and search for it, it’ll appear). Once it opens up select ‘Properties’ in the right hand pane, then select the ‘IPSec Settings’ tab and click on ‘Customize’;


Change ‘Key exchange (Main Mode)’ from ‘Default’ to ‘Advanced’, and click on ‘Customize’;


Add a new security method using ‘Diffie-Hellman Group 1’, like so:


I then recreated the L2TP with IPSec VPN connection using DrayTek’s ‘Smart VPN Client’ wizard utility and the VPN connection worked first time.

Please Log in or Create an account to join the conversation.

More
23 Sep 2010 10:14 #63937 by ftodino

gizmo911uk wrote: Thanks for your replies guys.

Just after getting an L2TP with IPSec VPN connection working on my Windows 7 client.

In the end it was relatively straight forward.

After reading the 'Built in VPN client - Windows Vista to Vigor Router - IPSec’ how-to in the FAQs I came across the following point:

"Note: Vigor Router don't accept Diffie-Hellman Group 2 algorithm but Vista uses Diffie-Hellman Group 2 algorithm by default. We have to change the setting before creating IPSec tunnel to Vigor Router."

Windows 7 is the same. So to change this I opened up ‘Windows Firewall with Advanced Security’ (click Start and search for it, it’ll appear). Once it opens up select ‘Properties’ in the right hand pane, then select the ‘IPSec Settings’ tab and click on ‘Customize’;


Change ‘Key exchange (Main Mode)’ from ‘Default’ to ‘Advanced’, and click on ‘Customize’;


Add a new security method using ‘Diffie-Hellman Group 1’, like so:


I then recreated the L2TP with IPSec VPN connection using DrayTek’s ‘Smart VPN Client’ wizard utility and the VPN connection worked first time.



Thanks for this. Really helped me.

I could connect to the VPN but for whatever reason could not successfully copy files to a Win 7 file share until I did the above. Now it works fine.

Many thanks

Tino

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami