12-22-2016 02:18 AM
Hi!
Can someone help me with L2TP client initiated VPN connection configuration.
I would like to make VPN connection from PC to MSR930 router
I've followed MSR guide and can't make it work.
This is my configuration:
sysname HP930-Router# clock timezone Belgrade add 01:00:00# l2tp enable# firewall enable# domain default enable system# dar p2p signature-file flash:/p2p_default.mtd# port-security enable# undo ip http enable# wlan country-code SI# password-recovery enable#vlan 1 description *Local LAN*#domain system authentication ppp local access-limit disable state active idle-cut disable self-service-url disable ip pool 1 192.168.50.2 192.168.50.10#dhcp server ip-pool lan extended network ip range 192.168.5.101 192.168.5.150 network mask 255.255.255.0 gateway-list 192.168.5.1 dns-list 193.189.160.13 193.189.160.23#aspf-policy 1 detect HTTPS detect HTTP detect TCP detect UDP#user-group system group-attribute allow-guest#local-user admin password cipher $c$3$Zvg+xjhVa5c/x6+pnATPXiePFVPR3P8FeTNGcU4= authorization-attribute level 3 service-type ssh telnet terminal service-type ppp service-type web#wlan rrm dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54#wlan service-template 1 crypto ssid Kovacic WiFi cipher-suite ccmp security-ie rsn service-template enable#cwmp undo cwmp enable#l2tp-group 1 undo tunnel authentication allow l2tp virtual-template 0#interface Aux0 async mode flow link-protocol ppp#interface Cellular0/0 async mode protocol link-protocol ppp#interface Dialer10 description *PPPoE SIOL* nat outbound nat server 1 protocol tcp global current-interface 3389 inside 192.168.5.10 3389 nat server 2 protocol tcp global current-interface 9983 inside 192.168.5.30 9981 nat server 3 protocol tcp global current-interface 9984 inside 192.168.5.30 9982 nat server 4 protocol tcp global current-interface 26 inside 192.168.5.30 22 nat server 5 protocol tcp global current-interface 9981 inside 192.168.5.40 9981 nat server 6 protocol tcp global current-interface 9982 inside 192.168.5.40 9982 nat server 8 protocol tcp global current-interface 9000 inside 192.168.5.50 9000 nat server 9 protocol tcp global current-interface 9090 inside 192.168.5.50 9090 nat server 7 protocol tcp global current-interface 27 inside 192.168.5.40 22 nat server 10 protocol tcp global current-interface 3390 inside 192.168.5.90 3389 nat server 11 protocol tcp global current-interface 9985 inside 192.168.5.20 9981 nat server 12 protocol tcp global current-interface 9986 inside 192.168.5.20 9982 nat server 13 protocol tcp global current-interface 28 inside 192.168.5.20 22 link-protocol ppp ppp chap user fkovac20 ppp chap password cipher $c$3$SBVoZg841CjQCXszi5LAOX1tuhGvQnnUblZS ppp pap local-user fkovac20 password cipher $c$3$HP8ZEhavG86bcaXa8pBLPqJwqoYs5oNhOlb8 ppp ipcp dns admit-any ppp ipcp dns request mtu 1492 ip address ppp-negotiate tcp mss 1024 dialer user username dialer-group 10 dialer bundle 10#interface Virtual-Template0 ppp authentication-mode chap domain system ppp ipcp remote-address forced remote address pool 1 ip address 192.168.50.1 255.255.255.0#interface NULL0#interface Vlan-interface1 description *Local LAN* ip address 192.168.5.1 255.255.255.0 tcp mss 1350 dhcp server apply ip-pool lan ip virtual-reassembly#interface GigabitEthernet0/0 port link-mode route description *WAN* nat outbound pppoe-client dial-bundle-number 10 ip virtual-reassembly#interface GigabitEthernet0/1 port link-mode bridge#interface GigabitEthernet0/2 port link-mode bridge#interface GigabitEthernet0/3 port link-mode bridge#interface GigabitEthernet0/4 port link-mode bridge#interface WLAN-BSS1 description *Home WiFi* port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$8DW6BLwfI4fLYwF2Xu7geciO4jfCwP4J3zD7CN20#interface WLAN-BSS32 description *Home WiFi* port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$8DW6BLwfI4fLYwF2Xu7geciO4jfCwP4J3zD7CN20#interface WLAN-Radio3/0 service-template 1 interface wlan-bss 1# ip route-static 0.0.0.0 0.0.0.0 Dialer10# dhcp enable# ntp-service unicast-server 193.77.204.20# ssh server enable ssh server authentication-timeout 10 undo ssh server compatible-ssh1x sftp server enable# ip https enable# dialer-rule 10 ip permit# nms primary monitor-interface Dialer10# load xml-configuration# load tr069-configuration#user-interface tty 12user-interface aux 0user-interface vty 0 4 authentication-mode scheme#return
12-22-2016 07:09 AM
Janez,
Have you tried turning on the debugging log to see what is happening? Try...
> debug l2tp error
> debug l2tp event
> debug ipsec error
> debug ipsec event
> debug ike error
> debug ike event
> terminal debug
> terminal monitor
Then try the connection and see what happens. It could be a key exchange issue, connectivity problem, or something else. This will help.
Happy Holidays!
Regards,
David
12-23-2016 01:30 AM
thanks for these infos, but nothins shows in log :/
do I have to configure IPsec and L2tp to get it work?
curently i have only l2tp configured.
