ER605: Client-to-LAN L2TP VPN not working for Windows 10 client

ER605: Client-to-LAN L2TP VPN not working for Windows 10 client

ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
a week ago - last edited a week ago
Tags: #VPN #L2TP
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20230210 Rel.62992

I followed a post here (ER605: How to setup a Client to LAN IPSEC VPN to connect to via Windows 10 for example?) and this TP-Link FAQ article (How to establish an L2TP Server by Omada Gateway in Standalone mode), but my Windows 10 PC shows an error message, as shown below:

The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.

 

However, I can see on the ER605's syslog screen these messages:

1 2024-12-14 00:16:02 IPsec NOTICE WAN: Phase 2 of IKE negotiation succeeded. (Peers=10.1.10.2<->55.66.77.88)
2 2024-12-14 00:15:52 IPsec NOTICE WAN: Phase 2 of IKE negotiation succeeded. (Peers=10.1.10.2<->55.66.77.88)
3 2024-12-14 00:15:44 IPsec NOTICE WAN: Phase 2 of IKE negotiation succeeded. (Peers=10.1.10.2<->55.66.77.88)
4 2024-12-14 00:15:40 IPsec NOTICE WAN: Phase 2 of IKE negotiation succeeded. (Peers=10.1.10.2<->55.66.77.88)
5 2024-12-14 00:15:38 IPsec NOTICE WAN: Phase 2 of IKE negotiation succeeded. (Peers=10.1.10.2<->55.66.77.88)
6 2024-12-14 00:15:37 IPsec NOTICE WAN: Phase 2 of IKE negotiation succeeded. (Peers=10.1.10.2<->55.66.77.88)
7 2024-12-14 00:15:37 IPsec NOTICE WAN: Phase 1 of IKE negotiation succeeded. (Peers=10.1.10.2<->55.66.77.88)
8 2024-12-14 00:15:37 IPsec NOTICE WAN: IKE negotiation began in responder mode. (Mode=Main Mode, Peers=10.1.10.2<->55.66.77.88)


(Where 55.66.77.88 is my home router's IP address from the ISP.)

 

Some more details: The ER605 is connected to a WAN router from the ISP (Comcast). So its WAN IP (10.1.20.2) is not a public IP address. However, I did set up port forwarding of these 3 UDP ports to the device:1701, 500, and 4500.

 

Am I missing something? Thank you in advance for any/all help.

  0      
  0      
#1
Options
11 Reply
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
a week ago

  @ww9rivers 

 

Hi,

 

1. Please, do not provide your sensitive data on the forum. All external IP addresses, MACs, passwords shouls be hidden.

2. Do you get PUBLIC IP address from your ISP? 

3. Does the IP you get on your router match the IP showed on "What's my IP" web page?

4. Can you share a drawing of how your network looks like with IPs on it?

5. Can you share your VPN server's configuration screenshot? (blur out any sensitive data:

 

Cheers

  0  
  0  
#2
Options
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
a week ago - last edited a week ago

  @RaRu 

  1. Thank you for that reminder: 55.66.77.88 is not my real IP address.
  2. I do get public IP address from the ISP -- not sure what this question is about.
  3. By "your router" I assume you mean the ER605? No -- as I stated, it is behind the ISP router, so it has a private IP address and I set up port forwarding on the ISP router to allow L2RP VPN traffic.
  4. See below.

 

Screenshot:

 

  0  
  0  
#3
Options
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
a week ago - last edited a week ago

Not sure why, every time I paste the screenshot image in a reply, the image disappears.

 

There is not much to it. Just a simple L2TP server set up. There are 4 items in the L2TP Server Setting page:

WAN: WAN

Authentication Type: Local

IPSec Encryption: Encrypted

Pre-Shared Key: ......a 64-character PSK......

Status: Enabled

  0  
  0  
#6
Options
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
a week ago

  @ww9rivers 

 

Regarding point 2. ISP can provide you two types of IP: Private and Public. 

Usually, those companies provide Private IPs to their customers and you may get Public one only if you ask them to provide you such configuration. Usually it's additionally paid service.

 

I'm asking, cuz without Public IP address, hosting a VPN server will be impossible (client's won't be able to connect).

 

The screenshot bug here is known for me. What I usually do in such case is to paste the image and add an ENTER (new line) after/below the picture. In most cases that makes the pic work as should.

 

Have you tried to disable firewall on your PC that you use to connect to VPN? just for a moment to see if that will allow you to connect? Sometimes firewall may impact VPN.

 

Cheers

 

  0  
  0  
#7
Options
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
Monday

Hi @ww9rivers 

Thanks for posting in our business forum.

When your router is behind the router, it may not work with the IPsec. We are not able to resolve this due to the specialty of IPsec.

VPN Connectivity and Access Troubleshooting Guide

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#8
Options
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
Monday

  @RaRu 

 

Thanks again.

 

I understand what a public IP address is. As I have set up SSH into the office, I know the office has a public IP.

 

Here is the screenshot of the L2TP setup:

Screenshot of L2TP

I am not sure what reason you have to question the firewall on my PC, as my initial post clearly shows that the VPN negotiation packets had reached the ER605 router in the office.

  0  
  0  
#9
Options
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
Monday

  @ww9rivers 

 

Have you upgraded your router? A lot has been fixed since version 2.1.2

 

  0  
  0  
#10
Options
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
Monday

  @MR.S

 

No. I have not. Is there a version that you could recommend?

 

I found on this page several versions:

https://www.tp-link.com/us/support/download/er605/v2/#Firmware

 

ER605(UN)_V2_2.2.6 Build 20240718

ER605(UN)_V2_2.2.5 Build 20240522

ER605(UN)_V2_2.2.4 Build 20240119

ER605(UN)_V2_2.2.3 Build 20231201

 

Thank you much.

  0  
  0  
#11
Options
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
Monday

  @ww9rivers 

 

version 2.2.6 is the latest so try it, I think you have to upgrade to 2.2.3 first otherwise 2.2.6 will fail

 

  0  
  0  
#12
Options
Re:ER605: Client-to-LAN L2TP VPN not working for Windows 10 client
Monday - last edited Monday

There seems to be an upgrade path from 2.1.x to 2.2.x? I first tried 2.2.6 and it failed.

 

So now I am running 2.2.3 Build 20231201 Rel.32918.

 

I did a Wireshark on my PC for the VPN negotiation traffic. Here is a screenshot:

Wireshark capture of L2TP packets

That show the 2TP client on my PC is talking to the server in the remote office. But somehow that negotiation does not get to a successful completion.

 

As in my initial post, I set up UDP port forwarding of 1701, 500, and 4500 to the ER605. Have I missed anything?

  0  
  0  
#13
Options