Windows XP VPN connection times out (IPSec)

[MDLarson]

Hey pros!

I have a breeeand new Xserve G5 installed and running the VPN service. My ultimate intention is to connect two LANs together as one, but right now I’m just working on getting something working.

Take a look at my network structure below:

I setup the Remote iMac G5 via Internet Connect app and can connect to the Xserve VPN just fine (with the exception of not being able to access the rest of the network, much like the scenario described by PhillyMJS in this topic).

The Remote PC, on the other hand, fails to connect. When I try, the VPN log populates with the following:

[QUOTE]2005-04-19 13:16:12 CDT Incoming call… Address given to client = 10.0.0.219
Tue Apr 19 13:16:12 2005 : Directory Services Authentication plugin initialized
Tue Apr 19 13:16:12 2005 : Directory Services Authorization plugin initialized
Tue Apr 19 13:16:12 2005 : L2TP incoming call in progress
Tue Apr 19 13:16:12 2005 : L2TP received SCCRQ
Tue Apr 19 13:16:12 2005 : L2TP sent SCCRP
2005-04-19 13:16:13 CDT Incoming call… Address given to client = 10.0.0.220
Tue Apr 19 13:16:13 2005 : Directory Services Authentication plugin initialized
Tue Apr 19 13:16:13 2005 : Directory Services Authorization plugin initialized
Tue Apr 19 13:16:13 2005 : L2TP incoming call in progress
Tue Apr 19 13:16:13 2005 : L2TP received SCCRQ
Tue Apr 19 13:16:13 2005 : L2TP sent SCCRP
2005-04-19 13:16:15 CDT Incoming call… Address given to client = 10.0.0.201
Tue Apr 19 13:16:15 2005 : Directory Services Authentication plugin initialized
Tue Apr 19 13:16:15 2005 : Directory Services Authorization plugin initialized
Tue Apr 19 13:16:15 2005 : L2TP incoming call in progress
Tue Apr 19 13:16:15 2005 : L2TP received SCCRQ
Tue Apr 19 13:16:15 2005 : L2TP sent SCCRP
2005-04-19 13:16:19 CDT Incoming call… Address given to client = 10.0.0.202
Tue Apr 19 13:16:19 2005 : Directory Services Authentication plugin initialized
Tue Apr 19 13:16:19 2005 : Directory Services Authorization plugin initialized
Tue Apr 19 13:16:19 2005 : L2TP incoming call in progress
Tue Apr 19 13:16:19 2005 : L2TP received SCCRQ
Tue Apr 19 13:16:19 2005 : L2TP sent SCCRP
2005-04-19 13:16:27 CDT Incoming call… Address given to client = 10.0.0.203
Tue Apr 19 13:16:27 2005 : Directory Services Authentication plugin initialized
Tue Apr 19 13:16:27 2005 : Directory Services Authorization plugin initialized
Tue Apr 19 13:16:27 2005 : L2TP incoming call in progress
Tue Apr 19 13:16:27 2005 : L2TP received SCCRQ
Tue Apr 19 13:16:27 2005 : L2TP sent SCCRP
2005-04-19 13:16:37 CDT Incoming call… Address given to client = 10.0.0.204
Tue Apr 19 13:16:37 2005 : Directory Services Authentication plugin initialized
Tue Apr 19 13:16:37 2005 : Directory Services Authorization plugin initialized
Tue Apr 19 13:16:37 2005 : L2TP incoming call in progress
Tue Apr 19 13:16:37 2005 : L2TP received SCCRQ
Tue Apr 19 13:16:37 2005 : L2TP sent SCCRP
Tue Apr 19 13:17:12 2005 : L2TP received AVP with bad length… AVP type = 0
2005-04-19 13:17:12 CDT –> Client with address = 10.0.0.219 has hungup
Tue Apr 19 13:17:13 2005 : L2TP received AVP with bad length… AVP type = 0
2005-04-19 13:17:13 CDT –> Client with address = 10.0.0.220 has hungup
Tue Apr 19 13:17:15 2005 : L2TP received AVP with bad length… AVP type = 0
2005-04-19 13:17:15 CDT –> Client with address = 10.0.0.201 has hungup
Tue Apr 19 13:17:19 2005 : L2TP received AVP with bad length… AVP type = 0
2005-04-19 13:17:19 CDT –> Client with address = 10.0.0.202 has hungup
Tue Apr 19 13:17:27 2005 : L2TP received AVP with bad length… AVP type = 0
2005-04-19 13:17:27 CDT –> Client with address = 10.0.0.203 has hungup
Tue Apr 19 13:17:37 2005 : L2TP received AVP with bad length… AVP type = 0
2005-04-19 13:17:37 CDT –> Client with address = 10.0.0.204 has hungup[/QUOTE]
Why does the Windows XP client ask for 6 IP addresses? Am I missing something obvious? I disabled the “Enable LCP extensions” checkbox on the WinXP client, but that didn’t seem to affect anything.

I am brand new at all of this networking IT stuff, so I am learning ALL of this as I go. My background is graphic design, but I do a lot of computer troubleshooting.

[MDLarson]

For good measure, here are screenshots of the VPN settings…

Mac OS X Server (10.3.8)
VPN / Overview
VPN / Connections (proof!)
VPN / Settings / General
VPN / Settings / Logging
VPN / Settings / Client Information

Windows XP Client (Professional)
Properties / General
Properties / Options
Properties / Security
Properties / Networking
Properties / Advanced
The error message

[MDLarson]

[QUOTE BY= MacTroll] Aiiiieeee!

You have the same subnet on either side of the network. Can’t do that with these types of VPNs. Change one side or the other to a different naming scheme 10.0.1.x for example.[/QUOTE]Ha! that’s what I was looking for. The basic piece of information that I just couldn’t figure out. It’s been tough just figuring out the basics… thanks! I’ll switch it up today and see if that solves my issues.

[MDLarson]

OK, I changed my Secondary Location’s subnet from 10.0.0.XXX to 10.0.1.XXX, and also updated my diagram to reflect the change.

I can now ping LAN IP addresses (10.0.0.XXX) in the Main Location, when before I could not. Great!

However, I still cannot mount a share on the File Server (10.0.0.102) or hit the FileMaker Server (10.0.0.104) via remote FM client or establish a VNC connection on my computer (10.0.0.70). Functionally, I can still establish the VPN, but I can’t do anything with it.

The Windows XP (Home) client still cannot connect. I get the exact same behavior (same error message, same log entries on the VPN server).

By the way, the “mood” thing is cool, and I really like the ability to do true HTML in my messages.

[MDLarson]

I turned on the AFP service, and tested it out from My Desk, in the Main Location. Using the Connect to Server… command in the Finder and typing “10.0.0.1” times out, but typing “Xserve.local” establishes a connection where I can logon and view the Groups, Public and Users volumes. (And yes, I know it was incredibly creative of me to name the Xserve “Xserve”)

From the VPN connection, I can login to the VPN service, but doing the same procedure as above (Connect to Server) results in time outs for both methods. In addition, the time outs seem to be rather premature and do not last the full 120 second tickdown.

I really appreciate your help MacTroll.

[MDLarson]

Argghh… I’m still not up and running. I checked the Mac OS X client Network settings, which can be seen here:
Mac OS X Client / System Preferences / VPN (L2TP)
Where’s the subnet mask???

[MDLarson]

Firewall, firewall, firewall!

I told you I was brand new to all of this! The very port that this site is named after, the Apple File Service, was turned off in the Mac OS X Server firewall. I also turned on the LDAP Service in the firewall.

After turning this port on, I can connect from my remote iMac G5 via L2TP and mount a local share, whereas before I could not. Furthermore, I turned on the “PPTP VPN” port and I can now connect from the same iMac via PPTP whereas before I could not.

After worrying about having to configure etc/host files, once again I am pleasantly surprised by an easily overlooked firewall option.

Now I will need to get my Windows XP Home PC running…

[MDLarson]

OK, so as far as this thread is concerned, it’s done. I couldn’t make the L2TP / IPSec connection work on the PC. I switched to PPTP for the PC and it’s working half-way. Connecting to the VPN breaks the internet, mail and AIM connections, so there is obviously something wrong there.

I’ll probably start a new thread on that issue if I can’t figure it out… hopefully I can get more help with that…

[williamparker786]

I found this is interesting that people using vpn services in establishing ps3 vpn connection to play games on host server with other player, this is totally a new experience for me. I play ps2 games but now I want to upgrade so going to buy ps3.

[Author]

Posts