[Solved] Can't connect to a L2TP/IPSec Server behind LEDE

I'm trying to set up a connection to a NordVPN server via L2TP/IPSec from my MBP but I can't stablish connection. Is there any fw rule related to this that I need to know ?

ppp.log from MBP looks like:

Wed Jan 31 07:14:18 2018 : publish_entry SCDSet() failed: Success!
Wed Jan 31 07:14:18 2018 : publish_entry SCDSet() failed: Success!
Wed Jan 31 07:14:18 2018 : l2tp_get_router_address
Wed Jan 31 07:14:18 2018 : l2tp_get_router_address xxx.xxx.xx.xx from dict 1
Wed Jan 31 07:14:18 2018 : L2TP connecting to server 'xxx.nordvpn.com' (xxx.xxx.xx.xx)...
Wed Jan 31 07:14:19 2018 : IPSec connection started
Wed Jan 31 07:14:19 2018 : IPSec phase 1 client started
Wed Jan 31 07:14:29 2018 : IPSec connection failed

JFTR:

I'm running LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685) on TP-Link TL-WR1043N/ND v2

Yes. You did ALLOW the correct ports/protocols, right?

  • UDP port 500
  • IP protocol number 50
  • UDP port 1701

See:

and

I have stock fw rules about them:

config rule
    option name 'Allow-IPSec-ESP'
    option src 'wan'
    option dest 'lan'
    option proto 'esp'
    option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option target 'ACCEPT'
        option dest_port '500'

I thought that this rules were enough to have a connection from client.

I'll try to open those ports and make some tests...

"Stock fw rules"???

Question:

  • Does the NordVPN run on the LEDE, or is it installed on a downstream server?

I'm trying to connect to a remote NordVPN server from my MacBook Pro.

Nothing needs to be configured on your end.

But I can't connect... I've tried on my work internet connection and everything went fine... Also tried my iPhone as internet access point and connection worked fine..

Can you confirm that your Nation or ISP doesn't block L2TP/IPSec?

You might download and run Wireshark to see what's happening...

https://www.wireshark.org/

1 Like

I will try to test the connection with the original ISP router to see if the vpn works. Once that test is done, if I still can not connect, I will contact my ISP

Edit: Can't connect with ISP's router...

I'm not very familiar with wireshark, just played around with it to sniff traffic of my ISP for getting PPPoE data to replace his router.

What I supposed to look at ?

You might start by reading the Wireshark User's Guide...

https://www.wireshark.org/docs/wsug_html_chunked/

You're looking for information related to the NordVPN server, as you explained above...

After some tests with others L2TP/IPSec VPN providers, it seems that was problem with NordVPN server.

I've connected sucessfully with another VPN L2TP/IPSec providers.

May you help to write an instruction for L2TP/IPSec in detail?