I have a GL-X3000 / Spitx AX I’ve purchased and I’m using to connect to Tmobile home internet. Everything is working great, except when try to connect to my office VPN. I’m not able to establish a connection from my Windows 10 PC (connected to the Spitx AX) to my office VPN, which uses a Cisco Meraki L2TP/IPsec VPN. I get the following error on my Windows 10 PC (VPN client) when trying to connect to my office VPN: “Cannot connect to VPN, The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.”
I have no issues connecting to NordVPN servers (which uses IKEv2/IPsec and OpenVPN protocols) using the same Windows PC with the Spitx AX. I’ve done a lot of experiments and the issue seems to be following the Spitx AX.
I’m able to connect to my office VPN with the same Windows 10 PC using the Sagemco Fast 5688W Gateway (connected to Tmobile home internet) and the Netgear CM700 cable modem (connected to Spectrum home internet).
Is there a setting in the Spitz AX that needs to be changed so my Windows 10 PC can communicate with my office VPN (via L2TP/IPsec)? There seems to be some issue with the Spitz AX blocking L2TP/IPsec protocol packets.
Try this method, install nat helper extra in the router.
opkg install kmod-nf-nathelper-extra
If the above does not solve your issue, on your windows, set the mtu value lower.
#first find out the network interface to Spitz AX
netsh interface ipv4 show subinterfaces
#Then set up mtu to 1280. Pls do replace the interface name in <>
netsh interface ipv4 set subinterface <subinterface name> mtu=1280 store=persistent
With IPv6 enabled (NAT6 mode), I get the following error when trying to connect to the VPN:
“Cannot connect to VPN, The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.”
With IPv6 disabled, I get the following error when trying to connect to the VPN:
“The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections.”
Any other suggestions to try and debug the problem?
Thanks for all your continued support and suggestions, but unfortunately, no luck getting it to work yet.
Assigned the Window PC IP to the DMZ zone => same error, L2TP connection failed
Connected the Windows PC directly to the LAN port with an ethernet cable => same error, L2TP connection failed
I tried the suggestions here: VPN Passthrough
but get the same error, L2TP connection failed
Set forwarding for port 1723 in Firewall → Port Forwards
Installed the packages
opkg install kmod-nf-nathelper-extra
Added a line to the file /etc/sysctl.d/local.conf
net.netfilter.nf_conntrack_helper = 1
and rebooted router
The above link mentions setting the firewall > NAT > portforward, but I don’t see that option in Gi-iNet, probably because the instructions are for the OPNsense 20.1 router, not the Spitz AX.
As an additional experiment I tried running an OpenVPN client on the Spitz AX using my NordVPN account to see if that could workaround the issue, but that doesn’t work and there is a separate issue. The client is stuck trying to start…
Thanks guys for the additional suggestions! I did get the NordVPN client to run on the Spitz AX after updating the credentials. It’s interesting that a different set of credentials are required for the NordVPN service credentials. However, even after getting the NordVPN client running on the Spitz AX between the WAN and LAN, I’m still not able to connect to my office VPN.