0% found this document useful (0 votes)
52 views3 pages

L2TP VPN Troubleshooting FAQ

Download as doc, pdf, or txt
Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1/ 3

L2TP VPN Troubleshooting FAQ

1. I am not able to connect L2TP.

 Crosscheck the Cyberoam GUI configuration properly:

- Try changing the DNS server IP to Global DNS like 4.2.2.2 under VPN -> PPTP ->
Configuration.
- Make sure that the concerned user has been added into the List of the authorized
VPN users.

- Please, make sure that you have 3DES & SHA1 selected in addition to 3DES & MD5
as Encryption & Authentication Algorithms respectively.
- Also select DH Group 14 in addition to DH Group 2.
The above two points are particularly important if you are using Win7/Vista OS to
dial VPN.
 Make sure that you have specified the right Policy & preshared key on the VPN
connection. Also, verify the below highlighted settings.

 Configure the Cyberoam CLI options for the VPN properly:

 Check with OS settings & Dialer Configuration:

- As per the present architecture of Cyberoam, we support only PAP authentication


for indirect authentication (i.e. authentication via ADS, LDAP, etc).
- So, incase you intent to use CHAP/CHAPv2 as authentication mechanism for
PPTP VPN, you may create local Cyberoam resident users for VPN access.

2. I am able to Connect with PPTP VPN but unable to access local resources.

 Check system NIC settings:

- Your system NIC config should not have any IP or network mentioned that you
intend to access over VPN.

For example, you intend to access a server IP 192.168.1.5 over VPN, however,
your own LAN is having IP addressing as 192.168.1.0/24. So, the traffic towards
the server will never get into the VPN tunnel.

 Keep the Lease IP range in the right network.


-Keep the Lease Range in PPTP VPN configuration same as the network you want
to access over the VPN.

 For example, if we have defined the lease range as 10.20.30.1 -10.20.30.5, but the
actual network we need to access is 192.168.2.0/24, communication might have
issues. If at all such a requirement to keep the IP schema like above, please apply
NAT policy on VPN-LAN rules.

You might also like