L2TP VPN Troubleshooting FAQ

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 3

L2TP VPN Troubleshooting FAQ

1. I am not able to connect L2TP.

 Crosscheck the Cyberoam GUI configuration properly:

- Try changing the DNS server IP to Global DNS like 4.2.2.2 under VPN -> PPTP ->
Configuration.
- Make sure that the concerned user has been added into the List of the authorized
VPN users.

- Please, make sure that you have 3DES & SHA1 selected in addition to 3DES & MD5
as Encryption & Authentication Algorithms respectively.
- Also select DH Group 14 in addition to DH Group 2.
The above two points are particularly important if you are using Win7/Vista OS to
dial VPN.
 Make sure that you have specified the right Policy & preshared key on the VPN
connection. Also, verify the below highlighted settings.

 Configure the Cyberoam CLI options for the VPN properly:

 Check with OS settings & Dialer Configuration:

- As per the present architecture of Cyberoam, we support only PAP authentication


for indirect authentication (i.e. authentication via ADS, LDAP, etc).
- So, incase you intent to use CHAP/CHAPv2 as authentication mechanism for
PPTP VPN, you may create local Cyberoam resident users for VPN access.

2. I am able to Connect with PPTP VPN but unable to access local resources.

 Check system NIC settings:

- Your system NIC config should not have any IP or network mentioned that you
intend to access over VPN.

For example, you intend to access a server IP 192.168.1.5 over VPN, however,
your own LAN is having IP addressing as 192.168.1.0/24. So, the traffic towards
the server will never get into the VPN tunnel.

 Keep the Lease IP range in the right network.


-Keep the Lease Range in PPTP VPN configuration same as the network you want
to access over the VPN.

 For example, if we have defined the lease range as 10.20.30.1 -10.20.30.5, but the
actual network we need to access is 192.168.2.0/24, communication might have
issues. If at all such a requirement to keep the IP schema like above, please apply
NAT policy on VPN-LAN rules.

You might also like