Okay, if the VPS is running some kind of Windows, did you restart it after changing the AssumeUDPEncapsulationContextOnSendRule settings?
Here are a few more ideas:
- Even if the ISAKMP session is established, a firewall or NAT might be blocking the ESP packets between the client and server. Double-check that the required ports (500, 4500, and 1701 for L2TP) are open at both ends.
- The log says "NAT not detected," but the issue could still be related to NAT traversal (NAT-T) if there's some unknown intermediate NAT device between the client and server. NAT-T uses port 4500 to get ESP packets through NAT devices.
- Make sure the IPsec settings (encryption, hash, DH group, lifetime, etc.) match on both ends. The logs show some differences in the negotiation, like 3DES-CBC vs AES-CBC.
Here are a few more ideas:
- Even if the ISAKMP session is established, a firewall or NAT might be blocking the ESP packets between the client and server. Double-check that the required ports (500, 4500, and 1701 for L2TP) are open at both ends.
- The log says "NAT not detected," but the issue could still be related to NAT traversal (NAT-T) if there's some unknown intermediate NAT device between the client and server. NAT-T uses port 4500 to get ESP packets through NAT devices.
- Make sure the IPsec settings (encryption, hash, DH group, lifetime, etc.) match on both ends. The logs show some differences in the negotiation, like 3DES-CBC vs AES-CBC.
Statistics: Posted by Larsa — Tue Jan 28, 2025 7:45 pm