Hi everyone
Does anyone know what that could be with subj. protocol that it does connect flawlessly from behind NAT (for example my home network or public in a restaurant with gray IP) but doesn’t with public white IP. It is the same device — phone with Android 5.1 and it works great when connected at home by Wi-Fi to home network but doesn’t via cellular, with the white IP address.
Would appreciate any hep, thank you.
Hi Ajax,
You have to check with your cell carrier if its blocking L2TP or IPSsec ports. You can make some port test with a free port tester available at Play Store. Compare connecting thru wifi and cell carrier using your vpn server as target host.
Ports to check normally.
For L2TP/IPSec:
Port 500 UDP
Port 4500 UDP
Port 1701 UDP
and
protocol 50 (ESP)
Regards.
Can you suggest any? I can’t find one with UDP port scanning support, they all do TCP scan only.
Will try to check ports, but whenever I try to connect via cellular, router’s log getting these records:
12:19:41 firewall,info input: in:wan1 out:(none), proto UDP, 37.73.203.xxx:30619->xxx.xxx.xxx.xxx:500, len 636
12:19:42 ipsec,error authtype mismatched: my:hmac-md5 peer:hmac-sha1
12:19:43 l2tp,info first L2TP UDP packet received from 37.73.203.xxx
12:20:01 l2tp,info first L2TP UDP packet received from 37.73.203.xxx
Last one appears several times and phone shows “Can’t connect” message.
this message
12:19:42 ipsec,error authtype mismatched: my:hmac-md5 peer:hmac-sha1
Is rather odd, how would your carrier change authtype?
Hi Ajax,
Try changing in your router Peer Tab, Hash Algorithm md5 to sha1.
Regards…
It is not a carrier but Android. I couldn’t find which type one has. Plus I need to connect using other OSes, like OS X, iOS and Windows.
But problem has been solved (thanks to this link): In your IPsec Peer configuration, change “Generate Policy” from “port strict” to “port override”
Now I’ve another trouble — despite connection is set and even local IP address is assigned, I can’t even ping anything in LAN.