mx64 client vpn issues

billcl
Comes here often

mx64 client vpn issues

Trying to setup a client VPN, end user devices are giving an error code 789 no matter what internet device I use.

16 Replies 16
DHAnderson
Head in the Cloud

To setup the client VPN on Windows 10:

 

  1. Click the Start button
  2. Click on Settings
  3. Click on Network and Internet
  4. Click on VPN
  5. Click on the Add VPN Connection
  6. Fill out the parameters on the Add VPN page
  7. Once the VPN is created, open the Control Panel and go to Network and Sharing center. 
  8. Click on Change Adapter settings
  9. Right click on the adapter with the same name you gave your VPN in step 6, and select Properties
  10. Click on the Security Tab
  11. Data Encryption should be set to Require Encryption
  12. Select Allow these protocols
  13. Check all three protocols, but leave Automatically us my login name unchecked.
  14. Click the OK button
  15. Try to connect to the VPN

 

Dave Anderson
ww
Kind of a big deal
Kind of a big deal

PhilipDAth
Kind of a big deal
Kind of a big deal

Configuring the client VPN via the Windows 10 GUI is fraught with danger.  Instead following this guide to create a short powershell script to configure it.  Then you'll be able to get it to work everytime.

 

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

Uberseehandel
Kind of a big deal

a great many gnomes appear to be Apple fans

cisco-meraki-office-expansion-san-francisco-10-700x467[1].jpg

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
billcl
Comes here often

Thanks for your reply. To cover these steps I changed the shared key on the mx64 and implemented the change on both vpn clients.. no change.

 

Services are running.

 

To eliminate the firewall as being the culprit, I turned off the firewall on the ubee cable modem that the mx64 is connected to and on the two windows 10 clients I disabled the firewall. I am still getting the error.

 

I also created a new user on the mx64  and authorized it then tried it on the clients. No change.

SoCalRacer
Kind of a big deal

Also to double check you are not behind the MX trying to VPN?

 

Did Client VPN ever work?

 

Are you using the public IP in the VPN connection settings?

billcl
Comes here often

I am still getting the error in my event log.

 

I am at a different site (home) using a mifi hotspot currently.

 

I configured the clients to use the public ip found under appliance status.

billcl
Comes here often

Thanks for your reply. I created a vpn connection on two different machines using your configuration settings and the error still occurs.

SoCalRacer
Kind of a big deal

What authentication method are you using?

 

Is there something upstream from the MX? ISP modem?

billcl
Comes here often

I am using Meraki cloud for authentication. On the ISP modem the MX64 is connected to I created rule to allow udp ports 500 and 4500 to pass through and I also disabled the firewall on the ISP modem.

SoCalRacer
Kind of a big deal

Are you using Meraki auth or AD/RADIUS

 

On Windows 10 try using powershell scripts to crate the connection.

 

https://github.com/gammacapricorni/happy-meraki-client-vpn

 

 

Try a simple passphrase.

EricC
Conversationalist

To add to the SoCalRacer's post, here's a template of a script I used to create Windows 10 VPN connections. It worked great. First, open a text editor of your choice. Then copy and paste the text below into it:

 

Add-VpnConnection -Name CONNECTIONNAME -ServerAddress VPNHOSTNAMEHERE -AuthenticationMethod Pap -force -L2tpPsk YOURVPNKEYHERE -PassThru -TunnelType L2tp

 

Change the variables CONNECTIONNAME, VPNHOSTNAMEHERE and YOURVPNKEYHERE to what they should be. Example: CONNECTIONNAME: VPN  VPNHOSTNAME: my.vpn.com and VPNKE: vpnpassword, the script would look like this:

 

Add-VpnConnection -Name VPN -ServerAddress my.vpn.com -AuthenticationMethod Pap -force -L2tpPsk vpnpassword -PassThru -TunnelType L2tp

 

After you've changed the variables, save the file as a name, with the file extension PS1 at the end. For example, vpn.ps1. Then right click on it, and choose "Run with powershell". NOTE: A lot of text editors will default .txt at the end of the filename. So you may have to rename AFTER you've saved it.

 

billcl
Comes here often

Thanks I will try the script solution later today. 

billcl
Comes here often

unfortunately that didn't work either, I still get hte same error i nthe event log.

Nash
Kind of a big deal

I think we're back to "did this ever work?"

 

Also, is there a reason why you're using port forwarding on your ISP device vs. putting it into bridge mode? Or passthrough or whatever they call it: basically, getting the public IP on your firewall directly.

SoCalRacer
Kind of a big deal

Different VPN software on the client, like Sonicwall or something your previously used? Also AV or Endpoint security software could be causing the issue? virtual adapters could cause issues and should be removed.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels