Summary
L2TP has been supported by Smoothwall since version 3.1 and above. This troubleshooting guide is an addition to the information in the Smoothwall help.
Solution
The IPSec Policy Agent is not started on the Windows client
If this is the case, the client might complain that the modem is not responding. Check the system services in the Computer Management console that the IPSEC Policy Agent is set to start automatically and that it is running. This service is sometimes disabled by other IPSEC Software, so make sure other IPSec software is uninstalled as well:
- The L2TP Connection supports NAT-Traversal, but some SOHO ADSL modem/routers use IPSec passthrough which can confuse things a bit and prevent a successful connection.
Invalid certificates
If the time settings on the Smoothwall l have not been set correctly, the validity of the certificates can be void. Make sure that time is set correctly on the Smoothwall side when creating certificates and on the client using the certificate.
After importing the certificates, they can be checked by opening a MMC (Microsoft Management Console), adding the certificate snap-in for the local computer account. Look in the Trusted Root CA folder and in the Personal Certificates folder for the imported CA and certificate.
Incorrect IP address
Ensure that the local IP you select is the subnet of the client IP rather than the external IP that should be listened on.