I have a business plan and static IP address with Optus. I am trying to set up a VPN to my office via a Synology VPN server.
When I try connect to the IP address I get the error: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
The first thing I tried to do was ping the ststic IP address from the internet, which failed. I called Optus support but they said this is too technical for them, and weren't even able to escalate it.
So the question is should I be able to ping my IP address? If so, then it is surely an Optus issue? If they have disabled ICMP, then what are the next troubleshooting steps to identify the issue? I have openeed the relevant ports etc and have duplicated all router, synology and Windows VPN settings form another setup that works at a different office on an iiNet connection.
On what service type is this "business service"? NBN? Mobile Broadband? DSL?
If you go to www.whatismyipaddress.com on the end you wish to use, and see if the IP you're trying to ping is correct?
Have you correctly forwarded the ports to your Synology device? What Synology device?
Reading your post it suggests you are going...
Internet --> Modem --> Router --> Synology?
Yes I've verified that the IP address I'm trying to ping is correct.
Verified the ports are forwarded correctly in the router (UPD 500, 4500, 1701). Internal and external set to port numbers, and destination set to Synology IP.
Router is Linksys EA9500
Service is Business NBN
Internet -> Modem -> Router -> Synology is correct.
Can you do this for me, it'll answer a question that I have nagging in my head that may tell me what we need to do next?
tracert www.google.com (from a computer on the same network as the Synology device).
Because I'm wondering if you have what is called "Double NAT" which we'll see with the trace route, especially given you said you have a modem in front of your EA9500 router.
Tracing route to www.google.com [188.8.131.52]
over a maximum of 30 hops:
1 874 ms 4 ms 2 ms Linksys10173 [192.168.8.1]
2 5 ms 5 ms 5 ms 184.108.40.206
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 56 ms 56 ms 80 ms hu0-4-0-0.22btpr01.optus.net.au [220.127.116.11]
9 56 ms 56 ms 56 ms 18.104.22.168
10 57 ms 57 ms 56 ms 22.214.171.124
11 58 ms 57 ms 57 ms 126.96.36.199
12 55 ms 54 ms 54 ms syd15s01-in-f68.1e100.net [188.8.131.52]
A great, there is no double NAT, that's a positive start!
Are you sure you are on a static IP? as far as I know Optus doesn't do Static IP's on Res services, though I think in your OP you mentioned Business. Did you check www.whatismyip.com to see if it's the static IP you're expecting?
Yeah I called up a few weeks ago and said I wanted a static IP. They said no worries you can get one so you'll get it for free. They said just to restart the router and the new address will be the static one. It hasn't changed since then so I have to assume it is static.
Are you business or residental?
Because I suspect it might be port blocking upstream given that the "VPN Service" uses PPTP (Which is horribly insecure) unless your using oVPN on your NAS?
I'm using L2TP on the NAS (although I have tried to use PPTP as a test but same result).
I'm certain it is a business service. The invoice doesn't specifically say it is, but it is made out to the company, and when I phoned they did say because you're on a business plan we can give you a fixed ip. It looks like the plan is Optus Ultra. Dont know if that is a business or it can be both.
So I did some digging, the ultra plan isn’t business it’s more consumer. It’s possible the ports you are using are infact blocked.
Which package on your Synology are you using?
Edit: billing in a business name does not make it a business plan either. All they’ve done is add your business name on the bill.