As shown in Figure 1-1, the AR2240 used as the LNS fails to establish an L2TP tunnel with PC1 running Windows 8. As a result, the dialup on PC1 fails and the message "VPN Error 628" is displayed.
Figure 1-1 Networking where the AR2240 fails to establish an L2TP tunnel with the PC running Windows 8
Device and version: AR2240 V200R003C01SPC900
Configuration file of the AR2240
local-user vpn password cipher %$%$bE%\WX_E<>dY/T7UiW1KTG8x%$%$
local-user vpn service-type ppp
ppp authentication-mode chap
remote address pool l2tp
ppp ipcp dns 188.8.131.52 184.108.40.206
ip address 10.18.0.1 255.255.255.0
ip pool l2tp
network 10.18.0.0 mask 255.255.255.0
undo tunnel authentication
allow l2tp virtual-template 1
1. Check whether the link or interface of the AR2240 is normal.
Run the ping command and the display interface brief command to check the link and interface of the AR2240. The command output shows that the link and interface of the AR2240 are normal.
2. Check whether the AR2240 is correctly configured.
Check configurations of the AR2240. The IPSec and route configurations are correct.
3. Check whether PC1 is normal.
PC1 is normal.
4. Run the debugging ppp all command and the debugging l2tp control command to view debugging information.
Through analysis, the user name entered on the PC is inconsistent with that configured on the AR2240.
After verification of Windows 8, the backslash (\) needs to be prefixed to the input user name. The backslash (\) was not added originally. In this situation, Windows 8 automatically prefixes the domain name to the user name. Therefore, the authentication fails, and the system displays an error message. Add the backslash (\) to solve the problem, for example: \vpn.
The user's PC runs Windows 8. Prefix the backslash (\) to the input user name, for example: \vpn. Otherwise, Windows 8 automatically prefixes the domain name to the user name, causing a login authentication failure.
Prefix the backslash (\) to the input user name on PC1, for example: \vpn. Then the dialup on PC1 succeeds.
When the PC running Windows 8 establishes an L2TP tunnel with the AR, the backslash (\) needs to be prefixed to the input user name. Otherwise, Windows 8 automatically prefixes the domain name to the user name, causing a login authentication failure.