L2TP/IPSec vpn and comodo 5.3

I got VPN working fine using PPTP, no problem with OpenVPN,
but when I try to config my vpn using L2TP/IPSec protocol,
there’s absolutly no way to make it work on xp pro 32-bit or windows 7 64-bit.
comodo is alerting me on alert with window system process lsass.exe using protocol RAW IP, then some others alerts on port 500, all IPs are matching my vpn server config, but after that, nothing happens anymore,
I see a system connexion on port 4500 TCP that should be used for the all traffic, but i see just little traffic when the connexion is created and nothing happens, all is blocked, I can’t talk with the server to create my vpn L2TP/IPSec :frowning:
on xp i got the error 792 and on win7 64-bit i got the error 789.
so my question is : is there some known or maybe unknown issue or issues with comodo 5.3 or 5.0 (i used both) and the L2TP/IPSec protocol to create a vpn ?
there’s no issue with PPTP, and OpenVpn is also working perfect, and is probably the best choice if you’re not good with computers.
but this L2TP/IPSec is driving me crazy, I added a registry key where the help config told me to, i put the right value, i opened the MMC, add/remove snap-in, double-click on certificates,select computer account, added certificat in the Personal folder, typed the password for the private key, etc, then i created the vpn connection and select L2TP/IPSec in networking, i read all the help config 1000 times and retry 1000 times,but it doesnt work,
so 1 : i’m totally stupid or 2 : something is missing in the help config, or comodo is blocking me or i don’t know, i’m on this thing for 3 days now and i’m fed up.
anyone knows something on this L2TP/IPSec vpn that should help me ?

Hi ailef,

I’m using Cisco IPSec VPN and have no issues.
Are you using NAT-T or do you have a direct (No NAT in between) connection?

Did you test with FW set to disabled to see if that solves the issue?
And which settings do you have enabled on the FW Advanced settings?

I found out why I had only time out response from the server using L2TP/IPSec,
I had to disable the option “Block Fragmented IP Packets” on the router and into comodo 5.3
I tried a lot of times and i’m sure that it comes from the “Block Fragmented IP Packets” option.
each time i enable it on the router or comodo FW, I got no response from the server.

If you use PPTP or OpenVPN, there’s no problem, you can stay with “Block Fragmented IP Packets” enabled.
it only concerns L2TP/IPSec, it must use fragmented packets with lsass.exe process on port 4500.
I got UDP out connection from local ip port 4500 to server IP port 4500, or the inverse for UDP in.

Ronny, do you have to disable “Block Fragmented IP Packets” like me with L2TP/IPSec ?

It depends on the transport used, I have Ethernet or ADSL where I use it with MTU 1500 so there is no fragmentation along the line. I have requested several times to add logging to the advanced features so we don’t lose hours of troubleshooting over them :-\