I have recently installed Sophos UTM 9.3 on some spare hardware I had lying around with the intent to replace my very basic Asus router that I use to connect my home devices to the outside world. I have a 15/10 VDSL connection with a local ISP. My setup is as follows:
SmartRG 505N DSL modem in bridged mode.
Asus RT-N16 establishing the PPPOE connection and acting as a DHCP server and gateway for my internal network.
Really nothing fancy!
To swap out the Asus router for the Sophos UTM, I modified the automatically created External (WAN) interface to use PPPOE and entered my credentials, then plugged in the DSL modem to the UTM. Unfortunately, it would not successfully connect to my ISP. Using a test account, I could establish a PPPOE connection with the access concentrator. Using a neighbour's login credentials with another ISP I could connect. But I could not connect to my ISP. Here is a log of one attempt (they all follow the same pattern):
2015:05:23-09:39:08 utm pppd-pppoe[9506]: Plugin rp-pppoe.so loaded.
2015:05:23-09:39:08 utm pppd-pppoe[9506]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.6
2015:05:23-09:39:08 utm pppd-pppoe[9506]: pppd 2.4.6 started by root, uid 0
2015:05:23-09:39:08 utm pppd-pppoe[9506]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
2015:05:23-09:39:08 utm pppd-pppoe[9506]: dst ff:ff:ff:ff:ff:ff src 0:19:5b:3e:14[:D]e
2015:05:23-09:39:08 utm pppd-pppoe[9506]: [service-name] [host-uniq 22 25 00 00]
2015:05:23-09:39:13 utm pppd-pppoe[9506]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
2015:05:23-09:39:13 utm pppd-pppoe[9506]: dst ff:ff:ff:ff:ff:ff src 0:19:5b:3e:14[:D]e
2015:05:23-09:39:13 utm pppd-pppoe[9506]: [service-name] [host-uniq 22 25 00 00]
2015:05:23-09:39:23 utm pppd-pppoe[9506]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
2015:05:23-09:39:23 utm pppd-pppoe[9506]: dst ff:ff:ff:ff:ff:ff src 0:19:5b:3e:14[:D]e
2015:05:23-09:39:23 utm pppd-pppoe[9506]: [service-name] [host-uniq 22 25 00 00]
2015:05:23-09:39:23 utm pppd-pppoe[9506]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 49
2015:05:23-09:39:23 utm pppd-pppoe[9506]: dst 0:19:5b:3e:14[:D]e src 0:90:1a:a1[:D]9:c9
2015:05:23-09:39:23 utm pppd-pppoe[9506]: [AC-name bas1-ottawa11] [host-uniq 22 25 00 00] [service-name] [AC-cookie 49 17 33 0d db 47 ca 54 75 a9 fa 65 c5 2a 0e 0f]
2015:05:23-09:39:23 utm pppd-pppoe[9506]: Send PPPOE Discovery V1T1 PADR session 0x0 length 32
2015:05:23-09:39:23 utm pppd-pppoe[9506]: dst 0:90:1a:a1[:D]9:c9 src 0:19:5b:3e:14[:D]e
2015:05:23-09:39:23 utm pppd-pppoe[9506]: [service-name] [host-uniq 22 25 00 00] [AC-cookie 49 17 33 0d db 47 ca 54 75 a9 fa 65 c5 2a 0e 0f]
2015:05:23-09:39:24 utm pppd-pppoe[9506]: Recv PPPOE Discovery V1T1 PADS session 0x11ce length 12
2015:05:23-09:39:24 utm pppd-pppoe[9506]: dst 0:19:5b:3e:14[:D]e src 01:23:45:67:89:ab
2015:05:23-09:39:24 utm pppd-pppoe[9506]: [service-name] [host-uniq 22 25 00 00]
2015:05:23-09:39:24 utm pppd-pppoe[9506]: PADS: Service-Name: ''
2015:05:23-09:39:24 utm pppd-pppoe[9506]: PPP session is 4558
2015:05:23-09:39:24 utm pppd-pppoe[9506]: Connected to 01:23:45:67:89:ab via interface eth1
2015:05:23-09:39:24 utm pppd-pppoe[9506]: using channel 2
2015:05:23-09:39:24 utm pppd-pppoe[9506]: Using interface ppp0
2015:05:23-09:39:24 utm pppd-pppoe[9506]: Connect: ppp0 eth1
2015:05:23-09:39:24 utm pppd-pppoe[9506]: sent [LCP ConfReq id=0x1 ]
2015:05:23-09:39:24 utm pppd-pppoe[9506]: rcvd [LCP ConfReq id=0x4a ]
2015:05:23-09:39:24 utm pppd-pppoe[9506]: sent [LCP ConfAck id=0x4a ]
2015:05:23-09:39:24 utm pppd-pppoe[9506]: rcvd [LCP ConfAck id=0x1 ]
2015:05:23-09:39:24 utm pppd-pppoe[9506]: sent [LCP EchoReq id=0x0 magic=0x4ea340c6]
2015:05:23-09:39:24 utm pppd-pppoe[9506]: sent [PAP AuthReq id=0x1 user="user@isp.com" password=]
2015:05:23-09:39:24 utm pppd-pppoe[9506]: rcvd [LCP EchoRep id=0x0 magic=0x4a023567]
2015:05:23-09:39:26 utm pppd-pppoe[9506]: rcvd [PAP AuthNak id=0x1 "permission denied"]
2015:05:23-09:39:26 utm pppd-pppoe[9506]: Remote message: permission denied
2015:05:23-09:39:26 utm pppd-pppoe[9506]: PAP authentication failed
2015:05:23-09:39:26 utm pppd-pppoe[9506]: sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
2015:05:23-09:39:26 utm pppd-pppoe[9506]: rcvd [LCP TermReq id=0x87]
2015:05:23-09:39:26 utm pppd-pppoe[9506]: sent [LCP TermAck id=0x87]
2015:05:23-09:39:26 utm pppd-pppoe[9506]: rcvd [LCP TermAck id=0x2]
2015:05:23-09:39:26 utm pppd-pppoe[9506]: Connection terminated.
2015:05:23-09:39:26 utm pppd-pppoe[9506]: Exit.
2015:05:23-09:39:26 utm pppoe-sh: DSL connection time shorter than 60 seconds (18 sec): Error? - wait 60 seconds
(Identifying data has been changed... I used my real account and not user@isp.com)
Clearly this looks like a password problem, but I quintuple-checked the password and had correctly entered it.
To cut to the chase, after much consternation, trials, and communication with my ISP to validate that there weren't any reasons on their end for my connection to be rejected I discovered the problem... While the password was correctly entered in the Sophos UTM interface, it was not being transmitted by the UTM as entered. Certain symbols in the password - notably double-quotes (") - were being dropped.
I was able to get around the problem by escaping the troublesome symbols by preceding them with the back-slash (\) and am now able to connect properly. That said, some warning in the documentation and/or the interface would have saved me a lot of time and frustration. Or, even better find a way to send the password as entered... my previous router had no trouble with it.
This thread was automatically locked due to age.