L2TP over IPSec Windows 10 Client

Question

Hello,

I have a problem on setting up L2TP over IPSec and get it running on Windows 10.

I have followed the steps 1:1 as described here:

https://community.sophos.com/kb/en-us/125446

https://community.sophos.com/kb/en-us/132253

https://community.sophos.com/kb/en-us/133447

But I always get the error on Windows:

Can't connect to Network
The remote connection was denied because
the user name and password combination
you provided is not recognized, or the
selected authentication protocol is not
permitted on the remote access server.

the password is definitely right, I was using domain users, with or without domain but i also added a local user for testing.
none of them are working.

In windows log i get the following error:

The user DESKTOP\username dialed a connection named Network which has failed. The error code returned on failure is 691.

I'm thinking that the IPsec tunnel works, because if I setup a wrong PSK here I won't even get that far.

here's the log of the XG IPSec:

2020-03-19 14:38:19 23[KNL] interface ppp0 deleted
2020-03-19 14:38:19 21[NET] <L2TP-1|37> received packet: from X.X.X.X[4500] to 10.200.141.4[4500] (76 bytes)
2020-03-19 14:38:19 21[ENC] <L2TP-1|37> parsed INFORMATIONAL_V1 request 329599431 [ HASH D ]
2020-03-19 14:38:19 21[IKE] <L2TP-1|37> received DELETE for ESP CHILD_SA with SPI ab2dd0b2
2020-03-19 14:38:19 21[IKE] <L2TP-1|37> closing CHILD_SA L2TP-1{42} with SPIs ce710b27_i (794 bytes) ab2dd0b2_o (717 bytes) and TS 10.200.141.4/32[udp/1701] === 87.168.16.177/32[udp/1701]
2020-03-19 14:38:19 21[APP] <L2TP-1|37> [SSO] (sso_invoke_once) SSO is disabled.
2020-03-19 14:38:19 21[APP] <L2TP-1|37> [COP-UPDOWN] (ref_counting) ref_count: 1 to 0 -- down -- (10.200.141.4/32#X.X.X.X/32)
2020-03-19 14:38:19 21[APP] <L2TP-1|37> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 1 to 0 -- down -- (10.200.141.4#X.X.X.X)
2020-03-19 14:38:19 21[APP] <L2TP-1|37> [COP-UPDOWN] (cop_updown_invoke_once) UID: 37 Net: Local 10.200.141.4 Remote X.X.X.X Connection: L2TP Fullname: L2TP-1
2020-03-19 14:38:19 21[APP] <L2TP-1|37> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-host
2020-03-19 14:38:19 21[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'L2TP' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2020-03-19 14:38:19 21[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec remote updown -- down --
2020-03-19 14:38:19 17[NET] <L2TP-1|37> received packet: from X.X.X.X[4500] to 10.200.141.4[4500] (92 bytes)
2020-03-19 14:38:19 17[ENC] <L2TP-1|37> parsed INFORMATIONAL_V1 request 3370116602 [ HASH D ]
2020-03-19 14:38:19 17[IKE] <L2TP-1|37> received DELETE for IKE_SA L2TP-1[37]
2020-03-19 14:38:19 17[IKE] <L2TP-1|37> deleting IKE_SA L2TP-1[37] between 10.200.141.4[10.200.141.4]...X.X.X.X[192.168.1.110]
2020-03-19 14:38:19 21[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_gateway_chains -t json -s nosync -b '{"local_server":"10.200.141.4","remote_server":"X.X.X.X","action":"disable","family":"0","conntype":"hth","compress":"0"}'': success 0
2020-03-19 14:38:19 21[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown -- down --
2020-03-19 14:38:19 21[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2020-03-19 14:38:19 21[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 10.200.141.4 is IP: 10.200.141.4
2020-03-19 14:38:19 21[APP]
2020-03-19 14:38:19 21[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del X.X.X.X/32 dev ipsec0 src 10.200.141.4 table 220': success 0
2020-03-19 14:38:19 21[APP] [COP-UPDOWN] (add_routes) no routes to del for L2TP on interface ipsec0
2020-03-19 14:38:19 21[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2020-03-19 14:38:19 21[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2020-03-19 14:38:19 21[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"10.200.141.4","peer":"X.X.X.X","mynet":"10.200.141.4/32","peernet":"X.X.X.X/32","connop":"0","iface":"unknown","myproto":"17","myport":"1701","peerproto":"17","peerport":"1701","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': error returned 255

and the L2TP log:

xl2tpd[4473]: Connection established to X.X.X.X, 1701. Local: 34046, Remote: 28 (ref=0/0). LNS session is 'default'
xl2tpd[4473]: check_control: Received out of order control packet on tunnel 28 (got 3, expected 2)
xl2tpd[4473]: handle_packet: bad control packet!
xl2tpd[4473]: result_code_avp: result code not appropriate for Incoming-Call-Request. Ignoring.
xl2tpd[4473]: start_pppd: I'm running:
xl2tpd[4473]: "/bin/pppd"
xl2tpd[4473]: "/dev/pts/2"
xl2tpd[4473]: "ipparam"
xl2tpd[4473]: "l2tp#X.X.X.X"
xl2tpd[4473]: "passive"
xl2tpd[4473]: "nodetach"
xl2tpd[4473]: "10.200.141.4:0.0.0.0"
xl2tpd[4473]: "auth"
xl2tpd[4473]: "name"
xl2tpd[4473]: "cyberoamserver"
xl2tpd[4473]: "debug"
xl2tpd[4473]: "file"
xl2tpd[4473]: "/cfs/options.l2tpd"
xl2tpd[4473]: Call established with X.X.X.X, PID: 26211, Local: 49302, Remote: 1, Serial: 0
xl2tpd[4473]: child_handler : pppd exited for call 1 with code 11
xl2tpd[4473]: call_close: Call 49302 to X.X.X.X disconnected
xl2tpd[4473]: control_finish: Connection closed to X.X.X.X, serial 0 ()
xl2tpd[4473]: Terminating pppd: sending TERM signal to pid 26211
xl2tpd[4473]: control_finish: Connection closed to X.X.X.X, port 1701 (), Local: 34046, Remote: 28

I already spend a several weeks on this, but don't get it running. I'm slowly beginning to give this *** up...
It was so easy on the UTM whats the matter here?

thanks.

This thread was automatically locked due to age.