This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP PSK issue

Hello Community,

I have a strange issue with the L2TP PSK on one Firewall. I set the PSK in the L2TP configuration on XG. The users can connect and have access to the network. After a while the users are unable to connect. On their Client they get an error message that the connection is not possible. I did some investigations about that and saw that the PSK on the Firewall has changed. When I check preshared key in the L2TP settings I see a long encrypted key starting with "$sfos$....". After I set my PSK again the users can connect. Now the encrypted key is shorter. So something will change the PSK on the firewall.

What is the reason for this behavior?

The Firewall runs on v18-MR5 but I had the same issue with MR4.

Thanks,

Ben

This thread was automatically locked due to age.

Top Replies

FormerMember over 2 years ago in reply to Ben@Network +1 verified

Hi Ben@Network, The issue( NC-72172) with the encrypted PSK for L2TP and IPsec remote access is fixed in the new refresh release of the already released v18 MR5. Thanks,

Parents

0 FormerMember over 2 years ago

Hi Ben@Network,

Thanks for reaching out to the Community!

Could you confirm if SSMK(Secure Storage Master Key) is configured on your firewall?

The SSMK(Secure Storage Master Key) could encrypt the IPsec/L2TP preshared key.

Would it be possible for you to provide the strongswan and L2TP logs? Did you open a support case for this issue? If not, please open a support case and send me the case number via personal message.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 FormerMember over 2 years ago

Hi Ben@Network,

Thanks for reaching out to the Community!

Could you confirm if SSMK(Secure Storage Master Key) is configured on your firewall?

The SSMK(Secure Storage Master Key) could encrypt the IPsec/L2TP preshared key.

Would it be possible for you to provide the strongswan and L2TP logs? Did you open a support case for this issue? If not, please open a support case and send me the case number via personal message.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 FormerMember over 2 years ago in reply to FormerMember

Hi Ben@Network,

The support team is currently investigating this issue with the internal ID NC-72172. Please open a support case and send me the case number via personal message.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 Ben@Network over 2 years ago in reply to FormerMember

Hello,

I can‘t open a support case yet. The firewall (SG550) is my test box. When everything is ok, I migrate the SG license to XG. At the moment the XG Firewall runs with the base license.

Ben

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
+1 FormerMember over 2 years ago in reply to Ben@Network

Hi Ben@Network,

The issue(NC-72172) with the encrypted PSK for L2TP and IPsec remote access is fixed in the new refresh release of the already released v18 MR5.

Thanks,
Cancel
Vote Up +1 Vote Down

Cancel
0 FormerMember over 2 years ago in reply to FormerMember
Hi Ben@Network,

The new refresh release for MR5 is available now, check out the following link for more info:

Sophos (XG) Firewall v18 MR5 (Build 586) is Now Available

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 Ben@Network over 2 years ago in reply to FormerMember

Problem is solved with the new release of MR-5.

Thanks

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel