This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOS -> L2TP

Hallo,

seit ich meine Vodafone Leitung auf 1GB Business mit fester IP  umgestellt habe, klappt das nicht mehr. Ich war da nun schon Wochen bei, finde aber keine Lösung. Vielleicht kann jemand helfen:

1) Feste IP auf einem externen Interface

2) Policy für L2TP IPSEC angepasst

3) LT2p Settings auf der UTM sind ja eigentlich selbsterklärend. 

4) Das Log sieht wie folgt aus:

2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: received Vendor ID payload [RFC 3947]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2021:07:30-12:52:58 gateway pluto[16731]: packet from 109.42.113.215:49163: received Vendor ID payload [Dead Peer Detection]
2021:07:30-12:52:58 gateway pluto[16731]: "L_for @.de"[6] 109.42.113.215:49163 #376: responding to Main Mode from unknown peer 109.42.113.215:49163
2021:07:30-12:52:58 gateway pluto[16731]: "L_for@.de"[6] 109.42.113.215:49163 #376: NAT-Traversal: Result using RFC 3947: peer is NATed
2021:07:30-12:52:58 gateway pluto[16731]: | NAT-T: new mapping 109.42.113.215:49163/55370)
2021:07:30-12:52:58 gateway pluto[16731]: "L_for@.de"[6] 109.42.113.215:55370 #376: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2021:07:30-12:52:58 gateway pluto[16731]: "L_for@.de"[6] 109.42.113.215:55370 #376: Peer ID is ID_IPV4_ADDR: '100.69.193.7'
2021:07:30-12:52:58 gateway pluto[16731]: "L_for@.de"[7] 109.42.113.215:55370 #376: deleting connection "L_for .....  [6] instance with peer 109.42.113.215 {isakmp=#0/ipsec=#0}
2021:07:30-12:52:58 gateway pluto[16731]: "L_for@.de"[7] 109.42.113.215:55370 #376: sent MR3, ISAKMP SA established
2021:07:30-12:53:01 gateway pluto[16731]: "L_for@.de"[7] 109.42.113.215:55370 #376: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2021:07:30-12:53:04 gateway pluto[16731]: "L_for@.de"[7] 109.42.113.215:55370 #376: retransmitting in response to duplicate packet; already STATE_MAIN_R3
2021:07:30-12:53:07 gateway pluto[16731]: "L_for@.de"[7] 109.42.113.215:55370 #376: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3

Anmerkung: 

NAT Traversal (NAT-T) isrt natürlich aktiv. Ich verseteh es nicht. 



This thread was automatically locked due to age.
Parents
  • Ich denke, Sie müssen diesen vorinstallierten Schlüssel möglicherweise an beiden Enden erneut eingeben.

    (Tut mir leid, wenn ich nicht klar bin, Deutsch ist nicht meine Muttersprache)

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • Ich denke, Sie müssen diesen vorinstallierten Schlüssel möglicherweise an beiden Enden erneut eingeben.

    (Tut mir leid, wenn ich nicht klar bin, Deutsch ist nicht meine Muttersprache)

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
No Data