L2tp stop working After iOS Update from 13.7 to 14.xx

Resolved by changing the L2TP-IPsec policy to the following:

IKE Encryption Algorithm - AES 256

IKE Authentication Algorithm - SHA2 256

IPsec Encryption Algorithm - AES 256

IPsec Authentication Algorithm - SHA2 256

Resolved by changing the L2TP-IPsec policy to the following:

IKE Encryption Algorithm - AES 256

IKE Authentication Algorithm - SHA2 256

IPsec Encryption Algorithm - AES 256

IPsec Authentication Algorithm - SHA2 256

 Hi Sophos User3316,

Thank you for sharing your findings with the Community! 

Thanks,

I've got the same problem and could fix it with the policy changes you mentioned above.

Unfortunately, when I try to connect, I can only get a successful authentication when I use the first user in the "L2TP over IPSec" list (which is sorted alphabetically). So, when I try to connect using e.g. 'UserB', the authentication fails, because it is trying to authenticate 'UserA', which is the first one in the list. This can also be traced in the IPSec log files.

Additionaly, when I click on the 'i'-symbol at the 'L2TP-over-IPSec' policy, I can see that there is a distinct use for that policy for the first user in the list. No matter what I tried, I couldn't change that behavior.

Is there a solution for that problem?

Regards

are you trying get both devices to connect ‘from’ the same router/IP to two different L2TP user accounts on the UTM?

This also fixes UTM9 L2TP over IPSEC for users who install Mac OS 10.16 Big Sur. Thanks!

No, it always tries to authenticate with the alphabetically first user in the list, no matter what internet connection is used or what username is typed in.

I too am having this issues. When I try to connect from my phone, the LiveLog always shows that it’s connecting as the first user is the list. I’m not sure how to tell if this is a bug with the iOS not sending the username or if the UTM isn’t reading the username submitted.  Perhaps it’s time for some packet sniffing.