Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 18 replies
  • Subscribers 5 subscribers
  • Views 4030 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 L2TP/Ipsec vpn connection problem with Windows 10 built-in client

Avraam Koll

Hi,

I'm new here and have the following problem.

I have checked it with Pre-shared key and also with certificate. The same results.

Does anyone has Info?

Thanks in Advance!



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Could you please confirm if all the users are not able to connect with L2TP or any specific user/device has this issue? 

    Did you configure local authentication or you do have an internal authentication server? 

    Could you please replicate the issue and provide the following logs and packet capture?

    Follow the instructions on the following KBA on how to get access the UTM shell via SSH. 

    Thanks,

  • 0

    Hallo Avraam and welcome to the UTM Community!

    Pictures are very helpful here when it's of the Edit of a configuration item.  In the case of logs, it's better to copy and paste here from the log.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical or just in the same subnet.  In this case, there's not enough information to help you until we see the results of what Harsh has asked for.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to FormerMember

    Thanks for the answer.

    I am using only local authentication. Actually, I want to configure Windows Always-on VPN. But, first It is necessary to check if the connection ok with Windows 10 built-in VPN connection.

    ____________________________________________________________________________________________

    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [01528bbbc00696121**000001]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [RFC 3947]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [FRAGMENTATION]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [Vid-Initial-Contact]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [IKE CGA version 1]
    2021:02:08-11:49:22 utm pluto[24202]: packet from 185.*.*.*:17553: initial Main Mode message received on 212.*.*.*:500 but no connection has been authorized with policy=PSK

  • 0 in reply to BAlfson

    Thanks for the answer.

    I am using only local authentication. Actually, I want to configure Windows Always-on VPN. But, first It is necessary to check if the connection ok with Windows 10 built-in VPN connection.

    ____________________________________________________________________________________________

    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [01528bbbc00696121**000001]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [RFC 3947]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [FRAGMENTATION]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [Vid-Initial-Contact]
    2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [IKE CGA version 1]
    2021:02:08-11:49:22 utm pluto[24202]: packet from 185.*.*.*:17553: initial Main Mode message received on 212.*.*.*:500 but no connection has been authorized with policy=PSK

  • 0 in reply to BAlfson

    Hi again,

    There are 2 different public IP Addresses.

  • 0 in reply to Avraam Koll

    "no connection has been authorized with policy=PSK"

    Please show a picture of the 'Main Settings' in the UTM for 'L2TP over IPsec' remote access.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Thanks for your support.

    I have configured the local authentication and the pre-shared key.

    #L2TP

    #Firewall_Config

    #SNAT

  • 0 in reply to BAlfson

    I have attached the Screenshots. I have checked with the Certificate and also with Preshared Key. The same result.

  • 0 in reply to Avraam Koll

    Try to change from uplink interface to your first Public Wan Interface !

  • 0 in reply to mfpck

    Also, try with a very simple PSK like 1234 to see if you get the same message.

    To correct a problem with Mac OS, one user changed the L2TP over IPsec IPsec Policy.

    Cheers - Bob

    PS There's no need for the SNAT

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML