Hi,
I'm new here and have the following problem.
I have checked it with Pre-shared key and also with certificate. The same results.
Does anyone has Info?
Thanks in Advance!
This thread was automatically locked due to age.
Hi,
I'm new here and have the following problem.
I have checked it with Pre-shared key and also with certificate. The same results.
Does anyone has Info?
Thanks in Advance!
Hi Avraam Koll,
Thank you for reaching out to the Community!
Could you please confirm if all the users are not able to connect with L2TP or any specific user/device has this issue?
Did you configure local authentication or you do have an internal authentication server?
Could you please replicate the issue and provide the following logs and packet capture?
Follow the instructions on the following KBA on how to get access the UTM shell via SSH.
Thanks,
Hallo Avraam and welcome to the UTM Community!
Pictures are very helpful here when it's of the Edit of a configuration item. In the case of logs, it's better to copy and paste here from the log. If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51. That lets us see immediately which IPs are local and which are identical or just in the same subnet. In this case, there's not enough information to help you until we see the results of what Harsh has asked for.
Cheers - Bob
Thanks for the answer.
I am using only local authentication. Actually, I want to configure Windows Always-on VPN. But, first It is necessary to check if the connection ok with Windows 10 built-in VPN connection.
____________________________________________________________________________________________
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [01528bbbc00696121**000001]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [RFC 3947]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [FRAGMENTATION]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [Vid-Initial-Contact]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [IKE CGA version 1]
2021:02:08-11:49:22 utm pluto[24202]: packet from 185.*.*.*:17553: initial Main Mode message received on 212.*.*.*:500 but no connection has been authorized with policy=PSK
Thanks for the answer.
I am using only local authentication. Actually, I want to configure Windows Always-on VPN. But, first It is necessary to check if the connection ok with Windows 10 built-in VPN connection.
____________________________________________________________________________________________
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [01528bbbc00696121**000001]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [RFC 3947]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [FRAGMENTATION]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [Vid-Initial-Contact]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [IKE CGA version 1]
2021:02:08-11:49:22 utm pluto[24202]: packet from 185.*.*.*:17553: initial Main Mode message received on 212.*.*.*:500 but no connection has been authorized with policy=PSK
"no connection has been authorized with policy=PSK"
Please show a picture of the 'Main Settings' in the UTM for 'L2TP over IPsec' remote access.
Cheers - Bob
Also, try with a very simple PSK like 1234 to see if you get the same message.
To correct a problem with Mac OS, one user changed the L2TP over IPsec IPsec Policy.
Cheers - Bob
PS There's no need for the SNAT