This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 L2TP/Ipsec vpn connection problem with Windows 10 built-in client

Avraam Koll over 3 years ago

Hi,

I'm new here and have the following problem.

I have checked it with Pre-shared key and also with certificate. The same results.

Does anyone has Info?

Thanks in Advance!

This thread was automatically locked due to age.

Parents

0 FormerMember over 3 years ago
Hi Avraam Koll,

Thank you for reaching out to the Community!

Could you please confirm if all the users are not able to connect with L2TP or any specific user/device has this issue?

Did you configure local authentication or you do have an internal authentication server?

Could you please replicate the issue and provide the following logs and packet capture?

Follow the instructions on the following KBA on how to get access the UTM shell via SSH.

Sophos UTM: How to access the UTM shell via SSH using PuTTY

/var/log/aua.log and /var/log/ipsec.log (enable debug at Site-to-site VPN > IPsec > Debug )

For L2tp, take dump on port 1701

tcpdump -nei any port 1701

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 FormerMember over 3 years ago
Hi Avraam Koll,

Thank you for reaching out to the Community!

Could you please confirm if all the users are not able to connect with L2TP or any specific user/device has this issue?

Did you configure local authentication or you do have an internal authentication server?

Could you please replicate the issue and provide the following logs and packet capture?

Follow the instructions on the following KBA on how to get access the UTM shell via SSH.

Sophos UTM: How to access the UTM shell via SSH using PuTTY

/var/log/aua.log and /var/log/ipsec.log (enable debug at Site-to-site VPN > IPsec > Debug )

For L2tp, take dump on port 1701

tcpdump -nei any port 1701

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Avraam Koll over 3 years ago in reply to FormerMember

Thanks for the answer.

I am using only local authentication. Actually, I want to configure Windows Always-on VPN. But, first It is necessary to check if the connection ok with Windows 10 built-in VPN connection.

____________________________________________________________________________________________

2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [01528bbbc00696121**000001]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [RFC 3947]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [FRAGMENTATION]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [Vid-Initial-Contact]
2021:02:08-11:49:22 utm pluto[24202]: packet from *.*.*.*:17553: ignoring Vendor ID payload [IKE CGA version 1]
2021:02:08-11:49:22 utm pluto[24202]: packet from 185.*.*.*:17553: initial Main Mode message received on 212.*.*.*:500 but no connection has been authorized with policy=PSK
Cancel
Vote Up 0 Vote Down

Cancel