Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Hello everyone, I have been having issues connecting a VPN points together. I have tried everything and still the connection won’t come up. I will share as much information as I can and I hope I can get the needed solution here. 1) Error I get from the libreswan IPSec side :
“500 STATE_V2_PARENT_T1 ( sent IKE_SA_INIT request)
“ pending CHILD SA for “
Libreswan config:
auto=start
salifetime=86400
keyexchange=ike
ikelifetime=24h
aggressive=no
authby=secret
left=public IP
leftsubnet= privateIP/32
right=public IP
rightsubnet= private IP
ike=aes256-sha256;modp1536
phase2alg=aes256-sha256;modp1536
compress=no
pfs=yes
rekey=yes
type=tunnel
The same phase1 & phase 2 connections parameter was also used on the sophos side connection. The error from the from the sophos side is :
“Remote gateway didn’t respond to initial service”
I would really be glad if anyone can advise and give possible support.
thanks in advance
Sadiq
Hello Sadiq Ribadu,Thank you for reaching out to the community, as the information says itself: " 500 STATE_V2_PARENT_T1 ( sent IKE_SA_INIT request)"Remote gateway didn’t respond to initial service, please collect the logs on both the sides and conduct a espdump on the UTM: https://support.sophos.com/support/s/article/KB-000034339?language=en_USAnd then check the logs accordingly or share it here for further diagnosis.
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Hi all, this is a follow up on my earlier post on the issues faced. The solution was to use ikv2 and also use “modp2048” for my DH parameter. So I guess ikev2 was the support version for libreswan.
Hi Sadiq Ribadu, Well UTM 9 does not support IKev2 as of now.
Vivek Jagad so is the brand version XG210 version entirely different cause I have a connection using ikev2 ?
XG 210 is a hardware, but if you are running on it as UTM 9.711 version then it will not support ikev2 but if you running SFOS v18.5 or v19 then you have an option to use ikev2
The version is actually SFOS v19. So I guess that’s why I can use ikev2.
Yes then for sure you can...
Thanks for helping our. Much appreciated.
You're welcome, if this has really helped, please click on the verify button to help us grow our community.