This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP not passing traffic

I have mac users that I'ce set up with L2tp over IpSec. They can connect fine and can ping the UTM. But traffic is not passing through to the internal network behind the UTM. I have a firewall rule set to allow all traffic from the L2TP network to pass through to the internal network but it's still not working.
Any suggestions?
I've set this up before and it's worked fine. Not sure what I'm missing?

This thread was automatically locked due to age.

0 BAlfson over 9 years ago

If #1 in Rulz doesn't give you the answer, please click on [Go Advanced] below and attach a picture of the rule that's not working.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Chris69 over 9 years ago

Maybe it is in 9.309-3?
I have the same here for Mac Clients since upgraded the UTM to 9.309-3, did not put hands on the OSX-Clients and the VPN config for months and suddenly it stopped to be a reliable VPN-AP [:(]
Cancel
Vote Up 0 Vote Down

Cancel
0 Chris69 over 9 years ago

I did resolve this for me:

It is HA-related.

Reason:
I noticed that it was always the first IP from the IPSEC-IP-Pool which could not route any traffic through the tunnel.
First I thought that there is some device in the DMZ using this IP but could not find any.
So I changed the IP Pool to a different one and now it was working as expected.
During further investigation I came to over entry in ipsec.log:

""D_REF_IpsRoaMwxtest2_0"[190] 79.228.236.174:4500 #1502: ERROR: netlink XFRM_MSG_NEWPOLICY response for flow tun.0@79.228.236.174 included errno 17: File exists""

Google pointed me to this old topic and that makes sense.

hth - Chris
Cancel
Vote Up 0 Vote Down

Cancel