Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 6 subscribers
  • Views 17893 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP VPN fails since 9.5 update

Aoffield

Since the last update to UTM9.5, my VPN clients (Windows 10) are being disconnected post successful login.  Nothing has changed other than UTM updates.

 

Log is reporting :

2017:06:25-09:22:47 FWALL pppd-l2tp[24747]: DHCPC: plugin initialized
2017:06:25-09:22:47 FWALL openl2tpd[30298]: PROTO: tunl 59129/24434: sending CDN to peer 7/1
2017:06:25-09:22:47 FWALL openl2tpd[30298]: PROTO: tunl 59129: STOPCCN received
2017:06:25-09:22:47 FWALL openl2tpd[30298]: PROTO: tunl 59129: STOPCCN error 6/0: Requester is being shut down
 
Tried numerous clients and all giving the same error, I've reset all passwords and passkeys but as soon as I logon, the status changes to 'verifying user' then fails.
 
 
Has something changed in openvpn for windows clients?
 
Any insight appreciated.
 
Thanks


This thread was automatically locked due to age.
Parents
  • 0

    are there any official informations from sophos?

     

    at the moment we're on version 9.413 and don't update cause l2tp is highly used in my company.

    for this we have an extra interface with a public ip, autentication via preshared key and RADIUS. The users assigned to an ip by a address pool. Not the default, (10.0.249.0/24)

  • 0 in reply to logan517

    Hello logan,

     

    no we have no News from our Partner who opened a Sophos case for this problem...

    I also created a new ip pool as quick and dirty solution, our problem is that you cannot use the internal dhcp Server since update...

Reply Children
  • 0 in reply to dave m1

    Guys, This is one of the vagaries of this package.  When you use L2TP/IPsec, you cannot count on every Up2Date to be able to deal correctly with "VPN Pool (L2TP)" IPs in the same subnet as a LAN.  By the same token, using the internal DHCP server for L2TP/IPsec Remote Access is not a good idea.  This is why I called using the default "VPN Pool (L2TP)" a best practice.  Over the last 10 years, I've only seen brief periods where what you've been doing doesn't cause routing problems.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML