This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Access L2TP over IPSEC

Hallo Forum,

ich habe ein Problem auf unserer UTM einen Remote Access via L2TP over IPSEC zustande zu bekommen.

Ich bin nach Anleitung vorgegangen, habe unter "Remote Access" alles erforderliche eingetragen. Beim Versuch zunächst dann auf die Webseite zu kommen wo ich den Pre-Shared Key sehen kann. Allerdings zeigt mir die Webseite zur die Meldung "Forbidden .. you don't have permissions ...". Das UTM Web Application Log zeigt Folgendes:

2018:10:25-11:00:21 utm201 httpd[24889]: [url_hardening:error] [pid 24889:tid 3766958960] [client 46.140.198.154:50254] Hostname in HTTP request (185.138.143.73) does not match the server name (exchange.genie-ag.ch), referer: https://185.138.143.73/

Was mache ich falsch bzw. was fehlt bei der Config?

Natürlich klappt auch die VPN Einwahl mit einem WIN10 Rechner nicht.

This thread was automatically locked due to age.

Parents

0 BAlfson over 6 years ago

Hallo Marcus,

Erstmal herzlich willkommen hier in der Community !

(Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

It's unlikely that you have an L2TP/IPsec client that can successfully build a connection to your UTM if it's behind a NAT. Your best solution would be to use SSL VPN remote access.

If you can get a public IP on the UTM's External interface, you will want to use a different subnet than that assigned by "DC201." In most UTM versions over the years, assigning addresses in the Internal subnet to remote access clients has caused routing problems. I usually just recommend using "VPN Pool (L2TP)."

MfG - Bob (Bitte auf Deutsch weiterhin.)
Cancel
Vote Up 0 Vote Down

Cancel
0 Marcus Flöser over 6 years ago in reply to BAlfson

unfortunally I do not have a public WAN IP on my UTM ..

Also I cannot implement SSL VPN because of missing valid license for SSL VPN.

So I think in this case I have to go for another solution.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to Marcus Flöser

Marcus, are you saying that you are using the free Essential Firewall license and that you don't have a subscription for Network Protection?

MfG - Bob (Bitte auf Deutsch weiterhin.)
Cancel
Vote Up 0 Vote Down

Cancel
0 Marcus Flöser over 6 years ago in reply to BAlfson

no, we have a license with these subscriptions:

Subscriptions: Base Functionality
Email Protection
Webserver Protection
Endpoint AntiVirus

But these are not including SSL VPN
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Marcus Flöser over 6 years ago in reply to BAlfson

no, we have a license with these subscriptions:

Subscriptions: Base Functionality
Email Protection
Webserver Protection
Endpoint AntiVirus

But these are not including SSL VPN
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Jason Klein over 6 years ago in reply to Marcus Flöser

Hello,

i dont quite understand this SSL VPN is Part of the Network Protection, the L2TP over IPSEC is part of Network Protection as well or am i wrong here?

Regards

Jason
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 6 years ago in reply to Marcus Flöser

Hmmmm.

L2TP/IPsec and PPTP are included in the Base license. The other Remote Access methods require a Network Protection subscription. Let us know if PPTP works for you.

In North America, a FullGuard subscription (also includes Network Protection and Web Protection) is less than 28% more than those two subscriptions purchased separately.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel