Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 2345 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP not working

henning1518

Hi there,

I am unfortunately unable to connect a device (Windows 10, Android) to the Sophos XG via L2TP. The WAN is realized with a FritzBox (Exposed host Sohphos XG). SSL VPN works fine.

My configuration:

 

 

 

 

Logs:

 

Can anybody help ?

 

Thanks a lot :)



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Before L2TP connection, End system will go for IPSec connection with L2TP server. Here in l2TP has no request which means it has not passed through process of IPSec connection. So you may check the IPsec logs first to confirm more on issue. Also based on configuration it seems you are having private IP over WAN XG configured  behind ISP modem or router. 

    Please ensure IPSec, L2TP related ports has been forwarded on ISP router to XG WAN.

    Log file guide information:

    https://community.sophos.com/kb/en-us/132211
    https://community.sophos.com/kb/en-us/123185

  • 0 in reply to Vishal_R

    Hi  

    thanks for your answer. That was new for me. Here is the output from IPSec Log.

     

    [H[JSophos Firmware Version SFOS 17.5.12 MR-12.HF052220.1

    console> show vpn IPSec-logs
    2020-06-08 18:08:18 18[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_gateway_chains -t json -s nosync -b '{"local_server":"192.168.1.253","remote_server":"91.96.177.81","action":"disable","family":"0","conntype":"hth","compress":"0"}'': success 0
    2020-06-08 18:08:18 18[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown -- down --
    2020-06-08 18:08:18 18[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
    2020-06-08 18:08:18 18[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 192.168.1.253 is IP: 192.168.1.253
    2020-06-08 18:08:18 18[APP]
    2020-06-08 18:08:18 18[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del 91.96.177.81/32 dev ipsec0 src 192.168.1.253 table 220': success 0
    2020-06-08 18:08:18 18[APP] [COP-UPDOWN] (add_routes) no routes to del for Test on interface ipsec0
    2020-06-08 18:08:18 18[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
    2020-06-08 18:08:18 18[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
    2020-06-08 18:08:19 18[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"192.168.1.253","peer":"91.96.177.81","mynet":"192.168.1.253/32","peernet":"91.96.177.81/32","connop":"0","iface":"unknown","myproto":"17","myport":"1701","peerproto":"17","peerport":"1701","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': error returned 255
    2020-06-08 18:22:55 21[NET] <22> received packet: from 91.96.177.81[500] to 192.168.1.253[500] (408 bytes)
    2020-06-08 18:22:55 21[ENC] <22> parsed ID_PROT request 0 [ SA V V V V V V V V ]
    2020-06-08 18:22:55 21[ENC] <22> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
    2020-06-08 18:22:55 21[IKE] <22> received MS NT5 ISAKMPOAKLEY vendor ID
    2020-06-08 18:22:55 21[IKE] <22> received NAT-T (RFC 3947) vendor ID
    2020-06-08 18:22:55 21[IKE] <22> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    2020-06-08 18:22:55 21[IKE] <22> received FRAGMENTATION vendor ID
    2020-06-08 18:22:55 21[ENC] <22> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
    2020-06-08 18:22:55 21[ENC] <22> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
    2020-06-08 18:22:55 21[ENC] <22> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
    2020-06-08 18:22:55 21[IKE] <22> 91.96.177.81 is initiating a Main Mode IKE_SA
    2020-06-08 18:22:55 21[ENC] <22> generating ID_PROT response 0 [ SA V V V V V ]
    2020-06-08 18:22:55 21[NET] <22> sending packet: from 192.168.1.253[500] to 91.96.177.81[500] (176 bytes)
    2020-06-08 18:22:55 11[NET] <22> received packet: from 91.96.177.81[500] to 192.168.1.253[500] (388 bytes)
    2020-06-08 18:22:55 11[ENC] <22> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    2020-06-08 18:22:56 11[IKE] <22> local host is behind NAT, sending keep alives
    2020-06-08 18:22:56 11[IKE] <22> remote host is behind NAT
    2020-06-08 18:22:56 11[ENC] <22> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    2020-06-08 18:22:56 11[NET] <22> sending packet: from 192.168.1.253[500] to 91.96.177.81[500] (372 bytes)
    2020-06-08 18:22:56 28[NET] <22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (68 bytes)
    2020-06-08 18:22:56 28[ENC] <22> parsed ID_PROT request 0 [ ID HASH ]
    2020-06-08 18:22:56 28[CFG] <22> looking for pre-shared key peer configs matching 192.168.1.253...91.96.177.81[192.168.2.104]
    2020-06-08 18:22:56 28[CFG] <22> selected peer config "Test-1"
    2020-06-08 18:22:56 28[IKE] <Test-1|22> IKE_SA Test-1[22] established between 192.168.1.253[192.168.1.253]...91.96.177.81[192.168.2.104]
    2020-06-08 18:22:56 28[IKE] <Test-1|22> DPD not supported by peer, disabled
    2020-06-08 18:22:56 28[ENC] <Test-1|22> generating ID_PROT response 0 [ ID HASH ]
    2020-06-08 18:22:56 28[NET] <Test-1|22> sending packet: from 192.168.1.253[4500] to 91.96.177.81[4500] (68 bytes)
    2020-06-08 18:22:56 27[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (436 bytes)
    2020-06-08 18:22:56 27[ENC] <Test-1|22> parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    2020-06-08 18:22:56 27[IKE] <Test-1|22> ### process_request invoking quick_mode_create
    2020-06-08 18:22:56 27[IKE] <Test-1|22> ### quick_mode_create: 0x66f02650 config (nil)
    2020-06-08 18:22:56 27[IKE] <Test-1|22> ### process_r: 0x66f02650 QM_INIT
    2020-06-08 18:22:56 27[IKE] <Test-1|22> expected IPComp proposal but peer did not send one, IPComp disabled
    2020-06-08 18:22:56 27[IKE] <Test-1|22> received 3600s lifetime, configured 0s
    2020-06-08 18:22:56 27[IKE] <Test-1|22> received 250000000 lifebytes, configured 0
    2020-06-08 18:22:56 27[IKE] <Test-1|22> ### build_r: 0x66f02650 QM_INIT
    2020-06-08 18:22:56 27[ENC] <Test-1|22> generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    2020-06-08 18:22:56 27[NET] <Test-1|22> sending packet: from 192.168.1.253[4500] to 91.96.177.81[4500] (204 bytes)
    2020-06-08 18:22:56 31[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (60 bytes)
    2020-06-08 18:22:56 31[ENC] <Test-1|22> parsed QUICK_MODE request 1 [ HASH ]
    2020-06-08 18:22:56 31[IKE] <Test-1|22> ### process_r: 0x66f02650 QM_NEGOTIATED
    2020-06-08 18:22:56 31[IKE] <Test-1|22> CHILD_SA Test-1{59} established with SPIs cf16b5db_i 5ec4619e_o and TS 192.168.1.253/32[udp/1701] === 91.96.177.81/32[udp/1701]
    2020-06-08 18:22:56 31[APP] <Test-1|22> [SSO] (sso_invoke_once) SSO is disabled.
    2020-06-08 18:22:56 31[APP] <Test-1|22> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (192.168.1.253/32#91.96.177.81/32)
    2020-06-08 18:22:56 31[APP] <Test-1|22> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 0 to 1 ++ up ++ (192.168.1.253#91.96.177.81)
    2020-06-08 18:22:56 31[APP] <Test-1|22> [COP-UPDOWN] (cop_updown_invoke_once) UID: 22 Net: Local 192.168.1.253 Remote 91.96.177.81 Connection: Test Fullname: Test-1
    2020-06-08 18:22:56 31[APP] <Test-1|22> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-host
    2020-06-08 18:22:56 31[IKE] <Test-1|22> ### destroy: 0x66f02650
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'Test' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec remote updown ++ up ++
    2020-06-08 18:22:56 32[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (436 bytes)
    2020-06-08 18:22:56 32[ENC] <Test-1|22> parsed QUICK_MODE request 2 [ HASH SA No ID ID NAT-OA NAT-OA ]
    2020-06-08 18:22:56 32[IKE] <Test-1|22> ### process_request invoking quick_mode_create
    2020-06-08 18:22:56 32[IKE] <Test-1|22> ### quick_mode_create: 0x66d00880 config (nil)
    2020-06-08 18:22:56 32[IKE] <Test-1|22> ### process_r: 0x66d00880 QM_INIT
    2020-06-08 18:22:56 32[IKE] <Test-1|22> expected IPComp proposal but peer did not send one, IPComp disabled
    2020-06-08 18:22:56 32[IKE] <Test-1|22> received 3600s lifetime, configured 0s
    2020-06-08 18:22:56 32[IKE] <Test-1|22> received 250000000 lifebytes, configured 0
    2020-06-08 18:22:56 32[IKE] <Test-1|22> detected rekeying of CHILD_SA Test-1{59}
    2020-06-08 18:22:56 32[IKE] <Test-1|22> ### build_r: 0x66d00880 QM_INIT
    2020-06-08 18:22:56 32[ENC] <Test-1|22> generating QUICK_MODE response 2 [ HASH SA No ID ID NAT-OA NAT-OA ]
    2020-06-08 18:22:56 32[NET] <Test-1|22> sending packet: from 192.168.1.253[4500] to 91.96.177.81[4500] (204 bytes)
    2020-06-08 18:22:56 06[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (60 bytes)
    2020-06-08 18:22:56 06[ENC] <Test-1|22> parsed QUICK_MODE request 2 [ HASH ]
    2020-06-08 18:22:56 06[IKE] <Test-1|22> ### process_r: 0x66d00880 QM_NEGOTIATED
    2020-06-08 18:22:56 06[IKE] <Test-1|22> CHILD_SA Test-1{60} established with SPIs cb5b100a_i fcfe6da8_o and TS 192.168.1.253/32[udp/1701] === 91.96.177.81/32[udp/1701]
    2020-06-08 18:22:56 06[IKE] <Test-1|22> ### destroy: 0x66d00880
    2020-06-08 18:22:56 06[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (76 bytes)
    2020-06-08 18:22:56 06[ENC] <Test-1|22> parsed INFORMATIONAL_V1 request 3288000596 [ HASH D ]
    2020-06-08 18:22:56 06[IKE] <Test-1|22> received DELETE for ESP CHILD_SA with SPI 5ec4619e
    2020-06-08 18:22:56 06[IKE] <Test-1|22> closing CHILD_SA Test-1{59} with SPIs cf16b5db_i (0 bytes) 5ec4619e_o (0 bytes) and TS 192.168.1.253/32[udp/1701] === 91.96.177.81/32[udp/1701]
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_gateway_chains -t json -s nosync -b '{"local_server":"192.168.1.253","remote_server":"91.96.177.81","action":"enable","family":"0","conntype":"hth","compress":"0"}'': success 0
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown ++ up ++
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 192.168.1.253 is IP: 192.168.1.253
    2020-06-08 18:22:56 16[APP]
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 91.96.177.81/32 dev ipsec0 src 192.168.1.253 table 220': success 0
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN] (add_routes) no routes to add for Test on interface ipsec0
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
    2020-06-08 18:22:56 16[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
    2020-06-08 18:22:57 16[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"192.168.1.253","peer":"91.96.177.81","mynet":"192.168.1.253/32","peernet":"91.96.177.81/32","connop":"1","iface":"Port2","myproto":"17","myport":"1701","peerproto":"17","peerport":"1701","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': error returned 255
    2020-06-08 18:22:59 05[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (436 bytes)
    2020-06-08 18:22:59 05[ENC] <Test-1|22> parsed QUICK_MODE request 3 [ HASH SA No ID ID NAT-OA NAT-OA ]
    2020-06-08 18:22:59 05[IKE] <Test-1|22> ### process_request invoking quick_mode_create
    2020-06-08 18:22:59 05[IKE] <Test-1|22> ### quick_mode_create: 0x954ae80 config (nil)
    2020-06-08 18:22:59 05[IKE] <Test-1|22> ### process_r: 0x954ae80 QM_INIT
    2020-06-08 18:22:59 05[IKE] <Test-1|22> expected IPComp proposal but peer did not send one, IPComp disabled
    2020-06-08 18:22:59 05[IKE] <Test-1|22> received 3600s lifetime, configured 0s
    2020-06-08 18:22:59 05[IKE] <Test-1|22> received 250000000 lifebytes, configured 0
    2020-06-08 18:22:59 05[IKE] <Test-1|22> detected rekeying of CHILD_SA Test-1{60}
    2020-06-08 18:22:59 05[IKE] <Test-1|22> ### build_r: 0x954ae80 QM_INIT
    2020-06-08 18:22:59 05[ENC] <Test-1|22> generating QUICK_MODE response 3 [ HASH SA No ID ID NAT-OA NAT-OA ]
    2020-06-08 18:22:59 05[NET] <Test-1|22> sending packet: from 192.168.1.253[4500] to 91.96.177.81[4500] (204 bytes)
    2020-06-08 18:22:59 15[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (60 bytes)
    2020-06-08 18:22:59 15[ENC] <Test-1|22> parsed QUICK_MODE request 3 [ HASH ]
    2020-06-08 18:22:59 15[IKE] <Test-1|22> ### process_r: 0x954ae80 QM_NEGOTIATED
    2020-06-08 18:22:59 15[IKE] <Test-1|22> CHILD_SA Test-1{61} established with SPIs cc8b189b_i 1958fd32_o and TS 192.168.1.253/32[udp/1701] === 91.96.177.81/32[udp/1701]
    2020-06-08 18:22:59 15[IKE] <Test-1|22> ### destroy: 0x954ae80
    2020-06-08 18:22:59 09[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (76 bytes)
    2020-06-08 18:22:59 09[ENC] <Test-1|22> parsed INFORMATIONAL_V1 request 110988731 [ HASH D ]
    2020-06-08 18:22:59 09[IKE] <Test-1|22> received DELETE for ESP CHILD_SA with SPI fcfe6da8
    2020-06-08 18:22:59 09[IKE] <Test-1|22> closing CHILD_SA Test-1{60} with SPIs cb5b100a_i (0 bytes) fcfe6da8_o (0 bytes) and TS 192.168.1.253/32[udp/1701] === 91.96.177.81/32[udp/1701]
    2020-06-08 18:23:03 20[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (436 bytes)
    2020-06-08 18:23:03 20[ENC] <Test-1|22> parsed QUICK_MODE request 4 [ HASH SA No ID ID NAT-OA NAT-OA ]
    2020-06-08 18:23:03 20[IKE] <Test-1|22> ### process_request invoking quick_mode_create
    2020-06-08 18:23:03 20[IKE] <Test-1|22> ### quick_mode_create: 0x66b032e8 config (nil)
    2020-06-08 18:23:03 20[IKE] <Test-1|22> ### process_r: 0x66b032e8 QM_INIT
    2020-06-08 18:23:03 20[IKE] <Test-1|22> expected IPComp proposal but peer did not send one, IPComp disabled
    2020-06-08 18:23:03 20[IKE] <Test-1|22> received 3600s lifetime, configured 0s
    2020-06-08 18:23:03 20[IKE] <Test-1|22> received 250000000 lifebytes, configured 0
    2020-06-08 18:23:03 20[IKE] <Test-1|22> detected rekeying of CHILD_SA Test-1{61}
    2020-06-08 18:23:03 20[IKE] <Test-1|22> ### build_r: 0x66b032e8 QM_INIT
    2020-06-08 18:23:03 20[ENC] <Test-1|22> generating QUICK_MODE response 4 [ HASH SA No ID ID NAT-OA NAT-OA ]
    2020-06-08 18:23:03 20[NET] <Test-1|22> sending packet: from 192.168.1.253[4500] to 91.96.177.81[4500] (204 bytes)
    2020-06-08 18:23:03 11[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (60 bytes)
    2020-06-08 18:23:03 11[ENC] <Test-1|22> parsed QUICK_MODE request 4 [ HASH ]
    2020-06-08 18:23:03 11[IKE] <Test-1|22> ### process_r: 0x66b032e8 QM_NEGOTIATED
    2020-06-08 18:23:03 11[IKE] <Test-1|22> CHILD_SA Test-1{62} established with SPIs c2f76c6a_i 01014002_o and TS 192.168.1.253/32[udp/1701] === 91.96.177.81/32[udp/1701]
    2020-06-08 18:23:03 11[IKE] <Test-1|22> ### destroy: 0x66b032e8
    2020-06-08 18:23:03 28[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (76 bytes)
    2020-06-08 18:23:03 28[ENC] <Test-1|22> parsed INFORMATIONAL_V1 request 970489829 [ HASH D ]
    2020-06-08 18:23:03 28[IKE] <Test-1|22> received DELETE for ESP CHILD_SA with SPI 1958fd32
    2020-06-08 18:23:03 28[IKE] <Test-1|22> closing CHILD_SA Test-1{61} with SPIs cc8b189b_i (0 bytes) 1958fd32_o (0 bytes) and TS 192.168.1.253/32[udp/1701] === 91.96.177.81/32[udp/1701]
    2020-06-08 18:23:09 13[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (76 bytes)
    2020-06-08 18:23:09 13[ENC] <Test-1|22> parsed INFORMATIONAL_V1 request 3267383780 [ HASH D ]
    2020-06-08 18:23:09 13[IKE] <Test-1|22> received DELETE for ESP CHILD_SA with SPI 01014002
    2020-06-08 18:23:09 13[IKE] <Test-1|22> closing CHILD_SA Test-1{62} with SPIs c2f76c6a_i (0 bytes) 01014002_o (0 bytes) and TS 192.168.1.253/32[udp/1701] === 91.96.177.81/32[udp/1701]
    2020-06-08 18:23:09 13[APP] <Test-1|22> [SSO] (sso_invoke_once) SSO is disabled.
    2020-06-08 18:23:09 13[APP] <Test-1|22> [COP-UPDOWN] (ref_counting) ref_count: 1 to 0 -- down -- (192.168.1.253/32#91.96.177.81/32)
    2020-06-08 18:23:09 13[APP] <Test-1|22> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 1 to 0 -- down -- (192.168.1.253#91.96.177.81)
    2020-06-08 18:23:09 13[APP] <Test-1|22> [COP-UPDOWN] (cop_updown_invoke_once) UID: 22 Net: Local 192.168.1.253 Remote 91.96.177.81 Connection: Test Fullname: Test-1
    2020-06-08 18:23:09 13[APP] <Test-1|22> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-host
    2020-06-08 18:23:09 17[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'Test' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
    2020-06-08 18:23:09 17[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec remote updown -- down --
    2020-06-08 18:23:09 29[NET] <Test-1|22> received packet: from 91.96.177.81[4500] to 192.168.1.253[4500] (84 bytes)
    2020-06-08 18:23:09 29[ENC] <Test-1|22> parsed INFORMATIONAL_V1 request 137567304 [ HASH D ]
    2020-06-08 18:23:09 29[IKE] <Test-1|22> received DELETE for IKE_SA Test-1[22]
    2020-06-08 18:23:09 29[IKE] <Test-1|22> deleting IKE_SA Test-1[22] between 192.168.1.253[192.168.1.253]...91.96.177.81[192.168.2.104]
    2020-06-08 18:23:10 17[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_gateway_chains -t json -s nosync -b '{"local_server":"192.168.1.253","remote_server":"91.96.177.81","action":"disable","family":"0","conntype":"hth","compress":"0"}'': success 0
    2020-06-08 18:23:10 17[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown -- down --
    2020-06-08 18:23:10 17[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
    2020-06-08 18:23:10 17[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 192.168.1.253 is IP: 192.168.1.253
    2020-06-08 18:23:10 17[APP]
    2020-06-08 18:23:10 17[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del 91.96.177.81/32 dev ipsec0 src 192.168.1.253 table 220': success 0
    2020-06-08 18:23:10 17[APP] [COP-UPDOWN] (add_routes) no routes to del for Test on interface ipsec0
    2020-06-08 18:23:10 17[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
    2020-06-08 18:23:10 17[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
    2020-06-08 18:23:10 17[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"192.168.1.253","peer":"91.96.177.81","mynet":"192.168.1.253/32","peernet":"91.96.177.81/32","connop":"0","iface":"unknown","myproto":"17","myport":"1701","peerproto":"17","peerport":"1701","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': error returned 255

Reply Children
No Data