Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 26 subscribers
  • Views 2213 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SophosXG Firewall L2TP VPN Connection Problems

Net Sn00p

Hi,

i have upgraded my sg210 firewall from utm to sophos xg. On the utm i have configured an l2tp vpn connection with radius authentication and it works fine. The sophos xg its new for me, but i think i do the right things (i hope so). I have add the radius and ad server and and the test´s works fine. Then i have set up the vpn group over the import button and create a l2tp connection with a shared secret and with the same details then the sophos utm have. Then i will test the vpn connection and i configured my iphone for an l2tp connection. In the sophos xg authentication log i see the following:

"User testuser failed to login to L2TP through RADIUS authentication mechanism because of wrong credentials."

But the radius connection test is successful and i can login into the user portal with the same credentials.

What i have already done:

- compare the shared secret -> its the same
- check if the login credentials are correct -> passed
- check if the l2tp connection is activ -> passed

Does anyone an idea what else i can check? The error message from the sophos log is a bit irritating.

Here are some configuration screenshots...


Thanks and greetings
Christian



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Could you please provide access_server logs in debugging? 

    Run the following command from the advanced shell to put the access_server in debug: service access_server:debug -ds nocync 

    Note: Run the same command to remove the service from the debug. 

    Did you set Simultaneous logins limit for the users? You can check this under Authentication > Users > Open the user detail or under Authentication > Services Global Settings. 

    Did you configure the leasing an IP address from the RADIUS server? You can see this option under VPN > VPN Settings > L2TP.

    Thanks,

  • 0

    Hi H_Patel,

    thanks for your answer.

    ok, i have the debugging turned on, but which log you will see?

    And then i have checked the simultaneous login limit, there is no limit. And the IP address comes from the sophos, not from the radius server.

    Thanks and greetings,

    Christian

  • FormerMember
    0 FormerMember in reply to Net Sn00p

    Hi ,

    Thank you for the update. 

    Check the access_server logs. 

    Please check out the following KBA for more info: Sophos XG Firewall: Where to find log files?

    Thanks,

  • 0 in reply to FormerMember

    Ok, here is my access_server.log .

    MESSAGE   Nov 12 17:09:04 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
MESSAGE   Nov 12 17:09:29 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:09:29 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
MESSAGE   Nov 12 17:10:04 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
MESSAGE   Nov 12 17:10:14 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:10:14 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
MESSAGE   Nov 12 17:10:59 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:10:59 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
MESSAGE   Nov 12 17:11:04 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
MESSAGE   Nov 12 17:11:44 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:11:44 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
MESSAGE   Nov 12 17:12:03 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
MESSAGE   Nov 12 17:12:29 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:13:03 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
MESSAGE   Nov 12 17:13:14 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:13:14 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
ERROR     Nov 12 17:13:34 [RADIUS_AUTH]: (cb_authenticate_chap_user): Authentication failed for User: 'user3'
ERROR     Nov 12 17:13:34 [access_server]: handle_chap_auth: CHAP Authentication Successful
ERROR     Nov 12 17:13:34 [POSTGRES_DB]: (pg_db_handle_user_reserverd_vpn_ip): row count: 0
MESSAGE   Nov 12 17:13:34 [access_server]: ippool_submit_request: IP lease request
ERROR     Nov 12 17:13:34 [IP_POOL]: ippool_handle_leaseip_request: lease request for L2TP
ERROR     Nov 12 17:13:34 [IP_POOL]: ip_pool_v4_get_free_ip: ip 3232290053 is allocated
MESSAGE   Nov 12 17:13:59 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:13:59 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
MESSAGE   Nov 12 17:14:03 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
MESSAGE   Nov 12 17:14:29 [access_server]: ippool_submit_request: IP free request
ERROR     Nov 12 17:14:29 [IP_POOL]: ippool_handle_freeip_request: ip 192.168.213.5 freed from assigned pool
ERROR     Nov 12 17:14:40 [RADIUS_AUTH]: (cb_authenticate_chap_user): Authentication failed for User: 'christians'
ERROR     Nov 12 17:14:40 [POSTGRES_DB]: (pg_db_handle_chap_getpass): No rows found
ERROR     Nov 12 17:14:40 [access_server]: check_auth_result: VPN/SSLVPN/MYACC Authentication Failed
MESSAGE   Nov 12 17:14:44 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:14:44 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
MESSAGE   Nov 12 17:15:04 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
MESSAGE   Nov 12 17:15:29 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:15:29 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
MESSAGE   Nov 12 17:16:04 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
MESSAGE   Nov 12 17:16:14 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:16:14 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
MESSAGE   Nov 12 17:16:59 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:16:59 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
MESSAGE   Nov 12 17:17:04 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
ERROR     Nov 12 17:17:45 [CAA]: (CA_epoll_wait): time_to_keep_alive=-1000, after=1605197865, before=1605197819
MESSAGE   Nov 12 17:17:45 [CAA]: (CA_epoll_wait): returning nfds 0
MESSAGE   Nov 12 17:17:45 [CAA]: (CA_keep_alive): access_server heartbeat
MESSAGE   Nov 12 17:17:45 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds

    user3 is an sophos local user

    christians is an ad user

    Thanks & Greetings

    Christian

  • 0 in reply to Net Sn00p

    Can anyone tell me about more about this...

    ERROR     Nov 12 17:14:40 [POSTGRES_DB]: (pg_db_handle_chap_getpass): No rows found
ERROR     Nov 12 17:14:40 [access_server]: check_auth_result: VPN/SSLVPN/MYACC Authentication Failed

    Thanks & Greetings

    Christian

  • FormerMember
    0 FormerMember in reply to Net Sn00p

    Hi ,

    Thank you for the update. 

    The error in the access_server logs is most likely is for SSL VPN. 

    Could you please provide these logs while you replicate the issue:

    a) tail -f /log/syslog.log | grep pppd
    b) tail -f /log/l2tpd.log
    c) tail -f /log/charon.log

    Thanks, 

  • 0 in reply to FormerMember

    Hi H_Patel,

    here it is...

    SFVH_SO01_SFOS 18.0.3 MR-3# tail -f /log/syslog.log | grep pppd
Nov 13 13:57:00 (none) daemon.warn pppd[755]: : ip_choose_hook is NULL
Nov 13 13:57:00 (none) daemon.info pppd[755]: /dev/pts/1: Plugin /lib/crauth.so loaded.
Nov 13 13:57:00 (none) daemon.info pppd[755]: /dev/pts/1: CRAUTH plugin with IP lease initialized.
Nov 13 13:57:00 (none) daemon.notice pppd[755]: /dev/pts/1: pppd 2.4.7 started by root, uid 0
Nov 13 13:57:00 (none) daemon.debug pppd[755]: /dev/pts/1: using channel 5
Nov 13 13:57:00 (none) daemon.info pppd[755]: /dev/pts/1: Using interface ppp0
Nov 13 13:57:00 (none) daemon.notice pppd[755]: /dev/pts/1: Connect: ppp0 <--> /dev/pts/1
Nov 13 13:57:00 (none) daemon.debug pppd[755]: /dev/pts/1: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic 0xdf79057f> <pcomp> <accomp>]
Nov 13 13:57:00 (none) daemon.debug pppd[755]: /dev/pts/1: rcvd [LCP ConfAck id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic 0xdf79057f> <pcomp> <accomp>]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic 0xdf79057f> <pcomp> <accomp>]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x25d7d35e> <pcomp> <accomp>]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x25d7d35e> <pcomp> <accomp>]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: rcvd [LCP ConfAck id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MD5> <magic 0xdf79057f> <pcomp> <accomp>]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: sent [CHAP Challenge id=0x5d <66d5b0386231e1e2e356ba41f778913c>, name = "cyberoamserver"]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: rcvd [LCP EchoReq id=0x0 magic=0x25d7d35e]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: sent [LCP EchoRep id=0x0 magic=0xdf79057f]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: rcvd [CHAP Response id=0x5d <ffb4d0fa36398a130d4582075623287c>, name = "christians"]
Nov 13 13:57:03 (none) daemon.info pppd[755]: /dev/pts/1: crauth_chap_verify called
Nov 13 13:57:03 (none) daemon.info pppd[755]: /dev/pts/1: crauth_pap_auth: REMOTE IP ADDRESS: '80.187.84.13'
Nov 13 13:57:03 (none) daemon.warn pppd[755]: /dev/pts/1: Peer christians failed CHAP authentication
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: sent [CHAP Failure id=0x5d "n failed. Invalid user name/password. Please contact the administrator. "]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: convert_to_utf8: is already utf8 - nothing to do here
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: sent [LCP TermReq id=0x2 "Authentication failed"]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: rcvd [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
Nov 13 13:57:03 (none) daemon.debug pppd[755]: /dev/pts/1: sent [LCP TermAck id=0x2]
Nov 13 13:57:03 (none) daemon.notice pppd[755]: /dev/pts/1: Modem hangup
Nov 13 13:57:03 (none) daemon.notice pppd[755]: /dev/pts/1: Connection terminated.
Nov 13 13:57:03 (none) daemon.info pppd[755]: /dev/pts/1: Exit.

    SFVH_SO01_SFOS 18.0.3 MR-3# tail -f /log/l2tpd.log
xl2tpd[4461]: "cyberoamserver"
xl2tpd[4461]: "debug"
xl2tpd[4461]: "file"
xl2tpd[4461]: "/cfs/options.l2tpd"
xl2tpd[4461]: Call established with 80.187.84.13, PID: 371, Local: 41312, Remote: 299, Serial: 1
xl2tpd[4461]: result_code_avp: result code endianness fix for buggy Apple client. network=768, le=3
xl2tpd[4461]: control_finish: Connection closed to 80.187.84.13, serial 1 ()
xl2tpd[4461]: Terminating pppd: sending TERM signal to pid 371
xl2tpd[4461]: result_code_avp: result code endianness fix for buggy Apple client. network=256, le=1
xl2tpd[4461]: control_finish: Connection closed to 80.187.84.13, port 54191 (), Local: 3905, Remote: 1
xl2tpd[4461]: Connection established to 80.187.84.13, 61939.  Local: 31034, Remote: 2 (ref=0/0).  LNS session is 'default'
xl2tpd[4461]: start_pppd: I'm running:
xl2tpd[4461]: "/bin/pppd"
xl2tpd[4461]: "/dev/pts/1"
xl2tpd[4461]: "ipparam"
xl2tpd[4461]: "l2tp#80.187.84.13"
xl2tpd[4461]: "passive"
xl2tpd[4461]: "nodetach"
xl2tpd[4461]: "195.xxx.xxx.xxx:0.0.0.0"
xl2tpd[4461]: "auth"
xl2tpd[4461]: "name"
xl2tpd[4461]: "cyberoamserver"
xl2tpd[4461]: "debug"
xl2tpd[4461]: "file"
xl2tpd[4461]: "/cfs/options.l2tpd"
xl2tpd[4461]: Call established with 80.187.84.13, PID: 610, Local: 57885, Remote: 305, Serial: 1
xl2tpd[4461]: result_code_avp: result code endianness fix for buggy Apple client. network=768, le=3
xl2tpd[4461]: control_finish: Connection closed to 80.187.84.13, serial 1 ()
xl2tpd[4461]: Terminating pppd: sending TERM signal to pid 610

    SFVH_SO01_SFOS 18.0.3 MR-3# tail -f /log/charon.log
2020-11-13 13:59:05 21[NET] <8> received packet: from 80.187.84.13[500] to 195.xxx.xxx.xxx[500] (788 bytes)
2020-11-13 13:59:05 21[ENC] <8> parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
2020-11-13 13:59:05 21[IKE] <8> received NAT-T (RFC 3947) vendor ID
2020-11-13 13:59:05 21[IKE] <8> received draft-ietf-ipsec-nat-t-ike vendor ID
2020-11-13 13:59:05 21[IKE] <8> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
2020-11-13 13:59:05 21[IKE] <8> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
2020-11-13 13:59:05 21[IKE] <8> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
2020-11-13 13:59:05 21[IKE] <8> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
2020-11-13 13:59:05 21[IKE] <8> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
2020-11-13 13:59:05 21[IKE] <8> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
2020-11-13 13:59:05 21[IKE] <8> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
2020-11-13 13:59:05 21[IKE] <8> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2020-11-13 13:59:05 21[IKE] <8> received FRAGMENTATION vendor ID
2020-11-13 13:59:05 21[IKE] <8> received DPD vendor ID
2020-11-13 13:59:05 21[IKE] <8> 80.187.84.13 is initiating a Main Mode IKE_SA
2020-11-13 13:59:05 21[ENC] <8> generating ID_PROT response 0 [ SA V V V V V ]
2020-11-13 13:59:05 21[NET] <8> sending packet: from 195.xxx.xxx.xxx[500] to 80.187.84.13[500] (176 bytes)
2020-11-13 13:59:05 08[NET] <8> received packet: from 80.187.84.13[500] to 195.xxx.xxx.xxx[500] (228 bytes)
2020-11-13 13:59:05 08[ENC] <8> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
2020-11-13 13:59:05 08[IKE] <8> remote host is behind NAT
2020-11-13 13:59:05 08[ENC] <8> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
2020-11-13 13:59:05 08[NET] <8> sending packet: from 195.xxx.xxx.xxx[500] to 80.187.84.13[500] (244 bytes)
2020-11-13 13:59:05 06[NET] <8> received packet: from 80.187.84.13[3878] to 195.xxx.xxx.xxx[4500] (100 bytes)
2020-11-13 13:59:05 06[ENC] <8> parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
2020-11-13 13:59:05 06[CFG] <8> looking for pre-shared key peer configs matching 195.xxx.xxx.xxx...80.187.84.13[10.38.31.13]
2020-11-13 13:59:05 06[CFG] <8> selected peer config "SMI_L2TP-1"
2020-11-13 13:59:05 06[IKE] <SMI_L2TP-1|8> IKE_SA SMI_L2TP-1[8] established between 195.xxx.xxx.xxx[195.xxx.xxx.xxx]...80.187.84.13[10.38.31.13]
2020-11-13 13:59:05 06[ENC] <SMI_L2TP-1|8> generating ID_PROT response 0 [ ID HASH ]
2020-11-13 13:59:05 06[NET] <SMI_L2TP-1|8> sending packet: from 195.xxx.xxx.xxx[4500] to 80.187.84.13[3878] (68 bytes)
2020-11-13 13:59:06 25[NET] <SMI_L2TP-1|8> received packet: from 80.187.84.13[3878] to 195.xxx.xxx.xxx[4500] (388 bytes)
2020-11-13 13:59:06 25[ENC] <SMI_L2TP-1|8> parsed QUICK_MODE request 3147508690 [ HASH SA No ID ID NAT-OA NAT-OA ]
2020-11-13 13:59:06 25[IKE] <SMI_L2TP-1|8> ### process_request invoking quick_mode_create
2020-11-13 13:59:06 25[IKE] <SMI_L2TP-1|8> ### quick_mode_create: 0x7f3ca0000e50 config (nil)
2020-11-13 13:59:06 25[IKE] <SMI_L2TP-1|8> ### process_r: 0x7f3ca0000e50 QM_INIT
2020-11-13 13:59:06 25[IKE] <SMI_L2TP-1|8> expected IPComp proposal but peer did not send one, IPComp disabled
2020-11-13 13:59:06 25[IKE] <SMI_L2TP-1|8> received 3600s lifetime, configured 0s
2020-11-13 13:59:06 25[IKE] <SMI_L2TP-1|8> ### build_r: 0x7f3ca0000e50 QM_INIT
2020-11-13 13:59:06 25[ENC] <SMI_L2TP-1|8> generating QUICK_MODE response 3147508690 [ HASH SA No ID ID NAT-OA NAT-OA ]
2020-11-13 13:59:06 25[NET] <SMI_L2TP-1|8> sending packet: from 195.xxx.xxx.xxx[4500] to 80.187.84.13[3878] (188 bytes)
2020-11-13 13:59:06 27[NET] <SMI_L2TP-1|8> received packet: from 80.187.84.13[3878] to 195.xxx.xxx.xxx[4500] (60 bytes)
2020-11-13 13:59:06 27[ENC] <SMI_L2TP-1|8> parsed QUICK_MODE request 3147508690 [ HASH ]
2020-11-13 13:59:06 27[IKE] <SMI_L2TP-1|8> ### process_r: 0x7f3ca0000e50 QM_NEGOTIATED
2020-11-13 13:59:06 27[IKE] <SMI_L2TP-1|8> CHILD_SA SMI_L2TP-1{8} established with SPIs cffc5c79_i 0bb1f489_o and TS 195.xxx.xxx.xxx/32[udp/1701] === 80.187.84.13/32[udp/51321]
2020-11-13 13:59:06 27[APP] <SMI_L2TP-1|8> [SSO] (sso_invoke_once) SSO is disabled.
2020-11-13 13:59:06 27[APP] <SMI_L2TP-1|8> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (195.xxx.xxx.xxx/32#80.187.84.13/32)
2020-11-13 13:59:06 27[APP] <SMI_L2TP-1|8> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 0 to 1 ++ up ++ (195.xxx.xxx.xxx#80.187.84.13)
2020-11-13 13:59:06 27[APP] <SMI_L2TP-1|8> [COP-UPDOWN] (cop_updown_invoke_once) UID: 8 Net: Local 195.xxx.xxx.xxx Remote 80.187.84.13 Connection: SMI_L2TP Fullname: SMI_L2TP-1
2020-11-13 13:59:06 27[APP] <SMI_L2TP-1|8> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-host
2020-11-13 13:59:06 27[IKE] <SMI_L2TP-1|8> ### destroy: 0x7f3ca0000e50
2020-11-13 13:59:06 23[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'SMI_L2TP' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2020-11-13 13:59:06 23[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec remote updown ++ up ++
2020-11-13 13:59:06 23[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_gateway_chains -t json -s nosync -b '{"local_server":"195.xxx.xxx.xxx","remote_server":"80.187.84.13","action":"enable","family":"0","conntype":"hth","compress":"0"}'': success 0
2020-11-13 13:59:06 23[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown ++ up ++
2020-11-13 13:59:06 23[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2020-11-13 13:59:06 23[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 195.xxx.xxx.xxx is IP: 195.xxx.xxx.xxx
2020-11-13 13:59:06 23[APP]
2020-11-13 13:59:06 23[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 80.187.84.13/32 dev ipsec0 src 195.xxx.xxx.xxx table 220': success 0
2020-11-13 13:59:06 23[APP] [COP-UPDOWN] (add_routes) no routes to add for SMI_L2TP on interface ipsec0
2020-11-13 13:59:06 23[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2020-11-13 13:59:06 23[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2020-11-13 13:59:06 23[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"195.xxx.xxx.xxx","peer":"80.187.84.13","mynet":"195.xxx.xxx.xxx/32","peernet":"80.187.84.13/32","connop":"1","iface":"Port2","myproto":"17","myport":"1701","peerproto":"17","peerport":"51321","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': error returned 255
2020-11-13 13:59:06 13[KNL] interface ppp0 deleted
2020-11-13 13:59:06 07[NET] <SMI_L2TP-1|8> received packet: from 80.187.84.13[3878] to 195.xxx.xxx.xxx[4500] (76 bytes)
2020-11-13 13:59:06 07[ENC] <SMI_L2TP-1|8> parsed INFORMATIONAL_V1 request 1212541432 [ HASH D ]
2020-11-13 13:59:06 07[IKE] <SMI_L2TP-1|8> received DELETE for ESP CHILD_SA with SPI 0bb1f489
2020-11-13 13:59:06 07[IKE] <SMI_L2TP-1|8> closing CHILD_SA SMI_L2TP-1{8} with SPIs cffc5c79_i (527 bytes) 0bb1f489_o (699 bytes) and TS 195.xxx.xxx.xxx/32[udp/1701] === 80.187.84.13/32[udp/51321]
2020-11-13 13:59:06 07[APP] <SMI_L2TP-1|8> [SSO] (sso_invoke_once) SSO is disabled.
2020-11-13 13:59:06 07[APP] <SMI_L2TP-1|8> [COP-UPDOWN] (ref_counting) ref_count: 1 to 0 -- down -- (195.xxx.xxx.xxx/32#80.187.84.13/32)
2020-11-13 13:59:06 07[APP] <SMI_L2TP-1|8> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 1 to 0 -- down -- (195.xxx.xxx.xxx#80.187.84.13)
2020-11-13 13:59:06 07[APP] <SMI_L2TP-1|8> [COP-UPDOWN] (cop_updown_invoke_once) UID: 8 Net: Local 195.xxx.xxx.xxx Remote 80.187.84.13 Connection: SMI_L2TP Fullname: SMI_L2TP-1
2020-11-13 13:59:06 07[APP] <SMI_L2TP-1|8> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-host
2020-11-13 13:59:06 32[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'SMI_L2TP' result --> id: '1', mode: 'hth', tunnel_type: '1', subnet_family:'0'
2020-11-13 13:59:06 32[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec remote updown -- down --
2020-11-13 13:59:06 30[NET] <SMI_L2TP-1|8> received packet: from 80.187.84.13[3878] to 195.xxx.xxx.xxx[4500] (84 bytes)
2020-11-13 13:59:06 30[ENC] <SMI_L2TP-1|8> parsed INFORMATIONAL_V1 request 281822720 [ HASH D ]
2020-11-13 13:59:06 30[IKE] <SMI_L2TP-1|8> received DELETE for IKE_SA SMI_L2TP-1[8]
2020-11-13 13:59:06 30[IKE] <SMI_L2TP-1|8> deleting IKE_SA SMI_L2TP-1[8] between 195.xxx.xxx.xxx[195.xxx.xxx.xxx]...80.187.84.13[10.38.31.13]
2020-11-13 13:59:07 32[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_gateway_chains -t json -s nosync -b '{"local_server":"195.xxx.xxx.xxx","remote_server":"80.187.84.13","action":"disable","family":"0","conntype":"hth","compress":"0"}'': success 0
2020-11-13 13:59:07 32[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown -- down --
2020-11-13 13:59:07 32[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2020-11-13 13:59:07 32[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 195.xxx.xxx.xxx is IP: 195.xxx.xxx.xxx
2020-11-13 13:59:07 32[APP]
2020-11-13 13:59:07 32[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del 80.187.84.13/32 dev ipsec0 src 195.xxx.xxx.xxx table 220': success 0
2020-11-13 13:59:07 32[APP] [COP-UPDOWN] (add_routes) no routes to del for SMI_L2TP on interface ipsec0
2020-11-13 13:59:07 32[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2020-11-13 13:59:07 32[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2020-11-13 13:59:07 32[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"195.xxx.xxx.xxx","peer":"80.187.84.13","mynet":"195.xxx.xxx.xxx/32","peernet":"80.187.84.13/32","connop":"0","iface":"unknown","myproto":"17","myport":"1701","peerproto":"17","peerport":"51321","conntype":"hth","actnet":"","compress":"0","conn_id":"1"}'': error returned 255

    Thanks & Greetings

    Christian

  • 0 in reply to Net Sn00p

    Anyone an idea?

    The crazy thing is, that i can connect over LTE. But not over the mikrotik router.

    For testing i have connected to a sophos sg and a tmg firewall over the mikrotik router and it works fine. I have also tested a pfsense and a Fritz!box 7490 and it will work with the sophos sg and the tmg firewall, but not with the sophos xg.

    Thanks & Greetings

    Christian