Hi, hoping someone can help assist with getting our L2TP VPN working with our RADIUS server.
Running an XG210 on SFOS 16.01.1
Experiencing same issue as this thread: https://community.sophos.com/products/xg-firewall/f/vpn/77206/pptp-l2tp-radius-authentication-failing
- Local user authentication works fine for L2TP
- RADIUS server is setup. Using "Test Connection" is successful with the user i'm trying to VPN in as.
- able to login to the admin portal using RADIUS with same user.
- RADIUS server selected as L2TP authentication method
- using preshared key for L2TP
- RADIUS server is running on our AD server, using AD as the authentication backend
- network policy rules set up for LAN/VPN, VPN/LAN and VPN/WAN
Currently the only client I have access to is my iPhone 6 running iOS 9.3.3
Logs:
|
2016-10-26 09:23:12
|
L2TP
|
SUCCESSFUL
|
-
|
LCP : Negotiation Closed for 166.xxx.xx.45
|
|
2016-10-26 09:23:06
|
IPsec
|
SUCCESSFUL
|
-
|
"GavantL2TP" SA-MGT: Deleting connection instance with peer 166.xxx.xx.45, isakmp=0, ipsec=0
|
|
2016-10-26 09:23:06
|
IPsec
|
SUCCESSFUL
|
-
|
GavantL2TP SA-MGT: Peer requested to delete Phase-1 SA. Deleting ISAKMP state 154
|
|
2016-10-26 09:23:06
|
IPsec
|
TERMINATED
|
-
|
IPSec Connection GavantL2TP between 208.xxx.xxx.146 and 166.xxx.xx.45 terminated.
|
|
2016-10-26 09:23:06
|
IPsec
|
SUCCESSFUL
|
-
|
GavantL2TP SA-MGT: Peer requested to delete Phase-2 SA. Deleting IPSEC state 155
|
|
2016-10-26 09:23:06
|
L2TP
|
FAILED
|
-
|
LCP : Negotiation Closing for 166.xxx.xx.45 : Authentication failed
|
|
2016-10-26 09:23:06
|
L2TP
|
FAILED
|
-
|
IPCP : Taking IPCP down for 166.xxx.xx.45 : LCP down
|
|
2016-10-26 09:23:06
|
L2TP
|
FAILED
|
-
|
CHAP : Authentication Failed for User chostetter
|
|
2016-10-26 09:23:06
|
L2TP
|
SUCCESSFUL
|
-
|
CHAP : Starting Authentication
|
|
2016-10-26 09:23:06
|
L2TP
|
SUCCESSFUL
|
-
|
LCP : Link Established for 166.xxx.xx.45
|
|
2016-10-26 09:23:06
|
L2TP
|
SUCCESSFUL
|
-
|
LCP : Negotiation Opening for 166.xxx.xx.45
|
|
2016-10-26 09:23:04
|
IPsec
|
SUCCESSFUL
|
-
|
"GavantL2TP" DPD: Dead peer detection enabled
|
|
2016-10-26 09:23:04
|
IPsec
|
ESTABLISHED
|
-
|
IPSec Connection GavantL2TP between 208.xxx.xxx.146 and 166.xxx.xx.45 established.
|
|
2016-10-26 09:23:04
|
IPsec
|
SUCCESSFUL
|
-
|
GavantL2TP EST-P2: Responding to a Phase-2 establishment request with message id a895ecb1
|
|
2016-10-26 09:23:03
|
IPsec
|
SUCCESSFUL
|
-
|
"GavantL2TP" DPD: Dead peer detection enabled
|
|
2016-10-26 09:23:03
|
IPsec
|
SUCCESSFUL
|
-
|
"GavantL2TP" SA-MGT: Deleting connection instance with peer 166.xxx.xx.45, isakmp=0, ipsec=0
|
|
2016-10-26 09:23:03
|
IPsec
|
SUCCESSFUL
|
-
|
GavantL2TP EST-P1: Switched the connection from GavantL2TP to GavantL2TP. As GavantL2TP configuration matches the reqest better
|
|
2016-10-26 09:23:03
|
IPsec
|
SUCCESSFUL
|
-
|
GavantL2TP EST-P1-MM peer id is ID_IPV4_ADDR: '10.xx.xx.62'
|
|
2016-10-26 09:23:03
|
IPsec
|
SUCCESSFUL
|
-
|
EST-P1: Peer did not accept any proposal sent
|
|
2016-10-26 09:23:03
|
IPsec
|
SUCCESSFUL
|
-
|
NAT-T: Remote Server is behind NAT device
|
Any help or troubleshooting tips would be super appreciated. Thanks!
This thread was automatically locked due to age.
