Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 3076 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP Connecting but traffic is failing

ZaneDonaldson

Hey all,

 

I am battling an L2TP vpn issue.  the tunnel is connecting and authenticating but not passing all LAN traffic. 

From the remote side, I am able to ping the LAN interface on the XG.  I am not able to ping anything else on the LAN.

I ran a tcpdump with a filter for the ip address of the remote host.  here are the results:

 tcpdump host 10.10.160.1
tcpdump: Starting Packet Dump
15:09:21.430358 ppp0, IN: IP 10.10.160.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:09:22.157554 ppp0, IN: IP 10.10.160.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:09:22.957321 ppp0, IN: IP 10.10.160.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
15:09:32.706857 ppp0, IN: IP 10.10.160.1.64666 > shgdc1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:32.706971 Port1, OUT: IP 10.10.160.1.64666 > shgdc1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:33.578819 ppp0, IN: IP 10.10.160.1.64666 > shg1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:33.578947 Port1, OUT: IP 10.10.160.1.64666 > shg1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:33.620377 Port1, IN: ARP, Request who-has 10.10.160.1 tell shg1.shg-inc.local, length 46
15:09:34.529426 Port1, IN: ARP, Request who-has 10.10.160.1 tell shg1.shg-inc.local, length 46
15:09:34.579021 ppp0, IN: IP 10.10.160.1.64666 > shg1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:34.579291 Port1, OUT: IP 10.10.160.1.64666 > shg1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:34.586830 ppp0, IN: IP 10.10.160.1 > 10.10.2.1: ICMP echo request, id 1, seq 6, length 40
15:09:34.586846 ppp0, OUT: IP 10.10.2.1 > 10.10.160.1: ICMP echo reply, id 1, seq 6, length 40
15:09:35.559031 Port1, IN: ARP, Request who-has 10.10.160.1 tell shg1.shg-inc.local, length 46
15:09:35.620474 ppp0, IN: IP 10.10.160.1 > 10.10.2.1: ICMP echo request, id 1, seq 7, length 40
15:09:35.620489 ppp0, OUT: IP 10.10.2.1 > 10.10.160.1: ICMP echo reply, id 1, seq 7, length 40
15:09:36.526390 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:36.618928 ppp0, IN: IP 10.10.160.1.64666 > shgdc1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:36.619014 Port1, OUT: IP 10.10.160.1.64666 > shgdc1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:36.626409 ppp0, IN: IP 10.10.160.1.64666 > shg1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:36.626482 Port1, OUT: IP 10.10.160.1.64666 > shg1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:36.626733 Port1, IN: ARP, Request who-has 10.10.160.1 tell shg1.shg-inc.local, length 46
15:09:36.699233 ppp0, IN: IP 10.10.160.1 > 10.10.2.1: ICMP echo request, id 1, seq 8, length 40
15:09:36.699248 ppp0, OUT: IP 10.10.2.1 > 10.10.160.1: ICMP echo reply, id 1, seq 8, length 40
15:09:37.408472 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:37.618250 Port1, IN: ARP, Request who-has 10.10.160.1 tell shg1.shg-inc.local, length 46
15:09:37.739003 ppp0, IN: IP 10.10.160.1 > 10.10.2.1: ICMP echo request, id 1, seq 9, length 40
15:09:37.739018 ppp0, OUT: IP 10.10.2.1 > 10.10.160.1: ICMP echo reply, id 1, seq 9, length 40
15:09:38.408497 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:38.647852 Port1, IN: ARP, Request who-has 10.10.160.1 tell shg1.shg-inc.local, length 46
15:09:40.587256 ppp0, IN: IP 10.10.160.1.64666 > shgdc1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:40.588491 Port1, OUT: IP 10.10.160.1.64666 > shgdc1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:40.588617 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:40.627419 ppp0, IN: IP 10.10.160.1.64666 > shg1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:40.627557 Port1, OUT: IP 10.10.160.1.64666 > shg1.shg-inc.local.domain: 4925+ A? www.msftncsi.com. (34)
15:09:40.627850 Port1, IN: ARP, Request who-has 10.10.160.1 tell shg1.shg-inc.local, length 46
15:09:41.221892 Port1, IN: ARP, Request who-has 10.10.160.1 tell shg1.shg-inc.local, length 46
15:09:41.417601 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:42.251601 Port1, IN: ARP, Request who-has 10.10.160.1 tell shg1.shg-inc.local, length 46
15:09:42.409066 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:45.859120 ppp0, IN: IP 10.10.160.1 > shgdc1.shg-inc.local: ICMP echo request, id 1, seq 10, length 40
15:09:45.859332 Port1, OUT: IP 10.10.160.1 > shgdc1.shg-inc.local: ICMP echo request, id 1, seq 10, length 40
15:09:45.859416 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:46.412923 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:47.412838 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:50.546965 ppp0, IN: IP 10.10.160.1 > shgdc1.shg-inc.local: ICMP echo request, id 1, seq 11, length 40
15:09:50.547039 Port1, OUT: IP 10.10.160.1 > shgdc1.shg-inc.local: ICMP echo request, id 1, seq 11, length 40
15:09:50.547334 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:51.413142 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:52.413363 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:55.539010 ppp0, IN: IP 10.10.160.1 > shgdc1.shg-inc.local: ICMP echo request, id 1, seq 12, length 40
15:09:55.539174 Port1, OUT: IP 10.10.160.1 > shgdc1.shg-inc.local: ICMP echo request, id 1, seq 12, length 40
15:09:55.539418 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:56.413377 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46
15:09:57.413381 Port1, IN: ARP, Request who-has 10.10.160.1 tell shgdc1.shg-inc.local, length 46

on a host behind the XG, I am unable to ping the address of the remote host.

any ideas?

 



This thread was automatically locked due to age.
  • 0

    more information:

    the remote client I am using to test is a Microsoft Surface RT running Windows 8.1  I have already implemented the Windows Firewall change detailed here:
    https://community.sophos.com/kb/en-us/125226

     

    when  log in as local admin on the surface, I am able to create the tunnel and login, as mentioned above.  I am logging in with a user's vpn credentials, which is a local account on the XG.

    if I log into the surface using the end user's account, then attempt to vpn using the same credentials as above, it won't create the tunnel at all.

     

    so I'm getting quite mixed and confusing results at this point.