This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP VPN establishing but traffic to my LAN failed

Dear community

I have config L2TP VPN Server on my Sophos XG 16.05. On my PC macOS sierra the VPN client established correctly but traffic to my LAN no working.

I have a Network rule on Firewall VPN --> LAN and LAN --> VPN for any service.

Figure 1. L2TP VPN established status

Figure 2. L2TP config

Figure 3. L2TP macOS interface

Figure 3. Network rule

Please help me. On my before firewall Sophos SG 220 Firewall L2TP vpn on macOS sierra working fine.

Thanks

This thread was automatically locked due to age.

Fabian Uribe over 8 years ago

the config L2TP VPN review from https://community.sophos.com/kb/en-us/125446

And review this forum https://community.sophos.com/products/xg-firewall/f/network-and-routing/87520/l2tp-connecting-but-traffic-is-failing

but the problem continues.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
lferrara over 8 years ago in reply to Fabian Uribe

Fabian,

can you execute a drop-packet-capture "x.x.x.x" from your XG console where XG is your Remote IP users and the second time the Local IP received by the users.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
Aditya Patel over 8 years ago in reply to Fabian Uribe

HI Fabian

On your Mac Machine could you print out the output Inside the Terminal application, the route print command is "netstat -nr". This will display the current routing table for the logged-in user.

You may need to check if the Route towards the VPN is lower metric value , also could you take a TCP dump if the traffic is incoming onto the Device. The command for the same is

console > tcpdump 'host <Public address of your Home Network >

You should see tun0 incoming and as Suggested by LUK take the capture of the drop packets as well .
Cancel
Vote Up 0 Vote Down

Cancel
Richie Rich over 6 years ago

Hi there

I spent many weeks trying to get the LT2P VPN to work using a remote Windows 7 client and whilst the SOPHOS supplied article worked (re below) there was much information missing from it to make it truly useful in the way that one would hope.

Firstly you need to create a firewall rule that allows any traffic from the VPN zone to the LAN zone.

and then secondly what took me the longest thing to figure out (without spending more wasted hours on needless routing) was that by assigning the VPN clients IP addresses from the same LAN subnet range I magically had access to network resources..

Previously I had assigned VPN clients IP addresses from a different subnet to segment things however this gave me no joy as I couldn't find a gateway field to define so I guessed it was a routing issue so I decided to see if assigning IP addresses from the same subnet as the LAN might work and bingo it did much to my relief :)

https://community.sophos.com/kb/en-us/125446

Hope this helps someone out

cheers

Rich

(running x2 XG230 v17.5 bios in Active Passive Mode with all modules enabled)
Cancel
Vote Up 0 Vote Down

Cancel