I am trying to setup an site-to-site vpn between a sophos xg (fw 17.0.2 MR-2) an a fritzbox 7590 with fritz-os 6.90. With the old utm it works, but now we changed to new sophos xg and i have no success with the vpn.
xg config
IPSec Connection
IPSec Profile
Fritzbox cfg File
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "farmsen_site2site";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 85.183.26.35;
local_virtualip = 0.0.0.0;
remoteip = 217.92.231.115;
remote_virtualip = 0.0.0.0;
localid {
ipaddr = 85.0.0.0;
}
remoteid {
ipaddr = 217.0.0.0;
}
mode = phase1_mode_idp;
phase1ss = "dh14/aes/sha";
keytype = connkeytype_pre_shared;
key = "key";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.3.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.0.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "permit ip any 192.168.0.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
In the fritzbox log i get an ike error 0x2026 and the connection is not established.
This thread was automatically locked due to age.
