Only one client can connect to L2TP/IPSEC server

I have several android tablets at a remote location that I'm trying to connect through an L2TP/IPSEC VPN with PSK. I can connect one device with no problem. Once that device is connected no other device will connect even if the original device isn't connected. If I reboot the server I am able to connected a new device but the problem persist with only once device being allowed to connect. I have made changes to the address pool and I'm now using my local DHCP server. Here's a output of the log file started with the end of the accepted connection to attempting a new connection. 



2012:06:18-14:46:16 ProclaimVPN pppd-l2tp[11329]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="npdemo1" variant="l2tp" srcip="71.22.239.87" virtual_ip="10.1.10.236"
2012:06:18-14:46:16 ProclaimVPN pppd-l2tp[11329]: Script /etc/ppp/ip-up finished (pid 11339), status = 0x0
2012:06:18-14:46:38 ProclaimVPN pluto[10956]: packet from 71.22.239.87:6: received Vendor ID payload [RFC 3947]
2012:06:18-14:46:38 ProclaimVPN pluto[10956]: packet from 71.22.239.87:6: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2012:06:18-14:46:38 ProclaimVPN pluto[10956]: packet from 71.22.239.87:6: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2012:06:18-14:46:38 ProclaimVPN pluto[10956]: packet from 71.22.239.87:6: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2012:06:18-14:46:38 ProclaimVPN pluto[10956]: packet from 71.22.239.87:6: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2012:06:18-14:46:38 ProclaimVPN pluto[10956]: "S_for npdemo1"[1] 71.22.239.87:4500 #3: responding to Main Mode from unknown peer 71.22.239.87:4500
2012:06:18-14:46:38 ProclaimVPN pluto[10956]: | NAT-T: new mapping 71.22.239.87:4500/6)
2012:06:18-14:46:38 ProclaimVPN pluto[10956]: "S_for npdemo1"[1] 71.22.239.87:6 #2: ERROR: netlink response for Add SA esp.7cfdddbe@173.165.184.124 included errno 22: Invalid argument
2012:06:18-14:46:39 ProclaimVPN pluto[10956]: "S_for npdemo1"[1] 71.22.239.87:6 #3: NAT-Traversal: Result using RFC 3947: peer is NATed
2012:06:18-14:46:39 ProclaimVPN pluto[10956]: "S_for npdemo1"[1] 71.22.239.87:6 #3: Peer ID is ID_IPV4_ADDR: '192.168.15.251'
2012:06:18-14:46:39 ProclaimVPN pluto[10956]: | NAT-T: new mapping 71.22.239.87:6/1029)
2012:06:18-14:46:39 ProclaimVPN pluto[10956]: "S_for npdemo1"[1] 71.22.239.87:1029 #2: ERROR: netlink response for Add SA esp.7cfdddbe@173.165.184.124 included errno 22: Invalid argument
2012:06:18-14:46:39 ProclaimVPN pluto[10956]: "S_for npdemo1"[3] 71.22.239.87:1029 #3: sent MR3, ISAKMP SA established
2012:06:18-14:46:39 ProclaimVPN pluto[10956]: "S_for npdemo1"[3] 71.22.239.87:1029 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2012:06:18-14:46:40 ProclaimVPN pluto[10956]: "S_for npdemo1"[2] 71.22.239.87:1029 #4: responding to Quick Mode
2012:06:18-14:46:40 ProclaimVPN pluto[10956]: "S_for npdemo1"[2] 71.22.239.87:1029 #4: IPsec SA established {ESP=>0x06bc4cae 
Parents
  • Hi, ssanford, and welcome to the User BB!

    It sounds like your problem may be an inexpensive router in the remote location that doesn't know how to separate traffic.  Have you tried rebooting the router at the remote location instead of rebooting the Astaro?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, ssanford, and welcome to the User BB!

    It sounds like your problem may be an inexpensive router in the remote location that doesn't know how to separate traffic.  Have you tried rebooting the router at the remote location instead of rebooting the Astaro?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data