Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Subscribers 5 subscribers
  • Views 4717 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with VPN IPsec

thomas bodin

I everyone,

 

 

I work today on UTM Sophos and i would like to create a vpn connection between 2 UTM, but i have one problem with that.

When i go to Site-tp-site VPN and choose IPsec, my connection doesn't work. I look the Open Live log and i watch that : 

 

2019:05:24-10:34:24 utminfotec pluto[17747]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2019:05:24-10:34:24 utminfotec pluto[17747]: loading aa certificates from '/etc/ipsec.d/aacerts'
2019:05:24-10:34:24 utminfotec pluto[17747]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2019:05:24-10:34:24 utminfotec pluto[17747]: loading attribute certificates from '/etc/ipsec.d/acerts'
 
2019:05:24-10:34:24 utminfotec pluto[17747]: Changing to directory '/etc/ipsec.d/crls'
 
2019:05:24-10:34:24 utminfotec ipsec_starter[17740]: no default route - cannot cope with %defaultroute!!!
2019:05:24-10:34:24 utminfotec pluto[17747]: "S_VPNInfotec-Maison2": deleting connection
2019:05:24-10:34:24 utminfotec pluto[17747]: "S_VPNInfotec-Maison2" #5: deleting state (STATE_MAIN_I1)
2019:05:24-10:34:24 utminfotec pluto[17747]: added connection description "S_VPNInfotec-Maison2"
2019:05:24-10:34:24 utminfotec pluto[17747]: "S_VPNInfotec-Maison2" #6: initiating Main Mode

 

I think the issue was here but i don't found solution about that and i search everywhere  !!!

 

I hope you can help me

 

Thomas 



This thread was automatically locked due to age.
Parents
  • 0

    Salut Thomas and welcome to the UTM Community!

    Please show us pictures of the Edits of the IPsec Connection and Remote Gateway from both UTMs and also of the Edits of the Interface used in each IPsec Connection.

    Do the following for the IPsec log:

    1. Confirm that Debug is not enabled.
    2. Disable the IPsec Connection.
    3. Start the IPsec Live Log and wait for it to begin to populate.
    4. Enable the IPsec Connection.
    5. Show us about 60 lines from enabling through the error.  Or through the line containing "IPsec SA established."

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I'm sorry but i have a new error now, i give you a capture.

    I know it's about Key but i look everywere and don't find anything again :/ 

     

     

    Thanks for All

     

     

    Thomas 

  • 0 in reply to thomas bodin

    Two things, Thomas.  First, leave the 'VPN ID' blank in both Remote Gateway definitions.  If that doesn't fix the problem, try with a very simple PSK.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I thanks for your answer.

     

    Always the same problems with : 2019:05:31-09:03:49 utminfotec ipsec_starter[6795]: no default route - cannot cope with %defaultroute!!!

     

    I don't know why it's not working :/ 

    NAT can be the problem ?!

     

    Thanks for reading

     

    Thomas

  • 0 in reply to thomas bodin

    Hi Thomas, 

    In your pictures, your local interface is named 'Internal'. Are you sure this interface has a default gateway set to it?

    If not, this should be your WAN interface or (External). 

Reply Children
No Data
Unfiltered HTML