Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 8429 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I cannot get L2TP to work

Stefan Onken

Hello,

I have three UTM installations (two commercials and my private one) and I am not able to get L2TP to work. Before the upgrade to IOS 10.x, the users with remote access where using PPTP connections which was working fine. Now this options is dropped (I know for good reasons), but I am not able to get any alternative to work. 

Maybe I have some wrong thinking, hopefully you can get me back on track:

1) UTM Setup:

L2TP: Interface: the external interface. I double checked many times

Auth Mode: Preshared Keys: I double checked many times

IP : IP Address Pool (VPN Pool L2TP, which is 10.242.3.0/24)

Auth: Local with only one user (me) and Password

 

1b) Firewall: 
VPN Pool (L2TP) -> ANY : ALLOWED 

 

2) IOS Setup:

Server: external IP 

Account: my local user

Pass: my local pass

Shared Secret: the preshared keys of the UTM

 

 

Log von der Astaro: (80.197.99.53 is my local IP of the  Ipad I am using for testing)

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [RFC 3947]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]

2016:10:02-10:19:08 uk2 pluto[6251]: packet from 80.187.99.53:500: received Vendor ID payload [Dead Peer Detection]

2016:10:02-10:19:08 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1"[7] 80.187.99.53 #103: responding to Main Mode from unknown peer 80.187.99.53

2016:10:02-10:19:09 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1"[7] 80.187.99.53 #103: ignoring informational payload, type IPSEC_INITIAL_CONTACT

2016:10:02-10:19:09 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1"[7] 80.187.99.53 #103: Peer ID is ID_IPV4_ADDR: '10.107.129.25'

2016:10:02-10:19:09 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1" 80.187.99.53 #103: deleting connection "L_REF_ptODrOpDgZ_1"[7] instance with peer 80.187.99.53 {isakmp=#0/ipsec=#0}

2016:10:02-10:19:09 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1" 80.187.99.53 #103: Dead Peer Detection (RFC 3706) enabled

2016:10:02-10:19:09 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1" 80.187.99.53 #103: sent MR3, ISAKMP SA established

2016:10:02-10:19:10 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_0"[4] 80.187.99.53 #104: responding to Quick Mode

2016:10:02-10:19:10 uk2 openl2tpd[6084]: FUNC: tunl 31450: allocated context using profile 'default', created by network request

2016:10:02-10:19:10 uk2 openl2tpd[6084]: PROTO: tunl 31450: SCCRQ received from peer 17

2016:10:02-10:19:10 uk2 openl2tpd[6084]: FSM: CCE(31450) event SCCRQ_ACCEPT in state IDLE

2016:10:02-10:19:10 uk2 openl2tpd[6084]: PROTO: tunl 31450: adjust tx_window_size: peer=4, ours=10

2016:10:02-10:19:10 uk2 openl2tpd[6084]: PROTO: tunl 31450: sending SCCRP to peer 17

2016:10:02-10:19:10 uk2 openl2tpd[6084]: FSM: CCE(31450) state change: IDLE --> WAITCTLCONN

2016:10:02-10:19:10 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_0"[4] 80.187.99.53 #104: IPsec SA established {ESP=>0x0b433ff7 <0xb861e578 DPD}

2016:10:02-10:19:18 uk2 openl2tpd[6084]: FSM: CCE(31450) event XPRT_DOWN in state WAITCTLCONN

2016:10:02-10:19:18 uk2 openl2tpd[6084]: PROTO: tunl 31450: sending STOPCCN to peer 17

2016:10:02-10:19:18 uk2 openl2tpd[6084]: FSM: CCE(31450) state change: WAITCTLCONN --> CLOSING

2016:10:02-10:19:19 uk2 openl2tpd[6084]: FSM: CCE(31450) event XPRT_DOWN in state CLOSING

2016:10:02-10:19:30 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1" 80.187.99.53 #103: received Delete SA(0x0b433ff7) payload: deleting IPSEC State #104

2016:10:02-10:19:30 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1" 80.187.99.53 #103: deleting connection "L_REF_ptODrOpDgZ_0"[4] instance with peer 80.187.99.53 {isakmp=#0/ipsec=#0}

2016:10:02-10:19:30 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1" 80.187.99.53 #103: received Delete SA payload: deleting ISAKMP State #103

2016:10:02-10:19:30 uk2 pluto[6251]: "L_REF_ptODrOpDgZ_1"  80.187.99.53: deleting connection "L_REF_ptODrOpDgZ_1" instance with peer 80.187.99.53 {isakmp=#0/ipsec=#0}

2016:10:02-10:19:30 uk2 pluto[6251]: ERROR: asynchronous network error report on eth2 for message to 80.187.99.53 port 500, complainant 80.187.99.53: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]

2016:10:02-10:19:30 uk2 pluto[6251]: ERROR: asynchronous network error report on eth2 for message to 80.187.99.53 port 500, complainant 80.187.99.53: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]

 

Any idea?

 

Stonki

 



This thread was automatically locked due to age.
Parents Reply Children
No Data