Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 830 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 L2TP VPN no connection to internal LAN

Luca Kriech

Hello Guys

I have a problem with the l2tp VPN on my UTM9 Firewall.

I activated the l2tp vpn Option, and for the IP's i have chosen the l2tp vpn pool.

I also made a Firewall Rule which allows my VPN User Network to have acces to mit LAN Interface for Services i chose "ANY".

I'm able to connect to the VPN but i don't have access to any devices which are connected to the LAN Port. I have two ESXI Servers which i can manage when i'm connected with an ethernet cable to INTERNAL but over VPN nothing works.

I also made a NAT Masquarading Rule from my vpn pool to external and from my vpn tool to Internal.

I found in this Forum similar problems and tried solutions like, creating a firewall rule which also allows the connection from Internal to my vpn user Network.

I don't have a clue what i should try next, i would be very happy if someone could help me with this Problem.



This thread was automatically locked due to age.
  • 0

    Hello Luca,

    Thank you for contacting the Sophos Community!

    Please share a screenshot of your Firewall rules configures, have you created the Firewall rule base on the user? 

    Also, are you seeing the traffic arriving at the UTM?

    regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0

    Hi emmosophos thanks for your reply

    So as you see in the Screenshot i have a Root User which is the VPN Login User:

    The natting Looks like this:

    This is the User Configuration:

    This is the L2TP configuration (The L2TP IP Pool has a diffrent IP Range then my Internal DHCP Server.)

    On the Firewall Logs i don't see anything like it shouldn't be.

  • 0 in reply to Luca Kriech

    Hello Luca,

    Thank you for the screenshots!

    So if the tunnel is connecting, please do a tcpdump using the IP that the user got from the VPN Pool on the Shell of the UTM, to confirm this traffic is arriving at the UTM.

    If it is doing, maybe you would need to SNAT the traffic as it coming is from the L2TP.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0

    Hallo Luca and welcome to the UTM Community!

    "WAN (Network)" is only the subnet defined on the WAN interface.  I suspect that you want "Internet IPv4" instead.

    You don't want the masquerading rule 'VPN Pool (L2TP) -> Internal' as that can cause problems that are difficult to figure out.

    Also, in UTM creating a "root" user name can lead to confusion.  You will want to use a name that can't be confused with the root user at the command line.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML