Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 7276 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP over IPsec on iOS Fails

JordanMcDonald

Hello! I have a Sophos SG 310 running UTM 9.501. L2TP over IPsec is configured and working from Mac and Windows laptops, but I cannot figure out how to get it to work on iOS devices. I configured the User Portal and logged into it with an iPhone 7 on iOS 10.3.2, then downloaded the VPN Profile and installed it. When I attempt to connect to the VPN on the iPhone, it almost immediately says "The L2TP-VPN server was unreachable. Verify the server address and try reconnecting." As the VPN works in general, I am not sure where the problem is. Nothing is generated in the IPsec VPN Log during these connection attempts.

I am sure I have overlooked something simple, perhaps, but cannot figure it out. The other threads on this community have not shed any light on my particular situation.



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Jordan, and welcome to the UTM Community!

    First, make sure that you've followed The Zeroeth Rule in Rulz.  If you haven't, and L2TP/IPsec is enabled, then a workaround for this problem would be to fill in 'Override hostname' on the 'iOS devices' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi, Jordan, and welcome to the UTM Community!

    First, make sure that you've followed The Zeroeth Rule in Rulz.  If you haven't, and L2TP/IPsec is enabled, then a workaround for this problem would be to fill in 'Override hostname' on the 'iOS devices' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi, Bob - thank you for the welcome! 

    1. Thank you for your suggestion on the Rulz link, I have bookmarked it. I am using the external IP address of our WAN connection as the server address for all clients, laptop and iPhone. In this case, I am skipping over the need for a DynDNS or FQDN. I believe that is an accurate statement?
    2. Knowing that I am pointing directly at the IP, can modifying 'override hostname' help? I am not even sure what I would put in that field, to be honest.

    The only next step I can think of is to try the sub-suggestion in The Zeroeth Rule regarding slickone27's trick: backup the configuration with the checkbox ticked for removing 'Unique site data (license, passwords, certificates/keys, endpoints)', restoring it, and then I guess if it's stripping out passwords I will need to recreate Users? Possibly not.

    Thanks - Jordan

Unfiltered HTML