Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 9032 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outbound L2TP/IPSEC VPN fails

Karl Miller

 Just installed a Sophos UTM 9 Home edition firewall.  Everything appears to be working well, but when I attempt to connect to a client VPN from my laptop on the internal network, I get a 789 error and it never connects.  

So my laptop on internal network - to UTM - to L2TP/IPSEC 

I have tried to review logs, but haven't found anything that explains why it isn't working.  I created a new firewall rule to allow all VPN protocols from my laptop to the endpoint VPN address.  Prior to doing that I saw dropped UDP traffic, but since that change, I don't see anything.  I also enabled logging on that firewall rule, but don't  know where to find those logs

Is there a simple box to check to allow outbound VPN traffic somewhere?  I also saw an earlier post that mentions a packet trace log, but I don't see anything like that from the UTM management web interface.  

 



This thread was automatically locked due to age.
  • 0

    Logs can be found at:

    Logging and reporting... view log files

    Todays files sre on the first tab.  To see new data, choose live log, ignore what is displayed, and watch for new entries to appear at tbe bottom.

    To see earluer entries, choose view (for small files), or check the box and pick download (at tbe bottom of tbe page).

    Prior day fes are on tbe Archived tab, grouped by month and log type, and can only by downloaded.

    Search tab is useful when you know what you need to find, and it can sesrch across multiple days.

    Download file has .gz extension and can be uncompressed with 7zip, which is a free download utility (but not from Sophos)

    You need to be looking at tbe fitewall log file.

  • 0

    Hi, Karl, and welcome to the UTM Community!

    The "packet trace" capability is with tcpdump at the command line, but I think you just need #1 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1 in reply to BAlfson

    #1 didn't help me, but rule 3.1 did.  I remembered when I setup my UTM initially, I didn't have 2 NICs in the configuration and had to add it later.  I had looked at Masquerading earlier, but there wasn't anything there and 'assumed' that the system would auto create one if it needed it.  Anyway, I create a rule for the internal network and now my VPNs connect quickly.

     

    Thanks!

Unfiltered HTML