Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 1 subscriber
  • Views 9378 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP over IPSEC VPN Problems with Mac OS and iphone

sfischer
Hi,

I've setup a VPN connection (L2TP over IPSC / Astaro V7.504) between my brandnew MAC Pro.
Connection get's established, MacPro gets via DHCP an IP Adress out of the VPN (L2TP) Range.
But I can't ping an internel server.

I tried it with with and without sending all traffic through the tunnel.
I also set up filter rules.
Also iphone gets VPN established, but pinging an internal server is not possible.

Any ideas.
Screenshoot from a running tunnel whould really help.

Thanks, Stefan


This thread was automatically locked due to age.
  • 0
    Have you checked your Packet Filter live log?
  • 0
    Is this the problem with the internal domain being .local?  There's a setting on the Mac, I think, but I don't know of one for the iPhone.  From my iPhone, I have to use numeric IPs in that case.  Try a google: site:astaro.org iPhone Mac L2TP local.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi,
    after establishing the L2TP over Ipsec VPN,
    I can ping 10.242.3.2 (my mac book) and I can ping 10.242.3.1 (astaro).
    I can't ping any IP address of the internal network.

    Thx,
    Stefan
  • 0
    Did you try jetkins' suggestion?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    with send all traffic through vpn tunnel, now it works to ping internal servers.
    WOrks with Ip-addrs and with fqdn (nodenames).

    But I can't surf to outside websites
  • 0
    Stefan, Like jetkins says, what do you see in the packet filter log?

    What happens if you set up a split tunnel and add a static route in the client for your internal network?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    ok,
    in a couple of hours, when I' m at home, I will do the paket filter stuff.

    But how can I set a static route on my MAC OS client ?, and on my iphone ?

    stefan
  • 0
    Your best bet may be to send all traffic down the VPN and then add rules to let it get back out to the internet.  I believe you'll need one or both of:

    • VPN Pool (L2TP) -> WAN Masquerading rule
    • VPN Pool (L2TP) -> Any -> Internet Packet Filter rule
  • 0
    Stefan, I just read this thread again.  If you are using the same DHCP server for L2TP as the one that assigns internal IPs, then that was the reason for your problem (been there, done that).  According to Astaro, this worked before an error was fixed in V7.400. 

    If the VPN client has an IP in the range of "Internal (Network)", your ping reaches the internal servers, but they don't know where to send the response.

    If you want to use a split tunnel, just replace the DHCP server with the standard "VPN Pool (L2TP)" definition 10.242.3.0/24.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner