Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 5303 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Access L2TP over IPSec

vikino
Hello,
i've enabled Remote Access on my UTM, but im not able to connect, it is working when i set up firewall rule from Any - service Any - WAN intefrace, it seems to me that some firewall rule needs to be created to open listen ports, am i right? In this How To http://www.sophos.com/en-us/medialibrary/PDFs/documentation/utm90_Remote_Access_Via_L2TP_geng.pdf is nothing about firewall rule from WAN...

Do i need to create Firewall rule manually, or is something wrong?

V.


This thread was automatically locked due to age.
Parents
  • 0
    Hi Bob,
    so...first problem was anywhere in certificates, because i renamed UTM and it did some crap at all, so i made fresh install, debug is disabled, here are the lines from log, im trying to connect from Android 4.4.2 phone...

    2014:07:15-21:49:56 home pluto[5477]: "L_for admin"[11] 46.135.105.3:41784 #107: received Delete SA(0x049d36b2) payload: deleting IPSEC State #108
    2014:07:15-21:49:56 home pluto[5477]: "L_for admin"[11] 46.135.105.3:41784 #107: deleting connection "L_for admin"[4] instance with peer 46.135.105.3 {isakmp=#0/ipsec=#0}
    2014:07:15-21:49:56 home pluto[5477]: "L_for admin"[11] 46.135.105.3:41784 #107: received Delete SA payload: deleting ISAKMP State #107
    2014:07:15-21:49:56 home pluto[5477]: "L_for admin"[11] 46.135.105.3:41784: deleting connection "L_for admin"[11] instance with peer 46.135.105.3 {isakmp=#0/ipsec=#0}
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: received Vendor ID payload [RFC 3947]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: ignoring Vendor ID payload [FRAGMENTATION 80000000]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: received Vendor ID payload [Dead Peer Detection]
    2014:07:15-21:50:01 home pluto[5477]: "L_for admin"[12] 46.135.105.3:55063 #115: responding to Main Mode from unknown peer 46.135.105.3:55063
    2014:07:15-21:50:01 home pluto[5477]: "L_for admin"[12] 46.135.105.3:55063 #115: NAT-Traversal: Result using RFC 3947: peer is NATed
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[12] 46.135.105.3:55063 #115: Peer ID is ID_IPV4_ADDR: '10.23.104.246'
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[13] 46.135.105.3:55063 #115: deleting connection "L_for admin"[12] instance with peer 46.135.105.3 {isakmp=#0/ipsec=#0}
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[13] 46.135.105.3:55063 #115: Dead Peer Detection (RFC 3706) enabled
    2014:07:15-21:50:02 home pluto[5477]: | NAT-T: new mapping 46.135.105.3:55063/41784)
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[13] 46.135.105.3:41784 #115: sent MR3, ISAKMP SA established
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[13] 46.135.105.3:41784 #115: ignoring informational payload, type IPSEC_INITIAL_CONTACT
    2014:07:15-21:50:03 home pluto[5477]: "L_for admin"[5] 46.135.105.3:41784 #116: responding to Quick Mode
    2014:07:15-21:50:03 home pluto[5477]: "L_for admin"[5] 46.135.105.3:41784 #116: IPsec SA established {ESP=>0x039c4dea 
Reply
  • 0
    Hi Bob,
    so...first problem was anywhere in certificates, because i renamed UTM and it did some crap at all, so i made fresh install, debug is disabled, here are the lines from log, im trying to connect from Android 4.4.2 phone...

    2014:07:15-21:49:56 home pluto[5477]: "L_for admin"[11] 46.135.105.3:41784 #107: received Delete SA(0x049d36b2) payload: deleting IPSEC State #108
    2014:07:15-21:49:56 home pluto[5477]: "L_for admin"[11] 46.135.105.3:41784 #107: deleting connection "L_for admin"[4] instance with peer 46.135.105.3 {isakmp=#0/ipsec=#0}
    2014:07:15-21:49:56 home pluto[5477]: "L_for admin"[11] 46.135.105.3:41784 #107: received Delete SA payload: deleting ISAKMP State #107
    2014:07:15-21:49:56 home pluto[5477]: "L_for admin"[11] 46.135.105.3:41784: deleting connection "L_for admin"[11] instance with peer 46.135.105.3 {isakmp=#0/ipsec=#0}
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: received Vendor ID payload [RFC 3947]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: ignoring Vendor ID payload [FRAGMENTATION 80000000]
    2014:07:15-21:50:01 home pluto[5477]: packet from 46.135.105.3:55063: received Vendor ID payload [Dead Peer Detection]
    2014:07:15-21:50:01 home pluto[5477]: "L_for admin"[12] 46.135.105.3:55063 #115: responding to Main Mode from unknown peer 46.135.105.3:55063
    2014:07:15-21:50:01 home pluto[5477]: "L_for admin"[12] 46.135.105.3:55063 #115: NAT-Traversal: Result using RFC 3947: peer is NATed
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[12] 46.135.105.3:55063 #115: Peer ID is ID_IPV4_ADDR: '10.23.104.246'
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[13] 46.135.105.3:55063 #115: deleting connection "L_for admin"[12] instance with peer 46.135.105.3 {isakmp=#0/ipsec=#0}
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[13] 46.135.105.3:55063 #115: Dead Peer Detection (RFC 3706) enabled
    2014:07:15-21:50:02 home pluto[5477]: | NAT-T: new mapping 46.135.105.3:55063/41784)
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[13] 46.135.105.3:41784 #115: sent MR3, ISAKMP SA established
    2014:07:15-21:50:02 home pluto[5477]: "L_for admin"[13] 46.135.105.3:41784 #115: ignoring informational payload, type IPSEC_INITIAL_CONTACT
    2014:07:15-21:50:03 home pluto[5477]: "L_for admin"[5] 46.135.105.3:41784 #116: responding to Quick Mode
    2014:07:15-21:50:03 home pluto[5477]: "L_for admin"[5] 46.135.105.3:41784 #116: IPsec SA established {ESP=>0x039c4dea 
Children
No Data
Unfiltered HTML