Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 7392 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec VPN with Windows 7 built-in client

MattLandis

Is it possible to connect a Windows 7 or higher device to the UTM's IPsec VPN via the built-in Windows client? I've successfully managed to get this to work with L2TP but not IPsec on its own. I've setup a X.509 based IPsec VPN.


The Sophos VPN client will connect fine, however when connecting via a windows built-in client I get:

2016:08:09-17:18:21 office-2 pluto[8029]: packet from 172.16.3.30:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
2016:08:09-17:18:21 office-2 pluto[8029]: packet from 172.16.3.30:500: received Vendor ID payload [RFC 3947]
2016:08:09-17:18:21 office-2 pluto[8029]: packet from 172.16.3.30:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2016:08:09-17:18:21 office-2 pluto[8029]: packet from 172.16.3.30:500: ignoring Vendor ID payload [FRAGMENTATION]
2016:08:09-17:18:21 office-2 pluto[8029]: packet from 172.16.3.30:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2016:08:09-17:18:21 office-2 pluto[8029]: packet from 172.16.3.30:500: ignoring Vendor ID payload [Vid-Initial-Contact]
2016:08:09-17:18:21 office-2 pluto[8029]: packet from 172.16.3.30:500: ignoring Vendor ID payload [IKE CGA version 1]
2016:08:09-17:18:21 office-2 pluto[8029]: packet from 172.16.3.30:500: initial Main Mode message received on xx.xx.xx.xx:500 but no connection has been authorized with policy=PUBKEY

Does anyone have any suggestions on what I can check? I'd prefer to use the Windows client if possible as it's easy to control rollout via GPO.


Thanks,

Matt.



This thread was automatically locked due to age.
  • 0

    Hi Matt,

    L2TP over IPSec is the default client for Windows which I think is working fine at your end. I am confused about which Windows IPSec built in client are you pointing towards. Can you guide me setup one of the same for my windows 7 machine so that I can take a test on this?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi Sachin,

    I think I was having a slow moment. Attempting to use the UTM's non-L2TP IPsec VPN with the Windows client. I'm guessing I'd need to find another client if I wanted to use IPsec without L2TP. I'm only really using the non-L2TP option as others have suggested the performance degrades slightly when using L2TP.


    Thanks,

    Matt

  • 0 in reply to MattLandis

    Matt, you might want to go to the feature.astaro.com site to comment on and vote for VPN: IKE V2 Support - this feature request has been around for almost seven years.  Apparently, Sophos made the strategic decision to put the newer version of StrongSWAN into the XG product, but not the UTM, see also Upgrade to modern version of StrongSWAN which uses charon instead of pluto.  It's a pity because I can't see moving anyone from the UTM to XG before 2018.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML