Quantcast
Channel: Sophos User Bulletin Board
Viewing all articles
Browse latest Browse all 14361

Establishing remote access VPN

December 6, 2012, 12:05 pm
$
0
0
Hi All,
I'm trying to set up remote access VPN to my home LAN which is protected by an Astaro UTM 9.x gateway. I'm wanting to use L2TP over IPsec but can't get the link to establish through my external NIC. Using the same settings (except to change the VPN to 'internal interface') I can establish a stable VPN via the LAN side of the gateway. I've tried disabling as amny security feature as I can think of and have set up a rule for allow 'anything to anywhere' but it's got me beat!
I've copied in the VPN logs in the hope that it means something to someone...
Thanks,
Colin

(PS - sorry this will look like War & Peace)

External interface (WAN) – can’t establish VPN

CandCB pluto[21248]: loading secrets from "/etc/ipsec.secrets"
CandCB pluto[21248]: loaded PSK secret for 88.104.166.168 %any
CandCB pluto[21248]: forgetting secrets
CandCB pluto[21248]: loading secrets from "/etc/ipsec.secrets"
CandCB pluto[21248]: loaded PSK secret for 88.104.166.168 %any
CandCB pluto[21248]: loading ca certificates from '/etc/ipsec.d/cacerts'
CandCB pluto[21248]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
CandCB pluto[21248]: loading aa certificates from '/etc/ipsec.d/aacerts'
CandCB pluto[21248]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
CandCB pluto[21248]: loading attribute certificates from '/etc/ipsec.d/acerts'
CandCB pluto[21248]: Changing to directory '/etc/ipsec.d/crls'
CandCB pluto[21248]: "S_for RemoteUser": deleting connection
CandCB pluto[21248]: "S_for RemoteUser": deleting connection
CandCB pluto[21248]: added connection description "S_for RemoteUser"
CandCB pluto[21248]: added connection description "S_for RemoteUser"
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [FRAGMENTATION]
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [Vid-Initial-Contact]
CandCB pluto[21248]: "S_for RemoteUser"[1] 88.104.166.254 #67: responding to Main Mode from unknown peer 88.104.166.254
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [FRAGMENTATION]
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [Vid-Initial-Contact]
CandCB pluto[21248]: "S_for RemoteUser"[1] 88.104.166.254 #68: responding to Main Mode from unknown peer 88.104.166.254
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [FRAGMENTATION]
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [Vid-Initial-Contact]
CandCB pluto[21248]: "S_for RemoteUser"[1] 88.104.166.254 #69: responding to Main Mode from unknown peer 88.104.166.254
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [FRAGMENTATION]
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [Vid-Initial-Contact]
CandCB pluto[21248]: "S_for RemoteUser"[1] 88.104.166.254 #70: responding to Main Mode from unknown peer 88.104.166.254
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [FRAGMENTATION]
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [Vid-Initial-Contact]
CandCB pluto[21248]: "S_for RemoteUser"[1] 88.104.166.254 #71: responding to Main Mode from unknown peer 88.104.166.254
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [FRAGMENTATION]
CandCB pluto[21248]: packet from 88.104.166.254:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Vendor ID payload [Vid-Initial-Contact]
2012:12:06-19:35:15 CandCB pluto[21248]: "S_for RemoteUser"[1] 88.104.166.254 #72: responding to Main Mode from unknown peer 88.104.166.254
2012:12:06-19:35:22 CandCB pluto[21248]: packet from 88.104.166.254:500: ignoring Delete SA payload: not encrypted

Internal interface – VPN works fine
CandCB pluto[21248]: packet from 192.168.0.99:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
CandCB pluto[21248]: packet from 192.168.0.99:500: ignoring Vendor ID payload [FRAGMENTATION]
CandCB pluto[21248]: packet from 192.168.0.99:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
CandCB pluto[21248]: packet from 192.168.0.99:500: ignoring Vendor ID payload [Vid-Initial-Contact]
CandCB pluto[21248]: "S_for RemoteUser"[1] 192.168.0.99 #73: responding to Main Mode from unknown peer 192.168.0.99
CandCB pluto[21248]: "S_for RemoteUser"[1] 192.168.0.99 #73: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
CandCB pluto[21248]: "S_for RemoteUser"[1] 192.168.0.99 #73: Peer ID is ID_IPV4_ADDR: '192.168.0.99'
CandCB pluto[21248]: "S_for RemoteUser"[1] 192.168.0.99 #73: sent MR3, ISAKMP SA established
CandCB pluto[21248]: "S_for RemoteUser"[1] 192.168.0.99 #74: responding to Quick Mode
CandCB pluto[21248]: "S_for RemoteUser"[1] 192.168.0.99 #74: IPsec SA established {ESP=>0x4a5b7498 <0xa07a9157}
CandCB openl2tpd[25731]: FUNC: tunl 11823: allocated context using profile 'default', created by network request
CandCB openl2tpd[25731]: PROTO: tunl 11823: SCCRQ received from peer 1
CandCB openl2tpd[25731]: FSM: CCE(11823) event SCCRQ_ACCEPT in state IDLE
CandCB openl2tpd[25731]: PROTO: tunl 11823: adjust tx_window_size: peer=8, ours=10
CandCB openl2tpd[25731]: PROTO: tunl 11823: sending SCCRP to peer 1
CandCB openl2tpd[25731]: FSM: CCE(11823) state change: IDLE --> WAITCTLCONN
CandCB openl2tpd[25731]: PROTO: tunl 11823: SCCCN received from peer 1
CandCB openl2tpd[25731]: FSM: CCE(11823) event SCCCN_ACCEPT in state WAITCTLCONN
CandCB openl2tpd[25731]: FUNC: tunl 11823 up
CandCB openl2tpd[25731]: FSM: CCE(11823) state change: WAITCTLCONN --> ESTABLISHED
CandCB openl2tpd[25731]: PROTO: tunl 11823/0: ICRQ received from peer 1
CandCB openl2tpd[25731]: PROTO: tunl 11823/19360: sending ICRP to peer 1/1
CandCB openl2tpd[25731]: PROTO: tunl 11823/19360: ICCN received from peer 1
CandCB pppd-l2tp[5852]: Plugin aua.so loaded.
CandCB pppd-l2tp[5852]: AUA plugin initialized.
CandCB pppd-l2tp[5852]: Plugin ippool.so loaded.
CandCB pppd-l2tp[5852]: Plugin pppol2tp.so loaded.
CandCB pppd-l2tp[5852]: pppd 2.4.5 started by (unknown), uid 0
CandCB pppd-l2tp[5852]: using channel 23
CandCB pppd-l2tp[5852]: Using interface ppp1
CandCB pppd-l2tp[5852]: Connect: ppp1 <-->
CandCB pppd-l2tp[5852]: Overriding mtu 1500 to 1380
CandCB pppd-l2tp[5852]: PPPoL2TP options: lnsmode tid 11823 sid 19360 debugmask 0
CandCB pppd-l2tp[5852]: Overriding mru 1500 to mtu value 1380
CandCB pppd-l2tp[5852]: sent [LCP ConfReq id=0x1 <mru 1380> <asyncmap 0x0> <auth chap MS-v2> <magic 0xff87bcd9>]
Search
Viewing all articles
Browse latest Browse all 14361

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search