It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

L2TP connetcion does not establish

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00005112 
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x


L2TP connections cannot be established from any client. Error messages alike the following ones are written to the "VPN service" > ike log:


Notice exchange_run: doi->responder (0x83ca8c8) failed
Notice ipsec_get_keystate: no keystate in ISAKMP SA 0x83ca9b0
Notice SIGHUP received
Notice isakmpd: reinitializing daemon
Notice x509_cert_subjectaltname: certificate does not contain subjectAltName
Notice SIGHUP received 



The IPSEC connection of L2TP cannot be established because the default server certificate is missing.

Import a non self-signed default server certificate. Non self-signed means that the certificate mustn't be signed by the same "VPN service" as the one it is imported into. You may use a certificate from an external PKI or a self-signed server certificate from another "VPN service".


Import or create a self-signed (use Ex/Import button) certificate via "Config" > "Box" > "Virtual Servers" > "Affected Services" > "VPN service" > "VPN Settings" > "Settings" > "Click here for Server Settings" > "Default Server Certificate".

































The "SubAltName" MUST be set in default server certificate for a sucessfully L2TP connection. Set a FQDN as value..





Link to This Page: