We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

L2TP connetcion does not establish

  • Type: Knowledgebase
  • Date changed: 5 months ago
Solution #00005112 
 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:

L2TP connections cannot be established from any client. Error messages alike the following ones are written to the "VPN service" > ike log:

 

Notice exchange_run: doi->responder (0x83ca8c8) failed
Notice ipsec_get_keystate: no keystate in ISAKMP SA 0x83ca9b0
Notice SIGHUP received
Notice isakmpd: reinitializing daemon
Notice x509_cert_subjectaltname: certificate does not contain subjectAltName
Notice SIGHUP received 


 

Solution:

The IPSEC connection of L2TP cannot be established because the default server certificate is missing.

Import a non self-signed default server certificate. Non self-signed means that the certificate mustn't be signed by the same "VPN service" as the one it is imported into. You may use a certificate from an external PKI or a self-signed server certificate from another "VPN service".

 

Import or create a self-signed (use Ex/Import button) certificate via "Config" > "Box" > "Virtual Servers" > "Affected Services" > "VPN service" > "VPN Settings" > "Settings" > "Click here for Server Settings" > "Default Server Certificate".

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


The "SubAltName" MUST be set in default server certificate for a sucessfully L2TP connection. Set a FQDN as value..

 

Example:

DNS:test.box.com

 

 

Link to This Page:
http://www.barracuda.com/kb?id=???