It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

L2TP connetcion does not establish

  • Type: Knowledgebase
  • Date changed: one year ago
Solution #00005112 
 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:

L2TP connections cannot be established from any client. Error messages alike the following ones are written to the "VPN service" > ike log:

 

Notice exchange_run: doi->responder (0x83ca8c8) failed
Notice ipsec_get_keystate: no keystate in ISAKMP SA 0x83ca9b0
Notice SIGHUP received
Notice isakmpd: reinitializing daemon
Notice x509_cert_subjectaltname: certificate does not contain subjectAltName
Notice SIGHUP received 


 

Solution:

The IPSEC connection of L2TP cannot be established because the default server certificate is missing.

Import a non self-signed default server certificate. Non self-signed means that the certificate mustn't be signed by the same "VPN service" as the one it is imported into. You may use a certificate from an external PKI or a self-signed server certificate from another "VPN service".

 

Import or create a self-signed (use Ex/Import button) certificate via "Config" > "Box" > "Virtual Servers" > "Affected Services" > "VPN service" > "VPN Settings" > "Settings" > "Click here for Server Settings" > "Default Server Certificate".

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


The "SubAltName" MUST be set in default server certificate for a sucessfully L2TP connection. Set a FQDN as value..

 

Example:

DNS:test.box.com

 

 

Link to This Page:
http://www.barracuda.com/kb?id=???