Results 1 to 8 of 8
  1. #1
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default Untangle 11.x. Is it a known issue with IOS and OSX clients not able to connect?

    I see another thread here where people report issues with IOS connecting to LT2P on Untangle 11.x. Is this a known issue? If so, can I call support for a solution (we pay for support)?

    I have two Untangle boxes configured exactly the same way. 10.X Untangle box, the LT2P connection from IOS/OSX connects without issue. The 11.x Untangle box, the LT2P connection will fail. When it fails, I look at the Untangle IPSEC logs and they look like this:

    Jan 14 22:34:02 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124: deleting connection "VPN-L2TP-0" instance with peer 166.70.36.124 {isakmp=#0/ipsec=#0}
    Jan 14 22:34:02 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: max number of retransmissions (2) reached STATE_MAIN_R1
    Jan 14 22:33:22 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: sending notification INVALID_PAYLOAD_TYPE to 166.70.36.124:58878
    Jan 14 22:33:22 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
    Jan 14 22:33:15 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: sending notification INVALID_PAYLOAD_TYPE to 166.70.36.124:58878
    Jan 14 22:33:15 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
    Jan 14 22:33:02 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: sending notification INVALID_PAYLOAD_TYPE to 166.70.36.124:58878
    Jan 14 22:33:02 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
    Jan 14 22:33:02 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: sending notification INVALID_PAYLOAD_TYPE to 166.70.36.124:58878
    Jan 14 22:33:02 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
    Jan 14 22:32:59 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: sending notification INVALID_PAYLOAD_TYPE to 166.70.36.124:58878
    Jan 14 22:32:59 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
    Jan 14 22:32:55 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: sending notification INVALID_PAYLOAD_TYPE to 166.70.36.124:58878
    Jan 14 22:32:55 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
    Jan 14 22:32:52 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: sending notification INVALID_PAYLOAD_TYPE to 166.70.36.124:58878
    Jan 14 22:32:52 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_SAK) at the outermost level
    Jan 14 22:32:52 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: STATE_MAIN_R1: sent MR1, expecting MI2
    Jan 14 22:32:52 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    Jan 14 22:32:52 Untangle pluto[12986]: "VPN-L2TP-0"[2] 166.70.36.124 #3: responding to Main Mode from unknown peer 166.70.36.124
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: received Vendor ID payload [Dead Peer Detection]
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: ignoring Vendor ID payload [FRAGMENTATION 80000000]
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: ignoring unknown Vendor ID payload
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: ignoring unknown Vendor ID payload
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: ignoring unknown Vendor ID payload
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: ignoring unknown Vendor ID payload
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: ignoring unknown Vendor ID payload
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
    Jan 14 22:32:52 Untangle pluto[12986]: packet from 166.70.36.124:58878: received Vendor ID payload [RFC 3947] method set to=109
    I wonder if Untangle uses Openswan. I found that other people have issues with a particular version of it and it reports some of the same errors. The solution was to down-rev the version of Openswan. Here is some discussion on it: http://superuser.com/questions/74054...penssl-upgrade
    Last edited by far182; 01-15-2015 at 08:59 AM.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,650

    Default

    I use L2TP for my iPhone to connect to a remote Untangle without issue. Verify if "Enable NAT Traversal" is checked, it should be.

    There is a bug with multiple L2TP connections coming from the same gateway, only the first L2TP session can connect. http://bugzilla.untangle.com/show_bug.cgi?id=11878

    Otherwise I would call support.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default

    Quote Originally Posted by jcoffin View Post
    I use L2TP for my iPhone to connect to a remote Untangle without issue. Verify if "Enable NAT Traversal" is checked, it should be.

    There is a bug with multiple L2TP connections coming from the same gateway, only the first L2TP session can connect. http://bugzilla.untangle.com/show_bug.cgi?id=11878

    Otherwise I would call support.
    Thank you for the support JCoffin.

    I believe there is an IOS issue with Untangle 11.x. Here are a couple of threads on this forum about it. I have the same issue described:

    http://forums.untangle.com/ipsec-vpn...lure-l2tp.html

    http://forums.untangle.com/ipsec-vpn...ut-secret.html

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,650

    Default

    Quote Originally Posted by far182 View Post
    Thank you for the support JCoffin.
    I believe there is an IOS issue with Untangle 11.x. Here are a couple of threads on this forum about it. I have the same issue described:
    You are correct, my mistake. There is an issue with Wheezy Debian L2TP openswan. we are looking into options.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,650

    Default

    There is a new release of 11.0.1 available now to resolve this issue on iOS with L2TP.
    Build: 11.0.1~svn20150118r39522release11.0-1wheezy
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    We hope.™
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default

    Quote Originally Posted by jcoffin View Post
    There is a new release of 11.0.1 available now to resolve this issue on iOS with L2TP.
    Build: 11.0.1~svn20150118r39522release11.0-1wheezy
    I patched this morning. This is working for me on OSX and IOS. Thank you!!!!!!!

  8. #8
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default

    This problem re-surfaced with the patch. Basically L2TP dies completely after about a week of being online. Turning off the rack and turning back on does not fix it. I have not rebooted the box because I want to call support and have them see it. I am calling in right now. Ticket #36953

    P.S. Though, I do suspect that rebooting the Untangle appliance will fix it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2