Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
Highlighted
New Member
Posts: 9
Registered: ‎01-19-2015
Solutions: 2

L2TP / IPSEC Issues with Mac & iOS with EdgeOS 1.9

Hi Everyone,

 

I went through an old guide that is offline when I setup VPN before 1.9 (it worked great before the update).  Then I used this guide, but I am still not able to connect on my mac or iphone.

 

I get a popup on my mac that looks like this.

 

Screen Shot 2017-05-19 at 3.39.03 PM.png

 

I would love any help/guidance.  Here is my config.  Thank you for any help Icon Smile

 

admin@merle# show vpn
 ipsec {
     auto-firewall-nat-exclude disable
     ipsec-interfaces {
         interface eth0
     }
     nat-networks {
     }
     nat-traversal enable
 }
 l2tp {
     remote-access {
         authentication {
             local-users {
                 username mycomputer {
                     password mypassword
                     static-ip 10.0.5.100
                 }
             }
             mode local
         }
         client-ip-pool {
             start 10.0.5.100
             stop 10.0.5.115
         }
         dns-servers {
             server-1 10.0.5.1
         }
         ipsec-settings {
             authentication {
                 mode pre-shared-secret
                 pre-shared-secret mysharedsecret
             }
             ike-lifetime 3600
         }
         mtu 1392
         outside-address 0.0.0.0
     }
 }


 admin@merle# show firewall
  all-ping enable
  broadcast-ping disable
  group {
     address-group OutDirect {
         address 192.168.0.4
         address 10.0.5.4
         address 10.0.5.5
         address 10.0.5.6
         address 10.0.5.7
         address 10.0.5.9
         address 10.0.5.10
         address 10.0.5.100
         address 10.0.5.101
         address 10.0.5.102
         address 10.0.5.103
         description ""
     }
     address-group OutVPNOnly {
         address 10.0.5.8
         description ""
     }
     port-group L2TP {
         description "VPN Connection"
         port 50
         port 500
         port 1701
         port 4500
     }
     port-group OutVPNPorts {
         description ""
         port 123
         port 53
         port 1194
	 }
	 ipv6-receive-redirects disable
	 ipv6-src-route disable
	 ip-src-route disable
	 log-martians disable
	 name WAN_IN {
	     default-action drop
	     description "WAN to internal"
	     rule 10 {
	         action accept
	         description "Allow established/related"
	         state {
	             established enable
	             related enable
         }
     }
     rule 170 {
         action drop
         description "Drop invalid state"
         state {
             invalid enable
         }
     }
 }
 name WAN_LOCAL {
     default-action drop
     description "WAN to router"
     rule 1 {
         action accept
         description "Allow established/related"
         state {
             established enable
             related enable
         }
     }
     rule 4 {
         action accept
         description "Allow L2TP Traffic"
         destination {
             group {
                 port-group L2TP
             }
         }
         log disable
         protocol udp
     }
     rule 5 {
         action accept
         description "Allow ESP for L2TP VPN"
         log disable
         protocol esp
     }
     rule 6 {
         action drop
         description "Drop invalid state"
         state {
             invalid enable
         }
     }
 }
 receive-redirects disable
 send-redirects enable
 source-validation disable
 syn-cookies enable
Regular Member
Posts: 457
Registered: ‎06-01-2016
Kudos: 49
Solutions: 16

Re: L2TP / IPSEC Issues with Mac & iOS with EdgeOS 1.9

Eliminate the static address directive, and post the output of "show vpn status" from run mode, not config.
New Member
Posts: 6
Registered: ‎01-12-2017
Kudos: 3

Re: L2TP / IPSEC Issues with Mac & iOS with EdgeOS 1.9

Hi, and sorry to hijack the thread...

 

My setup is almost the same (except for the static) . It has been working fine until yesterday, when I had to reboot the router. That seemed to fix it until today, and since then... nothing.

 

If I write:

show vpn ipsec status

I get:

IPSec Process Running PID: 2553

0 Active IPsec Tunnels

IPsec Interfaces :
        pppoe0  (no IP on interface statically configured as local-address for any VPN peer)

And that's it...

Reply