Error connecting to Sonicwall L2TP VPN from iPad/iPhone

Posted by db2 on Server Fault See other posts from Server Fault or by db2
Published on 2011-03-29T17:34:34Z Indexed on 2011/12/01 2:01 UTC
Read the original article Hit count: 618

Filed under:
|
|
|
|

A client has a Sonicwall Pro 2040 running SonicOS 3.0, and they'd like to be able to use the L2TP VPN client from their iPads to connect to internal services (Citrix, etc). I've enabled the L2TP VPN server on the Sonicwall, made sure to set AES-128 for phase 2, and set up the configuration on a test iPad with the appropriate username, password, and pre-shared key. When I attempt to connect, I get some rather cryptic error messages in the log on the Sonicwall:

2   03/29/2011 12:25:09.096 IKE Responder: IPSec proposal does not match (Phase 2)  [My outbound IP address redacted] (admin)   [WAN IP address redacted]   10.10.130.7/32 -> [WAN IP address redacted]/32   
3   03/29/2011 12:25:09.096 IKE Responder: Received Quick Mode Request (Phase 2)    [My outbound IP address redacted], 61364 (admin)    [WAN IP address redacted], 500       
4   03/29/2011 12:25:07.048 IKE Responder: IPSec proposal does not match (Phase 2)  [My outbound IP address redacted] (admin)   [WAN IP address redacted]   10.10.130.7/32 -> [WAN IP address redacted]/32   
5   03/29/2011 12:25:07.048 IKE Responder: Received Quick Mode Request (Phase 2)    [My outbound IP address redacted], 61364 (admin)    [WAN IP address redacted], 500

The console log on the iPad looks like this:

Mar 29 13:31:24 Daves-iPad racoon[519] <Info>: [519] INFO: ISAKMP-SA established 10.10.130.7[500]-[WAN IP address redacted][500] spi:5d705eb6c760d709:458fcdf80ee8acde
Mar 29 13:31:24 Daves-iPad racoon[519] <Notice>: IPSec Phase1 established (Initiated by me).
Mar 29 13:31:24 Daves-iPad kernel[0] <Debug>: launchd[519] Builtin profile: racoon (sandbox)
Mar 29 13:31:25 Daves-iPad racoon[519] <Info>: [519] INFO: initiate new phase 2 negotiation: 10.10.130.7[500]<=>[WAN IP address redacted][500]
Mar 29 13:31:25 Daves-iPad racoon[519] <Notice>: IPSec Phase2 started (Initiated by me).
Mar 29 13:31:25 Daves-iPad racoon[519] <Info>: [519] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Mar 29 13:31:25 Daves-iPad racoon[519] <Info>: [519] ERROR: Message: '@ No proposal is chosen'.
Mar 29 13:31:46 Daves-iPad racoon[519] <Info>: [519] ERROR: fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
Mar 29 13:31:46 Daves-iPad racoon[519] <Info>: [519] ERROR: Message: '@ No proposal is chosen'.
Mar 29 13:31:55 Daves-iPad pppd[518] <Notice>: IPSec connection failed

Does this offer any clues as to what's going wrong?

© Server Fault or respective owner

Related posts about vpn

Related posts about sonicwall