Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
VPN Client not connecting [SOLVED]
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4, 5  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Wed Sep 03, 2014 8:17 am    Post subject: Reply with quote

After the first failed attempt to connect with xl2tpd the ipsec connetion is taken down. Thus all subsequent attempts to connect with xl2tpd fail.

# xl2tpd-control connect vpnclient vpn.office.com
00 OK
Code:

Updated src 17.11.7.5 dst 1.2.3.4
        proto esp spi SPI_VALUE_1 reqid 1 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 17.11.7.5/32 dst 1.2.3.4/32
src 1.2.3.4 dst 17.11.7.5
        proto esp spi SPI_VALUE_2 reqid 1 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 1.2.3.4/32 dst 17.11.7.5/32
src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority 7936 ptype main
src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority 7936 ptype main
Updated src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out priority 1792 ptype main
        tmpl src 0.0.0.0 dst 0.0.0.0
                proto esp reqid 1 mode transport
Updated src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in priority 1792 ptype main
        tmpl src 0.0.0.0 dst 0.0.0.0
                proto esp reqid 1 mode transport
Async event  (0x20)  timer expired
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Async event  (0x20)  timer expired
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1
Async event  (0x10)  replay update
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Async event  (0x10)  replay update
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x20)  timer expired                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x20)  timer expired                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x20)  timer expired                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x20)  timer expired                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Deleted src 17.11.7.5 dst 1.2.3.4                                                                           
        proto esp spi SPI_VALUE_1 reqid 1 mode transport                                                           
        replay-window 32                                                                                           
        auth-trunc hmac(sha1) [HIDDEN] 96                                       
        enc cbc(des3_ede) [HIDDEN]                                       
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0                                                     
        sel src 17.11.7.5/32 dst 1.2.3.4/32                                                                 
Deleted src 1.2.3.4 dst 17.11.7.5                                                                           
        proto esp spi SPI_VALUE_2 reqid 1 mode transport                                                           
        replay-window 32                                                                                           
        auth-trunc hmac(sha1) [HIDDEN] 96                                       
        enc cbc(des3_ede) [HIDDEN]                                       
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0                                                     
        sel src 1.2.3.4/32 dst 17.11.7.5/32                                                                 
Updated src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority 7936 ptype main
Updated src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority 7936 ptype main
Deleted src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority 7936 ptype main
Deleted src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority 7936 ptype main


# ipsec up VPN.OFFICE.COM
Code:

initiating Main Mode IKE_SA VPN.OFFICE.COM[4] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (184 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [HIDDEN]
received unknown vendor ID: [HIDDEN]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (68 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN.OFFICE.COM[4] established between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request QUICK_MODE_VALUE [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response QUICK_MODE_VALUE [ HASH SA No ID ID N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
CHILD_SA VPN.OFFICE.COM{4} established with SPIs [HIDDEN] [HIDDEN] and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
connection 'VPN.OFFICE.COM' established successfully


# ipsec down VPN.OFFICE.COM
Code:

closing CHILD_SA VPN.OFFICE.COM{4} with SPIs [HIDDEN] (0 bytes) [HIDDEN] (0 bytes) and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
IKE_SA [4] closed successfully


ip xfrm monitor for ipsec up / down cycle. This is just to show when xl2tpd starts and stops above.
Code:

Updated src 17.11.7.5 dst 1.2.3.4
        proto esp spi [HIDDEN] reqid 4 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 17.11.7.5/32 dst 1.2.3.4/32
src 1.2.3.4 dst 17.11.7.5
        proto esp spi [HIDDEN] reqid 4 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 1.2.3.4/32 dst 17.11.7.5/32
src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority 7936 ptype main
src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority 7936 ptype main
Updated src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out priority 1792 ptype main
        tmpl src 0.0.0.0 dst 0.0.0.0
                proto esp reqid 4 mode transport
Updated src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in priority 1792 ptype main
        tmpl src 0.0.0.0 dst 0.0.0.0
                proto esp reqid 4 mode transport
Deleted src 17.11.7.5 dst 1.2.3.4
        proto esp spi [HIDDEN] reqid 4 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 17.11.7.5/32 dst 1.2.3.4/32
Deleted src 1.2.3.4 dst 17.11.7.5
        proto esp spi [HIDDEN] reqid 4 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 1.2.3.4/32 dst 17.11.7.5/32
Updated src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority 7936 ptype main
Updated src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority 7936 ptype main
Deleted src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority 7936 ptype main
Deleted src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority 7936 ptype main
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Wed Sep 03, 2014 8:36 am    Post subject: Reply with quote

Ok, well at least that explains why sometime xl2tp fails to connect: after the first xl2tp connection fails (for whatever reason), all subsequent attempts will always fail because the ipsec responder (server) tears down the connection after l2tp fails. This is actually good news: This means ipsec is configured properly on our side.

So I need to know what causing the initial l2tp/ppp failure. So do an "strongswan up vpnclient" immediately followed by "xl2tp connect" (a shell script may be handy here, since i have a feeling if the l2tp connection isn't started "soon" after ipsec connect it'll disconnect it) and paste the xl2tpd/pppd logs
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Wed Sep 03, 2014 9:35 am    Post subject: Reply with quote

I have to head to work now, so it will be a while before I can provide any more information.

ipsec up VNP.OFFICE.COM && xl2tpd-control connect vpnclient vpn.office.com


Code:

Updated src 17.11.7.5 dst 1.2.3.4
        proto esp spi SPI_VALUE_1 reqid 1 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 17.11.7.5/32 dst 1.2.3.4/32
src 1.2.3.4 dst 17.11.7.5
        proto esp spi SPI_VALUE_2 reqid 1 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 1.2.3.4/32 dst 17.11.7.5/32
src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority 7936 ptype main
src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority 7936 ptype main
Updated src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out priority 1792 ptype main
        tmpl src 0.0.0.0 dst 0.0.0.0
                proto esp reqid 1 mode transport
Updated src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in priority 1792 ptype main
        tmpl src 0.0.0.0 dst 0.0.0.0
                proto esp reqid 1 mode transport
Async event  (0x10)  replay update
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Async event  (0x10)  replay update
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1
Async event  (0x10)  replay update
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Async event  (0x10)  replay update
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1
Async event  (0x10)  replay update
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Async event  (0x10)  replay update
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Async event  (0x10)  replay update
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Deleted src 17.11.7.5 dst 1.2.3.4
        proto esp spi SPI_VALUE_1 reqid 1 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 17.11.7.5/32 dst 1.2.3.4/32
Deleted src 1.2.3.4 dst 17.11.7.5
        proto esp spi SPI_VALUE_2 reqid 1 mode transport


Code:

Sep  3 10:19:50 sveta ipsec_starter[5910]: Starting strongSwan 5.1.3 IPsec [starter]...
Sep  3 10:19:50 sveta charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 3.14.14-gentoo, x86_64)
Sep  3 10:19:50 sveta charon: 00[CFG] attr-sql plugin: database URI not set
Sep  3 10:19:50 sveta charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Sep  3 10:19:50 sveta charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Sep  3 10:19:50 sveta charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Sep  3 10:19:50 sveta charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Sep  3 10:19:50 sveta charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Sep  3 10:19:50 sveta charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Sep  3 10:19:50 sveta charon: 00[CFG]   loaded IKE secret for %any
Sep  3 10:19:50 sveta charon: 00[CFG]   loaded EAP secret for Uname
Sep  3 10:19:50 sveta charon: 00[CFG] sql plugin: database URI not set
Sep  3 10:19:50 sveta charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Sep  3 10:19:50 sveta charon: 00[CFG] eap-simaka-sql database URI missing
Sep  3 10:19:50 sveta charon: 00[CFG] loaded 0 RADIUS server configurations
Sep  3 10:19:50 sveta charon: 00[LIB] loaded plugins: charon curl ldap mysql sqlite aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey
sshkey pem openssl gcrypt fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth
eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls xauth-generic dhcp
Sep  3 10:19:50 sveta charon: 00[LIB] unable to load 13 plugin features (9 due to unmet dependencies)
Sep  3 10:19:50 sveta charon: 00[LIB] dropped capabilities, running as uid 116, gid 985
Sep  3 10:19:50 sveta charon: 00[JOB] spawning 16 worker threads
Sep  3 10:19:50 sveta ipsec_starter[5919]: charon (5920) started after 20 ms
Sep  3 10:19:50 sveta charon: 05[CFG] received stroke: add connection 'VNP.OFFICE.COM'
Sep  3 10:19:50 sveta charon: 05[CFG] left nor right host is our side, assuming left=local
Sep  3 10:19:50 sveta charon: 05[CFG] added configuration 'VNP.OFFICE.COM'
Sep  3 10:20:00 sveta xl2tpd[5960]: setsockopt recvref[30]: Protocol not available
Sep  3 10:20:00 sveta xl2tpd[5960]: Using l2tp kernel support.
Sep  3 10:20:00 sveta xl2tpd[5961]: xl2tpd version xl2tpd-1.3.1 started on sveta PID:5961
Sep  3 10:20:00 sveta xl2tpd[5961]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Sep  3 10:20:00 sveta xl2tpd[5961]: Forked by Scott Balmos and David Stipp, (C) 2001
Sep  3 10:20:00 sveta xl2tpd[5961]: Inherited by Jeff McAdams, (C) 2002
Sep  3 10:20:00 sveta xl2tpd[5961]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Sep  3 10:20:00 sveta xl2tpd[5961]: Listening on IP address 0.0.0.0, port 1701
Sep  3 10:20:01 sveta cron[5968]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
Sep  3 10:20:08 sveta charon: 07[CFG] received stroke: initiate 'VNP.OFFICE.COM'
Sep  3 10:20:08 sveta charon: 09[IKE] initiating Main Mode IKE_SA VNP.OFFICE.COM[1] to 17.11.7.5
Sep  3 10:20:08 sveta charon: 09[IKE] initiating Main Mode IKE_SA VNP.OFFICE.COM[1] to 17.11.7.5
Sep  3 10:20:08 sveta charon: 09[ENC] generating ID_PROT request 0 [ SA V V V V ]
Sep  3 10:20:08 sveta charon: 09[NET] sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (184 bytes)
Sep  3 10:20:08 sveta charon: 10[NET] received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
Sep  3 10:20:08 sveta charon: 10[ENC] parsed ID_PROT response 0 [ SA V V ]
Sep  3 10:20:08 sveta charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Sep  3 10:20:08 sveta charon: 10[IKE] received FRAGMENTATION vendor ID
Sep  3 10:20:08 sveta charon: 10[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Sep  3 10:20:08 sveta charon: 10[NET] sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
Sep  3 10:20:08 sveta charon: 11[NET] received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
Sep  3 10:20:08 sveta charon: 11[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
Sep  3 10:20:08 sveta charon: 11[IKE] received Cisco Unity vendor ID
Sep  3 10:20:08 sveta charon: 11[IKE] received XAuth vendor ID
Sep  3 10:20:08 sveta charon: 11[ENC] received unknown vendor ID: [HIDDEN]
Sep  3 10:20:08 sveta charon: 11[ENC] received unknown vendor ID: [HIDDEN]
Sep  3 10:20:08 sveta charon: 11[IKE] local host is behind NAT, sending keep alives
Sep  3 10:20:08 sveta charon: 11[ENC] generating ID_PROT request 0 [ ID HASH ]
Sep  3 10:20:08 sveta charon: 11[NET] sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (68 bytes)
Sep  3 10:20:08 sveta charon: 12[NET] received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
Sep  3 10:20:08 sveta charon: 12[ENC] parsed ID_PROT response 0 [ ID HASH V ]
Sep  3 10:20:08 sveta charon: 12[IKE] received DPD vendor ID
Sep  3 10:20:08 sveta charon: 12[IKE] IKE_SA VNP.OFFICE.COM[1] established between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
Sep  3 10:20:08 sveta charon: 12[IKE] IKE_SA VNP.OFFICE.COM[1] established between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
Sep  3 10:20:08 sveta charon: 12[ENC] generating QUICK_MODE request QUICK_MODE_VALUE [ HASH SA No ID ID NAT-OA NAT-OA ]
Sep  3 10:20:08 sveta charon: 12[NET] sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
Sep  3 10:20:08 sveta charon: 13[NET] received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
Sep  3 10:20:08 sveta charon: 13[ENC] parsed QUICK_MODE response QUICK_MODE_VALUE [ HASH SA No ID ID N((24576)) NAT-OA ]
Sep  3 10:20:08 sveta charon: 13[IKE] received 28800s lifetime, configured 0s
Sep  3 10:20:08 sveta charon: 13[IKE] CHILD_SA VNP.OFFICE.COM{1} established with SPIs [HIDDEN] [HIDDEN] and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
Sep  3 10:20:08 sveta charon: 13[IKE] CHILD_SA VNP.OFFICE.COM{1} established with SPIs [HIDDEN] [HIDDEN] and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
Sep  3 10:20:08 sveta charon: 13[ENC] generating QUICK_MODE request QUICK_MODE_VALUE [ HASH ]
Sep  3 10:20:08 sveta charon: 13[NET] sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (60 bytes)
Sep  3 10:20:08 sveta xl2tpd[5961]: Connecting to host vpn.office.com, port 1701
Sep  3 10:20:08 sveta xl2tpd[5961]: Connection established to 17.11.7.5, 1701.  Local: [HIDDEN], Remote: [HIDDEN] (ref=0/0).
Sep  3 10:20:08 sveta xl2tpd[5961]: Calling on tunnel [HIDDEN]
Sep  3 10:20:08 sveta xl2tpd[5961]: Call established with 17.11.7.5, Local: [HIDDEN], Remote: [HIDDEN], Serial: 1 (ref=0/0)
Sep  3 10:20:08 sveta xl2tpd[5961]: start_pppd: I'm running:
Sep  3 10:20:08 sveta xl2tpd[5961]: "/usr/sbin/pppd"
Sep  3 10:20:08 sveta xl2tpd[5961]: "passive"
Sep  3 10:20:08 sveta xl2tpd[5961]: "nodetach"
Sep  3 10:20:08 sveta xl2tpd[5961]: ":"
Sep  3 10:20:08 sveta xl2tpd[5961]: "name"
Sep  3 10:20:08 sveta xl2tpd[5961]: "vpn.office.com"
Sep  3 10:20:08 sveta xl2tpd[5961]: "file"
Sep  3 10:20:08 sveta xl2tpd[5961]: "/etc/ppp/options.xl2tpd.lns"
Sep  3 10:20:08 sveta xl2tpd[5961]: "ipparam"
Sep  3 10:20:08 sveta xl2tpd[5961]: "17.11.7.5"
Sep  3 10:20:08 sveta xl2tpd[5961]: "plugin"
Sep  3 10:20:08 sveta xl2tpd[5961]: "pppol2tp.so"
Sep  3 10:20:08 sveta xl2tpd[5961]: "pppol2tp"
Sep  3 10:20:08 sveta xl2tpd[5961]: "8"
Sep  3 10:20:08 sveta pppd[5985]: Plugin pppol2tp.so loaded.
Sep  3 10:20:08 sveta pppd[5985]: pppd 2.4.7 started by huoshe, uid 0
Sep  3 10:20:08 sveta pppd[5985]: Using interface ppp0
Sep  3 10:20:08 sveta pppd[5985]: Connect: ppp0 <-->
Sep  3 10:20:08 sveta pppd[5985]: Overriding mtu 1500 to 1410
Sep  3 10:20:08 sveta pppd[5985]: Overriding mru 1500 to mtu value 1410
Sep  3 10:20:08 sveta NetworkManager[2719]: <warn> /sys/devices/virtual/net/ppp0: couldn't determine device driver; ignoring...
Sep  3 10:20:08 sveta xl2tpd[5961]: control_finish: Connection closed to 17.11.7.5, port 1701 (No Error), Local: [HIDDEN], Remote: [HIDDEN]
Sep  3 10:20:08 sveta xl2tpd[5961]: Terminating pppd: sending TERM signal to pid 5985
Sep  3 10:20:08 sveta pppd[5985]: Terminating on signal 15
Sep  3 10:20:08 sveta charon: 04[NET] received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (68 bytes)
Sep  3 10:20:08 sveta charon: 04[ENC] parsed INFORMATIONAL_V1 request [HIDDEN] [ HASH D ]
Sep  3 10:20:08 sveta charon: 04[IKE] received DELETE for ESP CHILD_SA with SPI 3212ae5c
Sep  3 10:20:08 sveta charon: 04[IKE] closing CHILD_SA VNP.OFFICE.COM{1} with SPIs [HIDDEN] (1031 bytes) [HIDDEN] (900 bytes) and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
Sep  3 10:20:08 sveta charon: 04[IKE] closing CHILD_SA VNP.OFFICE.COM{1} with SPIs [HIDDEN] (1031 bytes) [HIDDEN] (900 bytes) and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
Sep  3 10:20:08 sveta charon: 05[NET] received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
Sep  3 10:20:08 sveta charon: 05[ENC] parsed INFORMATIONAL_V1 request [HIDDEN] [ HASH D ]
Sep  3 10:20:08 sveta charon: 05[IKE] received DELETE for IKE_SA VNP.OFFICE.COM[1]
Sep  3 10:20:08 sveta charon: 05[IKE] deleting IKE_SA VNP.OFFICE.COM[1] between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
Sep  3 10:20:08 sveta charon: 05[IKE] deleting IKE_SA VNP.OFFICE.COM[1] between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
Sep  3 10:20:14 sveta pppd[5985]: Connection terminated.
Sep  3 10:20:14 sveta avahi-daemon[3046]: Withdrawing workstation service for ppp0.
Sep  3 10:20:14 sveta charon: 12[KNL] interface ppp0 deleted
Sep  3 10:20:14 sveta pppd[5985]: Modem hangup
Sep  3 10:20:14 sveta pppd[5985]: Exit.
Sep  3 10:21:31 sveta su[5887]: pam_unix(su:session): session closed for user root
Sep  3 10:21:47 sveta xl2tpd[5961]: Session 'vpnclient' not up
Sep  3 10:21:51 sveta charon: 08[CFG] received stroke: terminate 'VNP.OFFICE.COM'
Sep  3 10:21:51 sveta charon: 08[CFG] no IKE_SA named 'VNP.OFFICE.COM' found
Sep  3 10:21:56 sveta xl2tpd[5961]: death_handler: Fatal signal 15 received
Sep  3 10:22:01 sveta charon: 00[DMN] signal of type SIGINT received. Shutting down
Sep  3 10:22:01 sveta ipsec_starter[5919]: charon stopped after 200 ms
Sep  3 10:22:01 sveta ipsec_starter[5919]: ipsec starter stopped
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Wed Sep 03, 2014 4:13 pm    Post subject: Reply with quote

Ok, ipsec and l2tp are working, the problem is now is pppd. Either its failing to authenticate OR there something in option file it doesn't like. You can add "debug" to the ppp option file or specify "ppp debug = yes" in xl2tpd.conf for more info (Warning: This discloses password hashes).
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Thu Sep 04, 2014 12:09 am    Post subject: Reply with quote

I have set ppp debug to yes.

I have tried with mtu & mru commented out that didn't help. I have also tried with noauth commented out again no progress.


ppp debug = y

Connection Log
Code:

Sep  4 00:33:16 sveta ipsec_starter[4013]: Starting strongSwan 5.1.3 IPsec [starter]...
Sep  4 00:33:16 sveta charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 3.14.14-gentoo, x86_64)
Sep  4 00:33:16 sveta charon: 00[CFG] attr-sql plugin: database URI not set
Sep  4 00:33:16 sveta charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Sep  4 00:33:16 sveta charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Sep  4 00:33:16 sveta charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Sep  4 00:33:16 sveta charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Sep  4 00:33:16 sveta charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Sep  4 00:33:16 sveta charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Sep  4 00:33:16 sveta charon: 00[CFG]   loaded IKE secret for %any
Sep  4 00:33:16 sveta charon: 00[CFG]   loaded EAP secret for user-name
Sep  4 00:33:16 sveta charon: 00[CFG] sql plugin: database URI not set
Sep  4 00:33:16 sveta charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Sep  4 00:33:16 sveta charon: 00[CFG] eap-simaka-sql database URI missing
Sep  4 00:33:16 sveta charon: 00[CFG] loaded 0 RADIUS server configurations
Sep  4 00:33:16 sveta charon: 00[LIB] loaded plugins: charon curl ldap mysql sqlite aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
pem openssl gcrypt fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5
eap-gtc eap-mschapv2 eap-radius eap-tls xauth-generic dhcp
Sep  4 00:33:16 sveta charon: 00[LIB] unable to load 13 plugin features (9 due to unmet dependencies)
Sep  4 00:33:16 sveta charon: 00[LIB] dropped capabilities, running as uid 116, gid 985
Sep  4 00:33:16 sveta charon: 00[JOB] spawning 16 worker threads
Sep  4 00:33:16 sveta ipsec_starter[4022]: charon (4023) started after 40 ms
Sep  4 00:33:16 sveta charon: 04[CFG] received stroke: add connection 'VPN.OFFICE.COM'
Sep  4 00:33:16 sveta charon: 04[CFG] left nor right host is our side, assuming left=local
Sep  4 00:33:16 sveta charon: 04[CFG] added configuration 'VPN.OFFICE.COM'
Sep  4 00:33:23 sveta xl2tpd[4062]: setsockopt recvref[30]: Protocol not available
Sep  4 00:33:23 sveta xl2tpd[4062]: Using l2tp kernel support.
Sep  4 00:33:23 sveta xl2tpd[4063]: xl2tpd version xl2tpd-1.3.1 started on sveta PID:4063
Sep  4 00:33:23 sveta xl2tpd[4063]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Sep  4 00:33:23 sveta xl2tpd[4063]: Forked by Scott Balmos and David Stipp, (C) 2001
Sep  4 00:33:23 sveta xl2tpd[4063]: Inherited by Jeff McAdams, (C) 2002
Sep  4 00:33:23 sveta xl2tpd[4063]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Sep  4 00:33:23 sveta xl2tpd[4063]: Listening on IP address 0.0.0.0, port 1701
Sep  4 00:33:39 sveta su[4074]: Successful su for root by huoshe
Sep  4 00:33:39 sveta su[4074]: + /dev/pts/2 huoshe:root
Sep  4 00:33:39 sveta su[4074]: pam_unix(su:session): session opened for user root by huoshe(uid=1000)
Sep  4 00:33:58 sveta charon: 13[CFG] received stroke: initiate 'VPN.OFFICE.COM'
Sep  4 00:33:58 sveta charon: 15[IKE] initiating Main Mode IKE_SA VPN.OFFICE.COM[1] to 17.11.7.5
Sep  4 00:33:58 sveta charon: 15[IKE] initiating Main Mode IKE_SA VPN.OFFICE.COM[1] to 17.11.7.5
Sep  4 00:33:58 sveta charon: 15[ENC] generating ID_PROT request 0 [ SA V V V V ]
Sep  4 00:33:58 sveta charon: 15[NET] sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (184 bytes)
Sep  4 00:33:58 sveta charon: 07[NET] received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
Sep  4 00:33:58 sveta charon: 07[ENC] parsed ID_PROT response 0 [ SA V V ]
Sep  4 00:33:58 sveta charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Sep  4 00:33:58 sveta charon: 07[IKE] received FRAGMENTATION vendor ID
Sep  4 00:33:58 sveta charon: 07[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Sep  4 00:33:58 sveta charon: 07[NET] sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
Sep  4 00:33:58 sveta charon: 08[NET] received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
Sep  4 00:33:58 sveta charon: 08[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
Sep  4 00:33:58 sveta charon: 08[IKE] received Cisco Unity vendor ID
Sep  4 00:33:58 sveta charon: 08[IKE] received XAuth vendor ID
Sep  4 00:33:58 sveta charon: 08[ENC] received unknown vendor ID: [HIDDEN]
Sep  4 00:33:58 sveta charon: 08[ENC] received unknown vendor ID: [HIDDEN]
Sep  4 00:33:58 sveta charon: 08[IKE] local host is behind NAT, sending keep alives
Sep  4 00:33:58 sveta charon: 08[ENC] generating ID_PROT request 0 [ ID HASH ]
Sep  4 00:33:58 sveta charon: 08[NET] sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (68 bytes)
Sep  4 00:33:58 sveta charon: 05[NET] received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
Sep  4 00:33:58 sveta charon: 05[ENC] parsed ID_PROT response 0 [ ID HASH V ]
Sep  4 00:33:58 sveta charon: 05[IKE] received DPD vendor ID
Sep  4 00:33:58 sveta charon: 05[IKE] IKE_SA VPN.OFFICE.COM[1] established between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
Sep  4 00:33:58 sveta charon: 05[IKE] IKE_SA VPN.OFFICE.COM[1] established between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
Sep  4 00:33:58 sveta charon: 05[ENC] generating QUICK_MODE request QUICK_VALUE [ HASH SA No ID ID NAT-OA NAT-OA ]
Sep  4 00:33:58 sveta charon: 05[NET] sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
Sep  4 00:33:58 sveta charon: 04[NET] received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
Sep  4 00:33:58 sveta charon: 04[ENC] parsed QUICK_MODE response QUICK_VALUE [ HASH SA No ID ID N((24576)) NAT-OA ]
Sep  4 00:33:58 sveta charon: 04[IKE] received 28800s lifetime, configured 0s
Sep  4 00:33:58 sveta charon: 04[IKE] CHILD_SA VPN.OFFICE.COM{1} established with SPIs [HIDDEN] [HIDDEN] and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
Sep  4 00:33:58 sveta charon: 04[IKE] CHILD_SA VPN.OFFICE.COM{1} established with SPIs [HIDDEN] [HIDDEN] and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
Sep  4 00:33:58 sveta charon: 04[ENC] generating QUICK_MODE request QUICK_VALUE [ HASH ]
Sep  4 00:33:58 sveta charon: 04[NET] sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (60 bytes)
Sep  4 00:33:58 sveta xl2tpd[4063]: Connecting to host vpn.office.com, port 1701
Sep  4 00:33:58 sveta xl2tpd[4063]: Connection established to 17.11.7.5, 1701.  Local: [HIDDEN], Remote: [HIDDEN] (ref=0/0).
Sep  4 00:33:58 sveta xl2tpd[4063]: Calling on tunnel [HIDDEN]
Sep  4 00:33:58 sveta xl2tpd[4063]: Call established with 17.11.7.5, Local: [HIDDEN], Remote: [HIDDEN], Serial: 1 (ref=0/0)
Sep  4 00:33:58 sveta xl2tpd[4063]: start_pppd: I'm running:
Sep  4 00:33:58 sveta xl2tpd[4063]: "/usr/sbin/pppd"
Sep  4 00:33:58 sveta xl2tpd[4063]: "passive"
Sep  4 00:33:58 sveta xl2tpd[4063]: "nodetach"
Sep  4 00:33:58 sveta xl2tpd[4063]: ":"
Sep  4 00:33:58 sveta xl2tpd[4063]: "name"
Sep  4 00:33:58 sveta xl2tpd[4063]: "vpn.office.com"
Sep  4 00:33:58 sveta xl2tpd[4063]: "debug"
Sep  4 00:33:58 sveta xl2tpd[4063]: "file"
Sep  4 00:33:58 sveta xl2tpd[4063]: "/etc/ppp/options.xl2tpd.lns"
Sep  4 00:33:58 sveta xl2tpd[4063]: "ipparam"
Sep  4 00:33:58 sveta xl2tpd[4063]: "17.11.7.5"
Sep  4 00:33:58 sveta xl2tpd[4063]: "plugin"
Sep  4 00:33:58 sveta xl2tpd[4063]: "pppol2tp.so"
Sep  4 00:33:58 sveta xl2tpd[4063]: "pppol2tp"
Sep  4 00:33:58 sveta xl2tpd[4063]: "8"
Sep  4 00:33:58 sveta pppd[4115]: Plugin pppol2tp.so loaded.
Sep  4 00:33:58 sveta pppd[4115]: pppd 2.4.7 started by huoshe, uid 0
Sep  4 00:33:58 sveta pppd[4115]: using channel 1
Sep  4 00:33:58 sveta pppd[4115]: Using interface ppp0
Sep  4 00:33:58 sveta pppd[4115]: Connect: ppp0 <-->
Sep  4 00:33:58 sveta pppd[4115]: Overriding mtu 1500 to 1410
Sep  4 00:33:58 sveta pppd[4115]: PPPoL2TP options: debugmask 0
Sep  4 00:33:58 sveta pppd[4115]: Overriding mru 1500 to mtu value 1410
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <magic PPP_Numbers>]
Sep  4 00:33:58 sveta NetworkManager[2719]: <warn> /sys/devices/virtual/net/ppp0: couldn't determine device driver; ignoring...
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfRej id=0x1 <mru 1410> <asyncmap 0x0>]
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfReq id=0x2 <magic PPP_Numbers>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x1 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfAck id=0x2 <magic PPP_Numbers>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x2 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x2 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x3 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x3 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x4 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x4 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x5 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x5 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x6 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x6 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x7 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x7 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x8 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x8 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x9 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x9 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0xa <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0xa <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0xb <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0xb <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0xc <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0xc <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0xd <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0xd <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0xe <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0xe <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0xf <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0xf <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x10 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x10 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x11 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x11 <auth chap MS-v2>]
Sep  4 00:33:58 sveta pppd[4115]: rcvd [LCP ConfReq id=0x12 <auth chap MS-v2> <magic PPP_Mushrooms>]
Sep  4 00:33:58 sveta pppd[4115]: No auth is possible
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP ConfRej id=0x12 <auth chap MS-v2>]
Sep  4 00:33:58 sveta xl2tpd[4063]: control_finish: Connection closed to 17.11.7.5, port 1701 (No Error), Local: [HIDDEN], Remote: [HIDDEN]
Sep  4 00:33:58 sveta xl2tpd[4063]: Terminating pppd: sending TERM signal to pid 4115
Sep  4 00:33:58 sveta pppd[4115]: Terminating on signal 15
Sep  4 00:33:58 sveta pppd[4115]: sent [LCP TermReq id=0x3 "User request"]
Sep  4 00:33:58 sveta charon: 11[NET] received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (68 bytes)
Sep  4 00:33:58 sveta charon: 11[ENC] parsed INFORMATIONAL_V1 request [HIDDEN] [ HASH D ]
Sep  4 00:33:58 sveta charon: 11[IKE] received DELETE for ESP CHILD_SA with SPI SPI_VALUE_3
Sep  4 00:33:58 sveta charon: 11[IKE] closing CHILD_SA VPN.OFFICE.COM{1} with SPIs [HIDDEN] (992 bytes) [HIDDEN] (878 bytes) and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
Sep  4 00:33:58 sveta charon: 11[IKE] closing CHILD_SA VPN.OFFICE.COM{1} with SPIs [HIDDEN] (992 bytes) [HIDDEN] (878 bytes) and TS 1.2.3.4/32[udp/l2tp] === 17.11.7.5/32[udp/l2tp]
Sep  4 00:33:58 sveta charon: 12[NET] received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
Sep  4 00:33:58 sveta charon: 12[ENC] parsed INFORMATIONAL_V1 request [HIDDEN] [ HASH D ]
Sep  4 00:33:58 sveta charon: 12[IKE] received DELETE for IKE_SA VPN.OFFICE.COM[1]
Sep  4 00:33:58 sveta charon: 12[IKE] deleting IKE_SA VPN.OFFICE.COM[1] between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
Sep  4 00:33:58 sveta charon: 12[IKE] deleting IKE_SA VPN.OFFICE.COM[1] between 1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
Sep  4 00:34:01 sveta pppd[4115]: sent [LCP TermReq id=0x4 "User request"]
Sep  4 00:34:04 sveta pppd[4115]: Connection terminated.
Sep  4 00:34:04 sveta avahi-daemon[3046]: Withdrawing workstation service for ppp0.
Sep  4 00:34:04 sveta charon: 13[KNL] interface ppp0 deleted
Sep  4 00:34:04 sveta pppd[4115]: Modem hangup
Sep  4 00:34:04 sveta pppd[4115]: Exit.



# ip xfrm monitor
Code:

Updated src 17.11.7.5 dst 1.2.3.4
        proto esp spi SPI_VALUE_1 reqid 1 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 17.11.7.5/32 dst 1.2.3.4/32
src 1.2.3.4 dst 17.11.7.5
        proto esp spi SPI_VALUE_2 reqid 1 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 1.2.3.4/32 dst 17.11.7.5/32
src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority [HIDDEN] ptype main
src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority [HIDDEN] ptype main
Updated src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out priority 1792 ptype main
        tmpl src 0.0.0.0 dst 0.0.0.0
                proto esp reqid 1 mode transport
Updated src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in priority 1792 ptype main
        tmpl src 0.0.0.0 dst 0.0.0.0
                proto esp reqid 1 mode transport
Async event  (0x10)  replay update
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Async event  (0x10)  replay update
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1
Async event  (0x10)  replay update
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Async event  (0x10)  replay update
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1
Async event  (0x10)  replay update
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Async event  (0x10)  replay update
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 17.11.7.5 dst 1.2.3.4  reqid 0x1 protocol esp  SPI SPI_VALUE_1                                   
Async event  (0x10)  replay update                                                                                 
        src 1.2.3.4 dst 17.11.7.5  reqid 0x1 protocol esp  SPI SPI_VALUE_2
Deleted src 17.11.7.5 dst 1.2.3.4
        proto esp spi SPI_VALUE_1 reqid 1 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 17.11.7.5/32 dst 1.2.3.4/32
Deleted src 1.2.3.4 dst 17.11.7.5
        proto esp spi SPI_VALUE_2 reqid 1 mode transport
        replay-window 32
        auth-trunc hmac(sha1) [HIDDEN] 96
        enc cbc(des3_ede) [HIDDEN]
        encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
        sel src 1.2.3.4/32 dst 17.11.7.5/32
Updated src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority [HIDDEN] ptype main
Updated src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority [HIDDEN] ptype main
Deleted src 1.2.3.4/32 dst 17.11.7.5/32 proto udp sport 1701 dport 1701
        dir out action block priority [HIDDEN] ptype main
Deleted src 17.11.7.5/32 dst 1.2.3.4/32 proto udp sport 1701 dport 1701
        dir in action block priority [HIDDEN] ptype main


Last edited by Duco Ergo Sum on Fri Sep 05, 2014 12:16 am; edited 1 time in total
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Thu Sep 04, 2014 12:37 am    Post subject: Reply with quote

Its definately a ppp auth problem. In this case, the client and server aren't agreeing on what auth to use. The server must not be required to authenticate to the client (so we need "noauth") while the client authenticate the server using mschap-v2.

Since pppd defaults is not to require authentication, and to authenticate if asked, maybe (for now) commenting out "pppoptfile" might be enough to let it connect if all the defaults are good. Failing that. I'd try making "/etc/ppp/options.xl2tpd.lns" and empty file and connecting with that, and then if that doesn't work, slowly add on to the file (starting with "noauth") and see if it changes the output of pppd.

I no longer need any more dumps of "ip xfrm monitor" or strongSwan since we know those work, the important one is pppd. You may need to restart xl2tpd with every modification of "/etc/ppp/options.xl2tpd.lns" and definately need to restart if you modify xl2tpd.conf. Don't forget to bring up the ipsec connecitno wiot heveyr failed attempt, too (ipsec up VNP.OFFICE.COM && xl2tpd-control connect vpnclient vpn.office.com OFFICE-NAME\\your-login-username your-login-password. You may be able to drop the "OFFICE-NAME\\" part)
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Thu Sep 04, 2014 11:00 am    Post subject: Reply with quote

I tried with:

Code:

ipsec up VNP.OFFICE.COM && xl2tpd-control connect vpnclient \\your-login-username your-login-password


options.xl2tpd.client
Code:

noauth



That seemed to create a connection for a short period. So I then started playing with options and thus far have failed to repeat that momentary success. At the moment I'm in the office and thus unable to experiment. I will provide more info once I'm back at my PC.
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Thu Sep 04, 2014 11:12 pm    Post subject: Reply with quote

The backslashes are only needed if the domain is included - so its either office-name "OFFICE-NAME\\your-login-username" or simply "your-login-username". Windows should take either one. If you have pppd debug enabled, you'll see a line with a hash and either "M=Access denied" or "M=Access granted". If you see the former, then at least its getting as far as trying to authenticate. If you see the latter, you connected sucesfully. If you see neither (like the earlier "No auth is possible") then something probably wrong in the options file.
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Fri Sep 05, 2014 12:30 am    Post subject: Reply with quote

Trying to prove I think can think for myself I found this post: https://forums.gentoo.org/viewtopic-t-324500-postdays-0-postorder-asc-highlight-openswan-start-100.html?sid=50b0048d9923e82f358e87c6b6df3b77. This seems to explain things somewhat but not enough for me to understand what's going on here or to allow me to fix it.


ipsec up VPN.OFFICE.COM && xl2tpd-control connect vpnclient user-name Pass-Word


These lines from the log below, do turn up from time to time I'm not sure to reliably trigger them.
Code:

Sep  5 01:13:35 sveta xl2tpd[5546]: check_control: Received out of order control packet on tunnel 7854 (got 2, expected 3)
Sep  5 01:13:35 sveta xl2tpd[5546]: handle_packet: bad control packet!




xl2tpd.conf
Code:

[lac vpnclient]
lns = vpn.office.com
pppoptfile = /etc/ppp/options.xl2tpd.client
name = user-name
ppp debug = yes
refuse pap = yes
length bit = yes
require chap = yes
require authentication = yes
ppp debug = yes


option.xl2tpd.client
Code:

noauth
lock
refuse-eap
ipcp-accept-local
ipcp-accept-remote
noipdefault
noccp
idle 1800
mtu 1410
mru 1410
nodefaultroute
proxyarp
connect-delay 5000


Log
Code:

Sep  5 01:13:35 sveta xl2tpd[5546]: Calling on tunnel 60681
Sep  5 01:13:35 sveta xl2tpd[5546]: Call established with 17.11.7.5, Local: 12765, Remote: 7729, Serial: 2 (ref=0/0)
Sep  5 01:13:35 sveta xl2tpd[5546]: start_pppd: I'm running:
Sep  5 01:13:35 sveta xl2tpd[5546]: "/usr/sbin/pppd"
Sep  5 01:13:35 sveta xl2tpd[5546]: "passive"
Sep  5 01:13:35 sveta xl2tpd[5546]: "nodetach"
Sep  5 01:13:35 sveta xl2tpd[5546]: ":"
Sep  5 01:13:35 sveta xl2tpd[5546]: "refuse-pap"
Sep  5 01:13:35 sveta xl2tpd[5546]: "auth"
Sep  5 01:13:35 sveta xl2tpd[5546]: "require-chap"
Sep  5 01:13:35 sveta xl2tpd[5546]: "name"
Sep  5 01:13:35 sveta xl2tpd[5546]: "user-name"
Sep  5 01:13:35 sveta xl2tpd[5546]: "debug"
Sep  5 01:13:35 sveta xl2tpd[5546]: "plugin"
Sep  5 01:13:35 sveta xl2tpd[5546]: "passwordfd.so"
Sep  5 01:13:35 sveta xl2tpd[5546]: "passwordfd"
Sep  5 01:13:35 sveta xl2tpd[5546]: "9"
Sep  5 01:13:35 sveta xl2tpd[5546]: "file"
Sep  5 01:13:35 sveta xl2tpd[5546]: "/etc/ppp/options.xl2tpd.client"
Sep  5 01:13:35 sveta xl2tpd[5546]: "ipparam"
Sep  5 01:13:35 sveta xl2tpd[5546]: "17.11.7.5"
Sep  5 01:13:35 sveta xl2tpd[5546]: "plugin"
Sep  5 01:13:35 sveta xl2tpd[5546]: "pppol2tp.so"
Sep  5 01:13:35 sveta xl2tpd[5546]: "pppol2tp"
Sep  5 01:13:35 sveta xl2tpd[5546]: "10"
Sep  5 01:13:35 sveta pppd[5722]: Plugin passwordfd.so loaded.
Sep  5 01:13:35 sveta pppd[5722]: Plugin pppol2tp.so loaded.
Sep  5 01:13:35 sveta pppd[5722]: pppd 2.4.7 started by huoshe, uid 0
Sep  5 01:13:35 sveta pppd[5722]: using channel 15
Sep  5 01:13:35 sveta pppd[5722]: Using interface ppp0
Sep  5 01:13:35 sveta pppd[5722]: Connect: ppp0 <-->
Sep  5 01:13:35 sveta pppd[5722]: Overriding mtu 1500 to 1410
Sep  5 01:13:35 sveta pppd[5722]: PPPoL2TP options: debugmask 0
Sep  5 01:13:35 sveta pppd[5722]: Overriding mru 1500 to mtu value 1410
Sep  5 01:13:35 sveta pppd[5722]: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <magic mushroom>]
Sep  5 01:13:35 sveta NetworkManager[2714]: <warn> /sys/devices/virtual/net/ppp0: couldn't determine device driver; ignoring...
Sep  5 01:13:35 sveta xl2tpd[5546]: check_control: Received out of order control packet on tunnel 7854 (got 2, expected 3)
Sep  5 01:13:35 sveta xl2tpd[5546]: handle_packet: bad control packet!
Sep  5 01:13:35 sveta pppd[5722]: rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic carpet>]
Sep  5 01:13:35 sveta pppd[5722]: sent [LCP ConfAck id=0x1 <auth chap MS-v2> <magic carpet>]
Sep  5 01:13:35 sveta pppd[5722]: rcvd [LCP ConfRej id=0x1 <mru 1410> <asyncmap 0x0>]
Sep  5 01:13:35 sveta pppd[5722]: sent [LCP ConfReq id=0x2 <magic mushroom>]
Sep  5 01:13:35 sveta pppd[5722]: rcvd [CHAP Challenge id=0x1 <[HIDDEN]>, name = ""]
Sep  5 01:13:35 sveta pppd[5722]: Discarded non-LCP packet when LCP not open
Sep  5 01:13:35 sveta pppd[5722]: rcvd [LCP ConfAck id=0x2 <magic mushroom>]
Sep  5 01:13:35 sveta pppd[5722]: Overriding mtu 1500 to 1410
Sep  5 01:13:35 sveta pppd[5722]: PPPoL2TP options: debugmask 0
Sep  5 01:13:35 sveta pppd[5722]: Overriding mru 1500 to mtu value 1410
Sep  5 01:13:38 sveta pppd[5722]: rcvd [CHAP Challenge id=0x1 <[HIDDEN]>, name = ""]
Sep  5 01:13:38 sveta pppd[5722]: added response cache entry 0
Sep  5 01:13:38 sveta pppd[5722]: sent [CHAP Response id=0x1 <[HIDDEN]>, name = "user-namer"]
Sep  5 01:13:38 sveta pppd[5722]: rcvd [CHAP Success id=0x1 "S=[HIDDEN]"]
Sep  5 01:13:38 sveta pppd[5722]: response found in cache (entry 0)
Sep  5 01:13:38 sveta pppd[5722]: CHAP authentication succeeded
Sep  5 01:13:38 sveta pppd[5722]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Sep  5 01:13:38 sveta pppd[5722]: rcvd [IPCP TermAck id=0x1]
Sep  5 01:13:41 sveta pppd[5722]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Sep  5 01:13:41 sveta pppd[5722]: rcvd [IPCP ConfReq id=0x1 <addr 17.11.7.5>]
Sep  5 01:13:41 sveta pppd[5722]: sent [IPCP ConfAck id=0x1 <addr 17.11.7.5>]
Sep  5 01:13:41 sveta pppd[5722]: rcvd [IPCP ConfNak id=0x1 <addr 125.64.27.8>]
Sep  5 01:13:41 sveta pppd[5722]: sent [IPCP ConfReq id=0x2 <addr 125.64.27.8>]
Sep  5 01:13:41 sveta pppd[5722]: rcvd [IPCP ConfAck id=0x2 <addr 125.64.27.8>]
Sep  5 01:13:41 sveta charon: 06[KNL] 125.64.27.8 appeared on ppp0
Sep  5 01:13:41 sveta pppd[5722]: Cannot determine ethernet address for proxy ARP
Sep  5 01:13:41 sveta pppd[5722]: local  IP address 125.64.27.8
Sep  5 01:13:41 sveta pppd[5722]: remote IP address 17.11.7.5
Sep  5 01:13:41 sveta charon: 10[KNL] 125.64.27.8 disappeared from ppp0
Sep  5 01:13:41 sveta charon: 13[KNL] 125.64.27.8 appeared on ppp0
Sep  5 01:13:41 sveta charon: 07[KNL] interface ppp0 activated
Sep  5 01:13:41 sveta pppd[5722]: Script /etc/ppp/ip-up started (pid 5727)
Sep  5 01:13:41 sveta pppd[5722]: Script /etc/ppp/ip-up finished (pid 5727), status = 0x0


Last edited by Duco Ergo Sum on Fri Apr 17, 2015 8:53 am; edited 2 times in total
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Fri Sep 05, 2014 12:55 am    Post subject: Reply with quote

Duco Ergo Sum wrote:

These lines from the log below, do turn up from time to time I'm not sure to reliably trigger them.
Code:

Sep  5 01:13:35 sveta xl2tpd[5546]: check_control: Received out of order control packet on tunnel 7854 (got 2, expected 3)
Sep  5 01:13:35 sveta xl2tpd[5546]: handle_packet: bad control packet!


They appear on my system too. They are harmless. Ignore them.

Duco Ergo Sum wrote:

xl2tpd.conf
Code:

[lac vpnclient]
lns = vpn.office.com
pppoptfile = /etc/ppp/options.xl2tpd.client
name = user-name
ppp debug = yes
refuse pap = yes
length bit = yes
require chap = yes
require authentication = yes
ppp debug = yes


Way overkill. THis is all you need:
Code:

[lac vpnclient]
lns = vpn.office.com
pppoptfile = /etc/ppp/options.xl2tpd.client
name = user-name
ppp debug = yes

The other stuff is overkill and maybe even activate harmful - we do NOT want to require authentication on our side! (IF you are not using the pppoptfile you may need "refuse authentication = yes")

Duco Ergo Sum wrote:

option.xl2tpd.client
Code:

noauth
lock
refuse-eap
ipcp-accept-local
ipcp-accept-remote
noipdefault
noccp
idle 1800
mtu 1410
mru 1410
nodefaultroute
proxyarp
connect-delay 5000


Again, way overkill (in fact, even my example give for the server on the wiki page may be overkill). Most of these option aren't needed. The only one required is "noauth", and maybe "nodefaultroute" (this indicated we want a split tunnel, as opposed to a full tunnel). The other stuff should be negotiated by the server.

Duco Ergo Sum wrote:


Log
Code:

....
Sep  5 01:13:38 sveta pppd[5722]: rcvd [CHAP Challenge id=0x1 <[HIDDEN]>, name = ""]
Sep  5 01:13:38 sveta pppd[5722]: added response cache entry 0
Sep  5 01:13:38 sveta pppd[5722]: sent [CHAP Response id=0x1 <[HIDDEN]>, name = "sfeyrer"]
Sep  5 01:13:38 sveta pppd[5722]: rcvd [CHAP Success id=0x1 "S=[HIDDEN]"]
Sep  5 01:13:38 sveta pppd[5722]: response found in cache (entry 0)
Sep  5 01:13:38 sveta pppd[5722]: CHAP authentication succeeded
Sep  5 01:13:38 sveta pppd[5722]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Sep  5 01:13:38 sveta pppd[5722]: rcvd [IPCP TermAck id=0x1]
Sep  5 01:13:41 sveta pppd[5722]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Sep  5 01:13:41 sveta pppd[5722]: rcvd [IPCP ConfReq id=0x1 <addr 17.11.7.5>]
Sep  5 01:13:41 sveta pppd[5722]: sent [IPCP ConfAck id=0x1 <addr 17.11.7.5>]
Sep  5 01:13:41 sveta pppd[5722]: rcvd [IPCP ConfNak id=0x1 <addr 125.64.27.8>]
Sep  5 01:13:41 sveta pppd[5722]: sent [IPCP ConfReq id=0x2 <addr 125.64.27.8>]
Sep  5 01:13:41 sveta pppd[5722]: rcvd [IPCP ConfAck id=0x2 <addr 125.64.27.8>]
Sep  5 01:13:41 sveta charon: 06[KNL] 125.64.27.8 appeared on ppp0
Sep  5 01:13:41 sveta pppd[5722]: Cannot determine ethernet address for proxy ARP
Sep  5 01:13:41 sveta pppd[5722]: local  IP address 125.64.27.8
Sep  5 01:13:41 sveta pppd[5722]: remote IP address 17.11.7.5
Sep  5 01:13:41 sveta charon: 10[KNL] 125.64.27.8 disappeared from ppp0
Sep  5 01:13:41 sveta charon: 13[KNL] 125.64.27.8 appeared on ppp0
Sep  5 01:13:41 sveta charon: 07[KNL] interface ppp0 activated
Sep  5 01:13:41 sveta pppd[5722]: Script /etc/ppp/ip-up started (pid 5727)
Sep  5 01:13:41 sveta pppd[5722]: Script /etc/ppp/ip-up finished (pid 5727), status = 0x0



The "CHAP authentication succeeded" means it connected, congratuatulations! You are now connected to the vpn!
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Fri Sep 05, 2014 1:07 am    Post subject: Reply with quote

I will sanitize the config files in a couple of hours.

Now, I guess the question is now why can't I ping the other network?

tcpdump shows no activity and ip xfrm monitor only shoes the connections being made and broken.
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Fri Sep 05, 2014 1:33 am    Post subject: Reply with quote

Well, now that the VPN is connected, the problems is either DNS related or routing related. So try pinging some ip address on the other side (or connecting to service via IP) to rule out a routing issue (if you use tcpdump on ppp0, you should see the packets going back and forth). Otherwise, it may be a DNS problem - we may need to add some stuff (like userpeerdns) to our options file.
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Fri Sep 05, 2014 8:10 am    Post subject: Reply with quote

It looks like a connection is made but it doesn't last.




Code:

# tcpdump -i ppp0 udp port 1701
error : ret -1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel



Code:

tcpdump -i ppp0 proto 50     
tcpdump: ppp0: No such device exists
(SIOCGIFHWADDR: No such device)


Code:

# xl2tpd-control disconnect vpnclient
01 Session 'vpnclient' not up



Code:

Sep  5 08:27:30 sveta xl2tpd[4090]: Connecting to host vpn.office.com, port 1701
Sep  5 08:27:30 sveta xl2tpd[4090]: Connection established to 17.11.7.5, 1701.  Local: 50388, Remote: 7859 (ref=0/0).
Sep  5 08:27:30 sveta xl2tpd[4090]: Calling on tunnel 50388
Sep  5 08:27:30 sveta xl2tpd[4090]: Call established with 17.11.7.5, Local: 41470, Remote: 7734, Serial: 1 (ref=0/0)
Sep  5 08:27:30 sveta xl2tpd[4090]: start_pppd: I'm running:
Sep  5 08:27:30 sveta xl2tpd[4090]: "/usr/sbin/pppd"
Sep  5 08:27:30 sveta xl2tpd[4090]: "passive"
Sep  5 08:27:30 sveta xl2tpd[4090]: "nodetach"
Sep  5 08:27:30 sveta xl2tpd[4090]: ":"
Sep  5 08:27:30 sveta xl2tpd[4090]: "name"
Sep  5 08:27:30 sveta xl2tpd[4090]: "user-name"
Sep  5 08:27:30 sveta xl2tpd[4090]: "debug"
Sep  5 08:27:30 sveta xl2tpd[4090]: "plugin"
Sep  5 08:27:30 sveta xl2tpd[4090]: "passwordfd.so"
Sep  5 08:27:30 sveta xl2tpd[4090]: "passwordfd"
Sep  5 08:27:30 sveta xl2tpd[4090]: "8"
Sep  5 08:27:30 sveta xl2tpd[4090]: "file"
Sep  5 08:27:30 sveta xl2tpd[4090]: "/etc/ppp/options.xl2tpd.lns"
Sep  5 08:27:30 sveta xl2tpd[4090]: "ipparam"
Sep  5 08:27:30 sveta xl2tpd[4090]: "17.11.7.5"
Sep  5 08:27:30 sveta xl2tpd[4090]: "plugin"
Sep  5 08:27:30 sveta xl2tpd[4090]: "pppol2tp.so"
Sep  5 08:27:30 sveta xl2tpd[4090]: "pppol2tp"
Sep  5 08:27:30 sveta xl2tpd[4090]: "9"
Sep  5 08:27:30 sveta pppd[4127]: Plugin passwordfd.so loaded.
Sep  5 08:27:30 sveta pppd[4127]: Plugin pppol2tp.so loaded.
Sep  5 08:27:30 sveta pppd[4127]: pppd 2.4.7 started by huoshe, uid 0
Sep  5 08:27:30 sveta pppd[4127]: using channel 1
Sep  5 08:27:30 sveta pppd[4127]: Using interface ppp0
Sep  5 08:27:30 sveta pppd[4127]: Connect: ppp0 <-->
Sep  5 08:27:30 sveta pppd[4127]: PPPoL2TP options: debugmask 0
Sep  5 08:27:30 sveta pppd[4127]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic mushrooms>]
Sep  5 08:27:30 sveta NetworkManager[2712]: <warn> /sys/devices/virtual/net/ppp0: couldn't determine device driver; ignoring...
Sep  5 08:27:30 sveta pppd[4127]: rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic carpet>]
Sep  5 08:27:30 sveta pppd[4127]: sent [LCP ConfAck id=0x1 <auth chap MS-v2> <magic carpet>]
Sep  5 08:27:30 sveta pppd[4127]: rcvd [LCP ConfRej id=0x1 <asyncmap 0x0>]
Sep  5 08:27:30 sveta pppd[4127]: sent [LCP ConfReq id=0x2 <magic mushrooms>]
Sep  5 08:27:30 sveta pppd[4127]: rcvd [LCP ConfAck id=0x2 <magic mushrooms>]
Sep  5 08:27:30 sveta pppd[4127]: PPPoL2TP options: debugmask 0
Sep  5 08:27:30 sveta pppd[4127]: rcvd [CHAP Challenge id=0x1 <[HIDDEN]>, name = ""]
Sep  5 08:27:30 sveta pppd[4127]: added response cache entry 0
Sep  5 08:27:30 sveta pppd[4127]: sent [CHAP Response id=0x1 <[HIDDEN]>, name = "user-name"]
Sep  5 08:27:30 sveta pppd[4127]: rcvd [CHAP Success id=0x1 "S=[HIDDEN]"]
Sep  5 08:27:30 sveta pppd[4127]: response found in cache (entry 0)
Sep  5 08:27:30 sveta pppd[4127]: CHAP authentication succeeded
Sep  5 08:27:30 sveta pppd[4127]: sent [IPCP ConfReq id=0x1 <addr 1.2.3.4>]
Sep  5 08:27:30 sveta pppd[4127]: rcvd [IPCP TermAck id=0x1]
Sep  5 08:27:33 sveta pppd[4127]: sent [IPCP ConfReq id=0x1 <addr 1.2.3.4>]
Sep  5 08:27:33 sveta pppd[4127]: rcvd [IPCP ConfReq id=0x1 <addr 17.11.7.5>]
Sep  5 08:27:33 sveta pppd[4127]: sent [IPCP ConfAck id=0x1 <addr 17.11.7.5>]
Sep  5 08:27:33 sveta pppd[4127]: rcvd [IPCP ConfNak id=0x1 <addr 125.64.27.8>]
Sep  5 08:27:33 sveta pppd[4127]: sent [IPCP ConfReq id=0x2 <addr 125.64.27.8>]
Sep  5 08:27:34 sveta pppd[4127]: rcvd [IPCP ConfAck id=0x2 <addr 125.64.27.8>]
Sep  5 08:27:34 sveta charon: 15[KNL] 125.64.27.8 appeared on ppp0
Sep  5 08:27:34 sveta pppd[4127]: local  IP address 125.64.27.8
Sep  5 08:27:34 sveta pppd[4127]: remote IP address 17.11.7.5
Sep  5 08:27:34 sveta charon: 05[KNL] 125.64.27.8 disappeared from ppp0
Sep  5 08:27:34 sveta charon: 08[KNL] 125.64.27.8 appeared on ppp0
Sep  5 08:27:34 sveta pppd[4127]: Script /etc/ppp/ip-up started (pid 4131)
Sep  5 08:27:34 sveta charon: 10[KNL] interface ppp0 activated
Sep  5 08:27:34 sveta pppd[4127]: Script /etc/ppp/ip-up finished (pid 4131), status = 0x0
Sep  5 08:27:54 sveta charon: 11[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:28:14 sveta charon: 13[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:28:22 sveta kernel: [  515.062494] device ppp0 entered promiscuous mode
Sep  5 08:28:30 sveta kernel: [  523.463979] device ppp0 left promiscuous mode
Sep  5 08:28:34 sveta charon: 04[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:28:35 sveta xl2tpd[4090]: Maximum retries exceeded for tunnel 50388.  Closing.
Sep  5 08:28:35 sveta xl2tpd[4090]: Terminating pppd: sending TERM signal to pid 4127
Sep  5 08:28:35 sveta xl2tpd[4090]: Connection 7859 closed to 17.11.7.5, port 1701 (Timeout)
Sep  5 08:28:35 sveta pppd[4127]: Terminating on signal 15
Sep  5 08:28:35 sveta pppd[4127]: Connect time 1.1 minutes.
Sep  5 08:28:35 sveta pppd[4127]: Sent 81712 bytes, received 0 bytes.
Sep  5 08:28:35 sveta charon: 05[KNL] interface ppp0 deactivated
Sep  5 08:28:35 sveta charon: 06[KNL] 125.64.27.8 disappeared from ppp0
Sep  5 08:28:35 sveta pppd[4127]: Script /etc/ppp/ip-down started (pid 4139)
Sep  5 08:28:35 sveta pppd[4127]: PPPoL2TP options: debugmask 0
Sep  5 08:28:35 sveta pppd[4127]: sent [LCP TermReq id=0x3 "User request"]
Sep  5 08:28:35 sveta pppd[4127]: Script /etc/ppp/ip-down finished (pid 4139), status = 0x0
Sep  5 08:28:38 sveta pppd[4127]: sent [LCP TermReq id=0x4 "User request"]
Sep  5 08:28:40 sveta xl2tpd[4090]: Unable to deliver closing message for tunnel 50388. Destroying anyway.
Sep  5 08:28:41 sveta pppd[4127]: Connection terminated.
Sep  5 08:28:41 sveta charon: 11[KNL] interface ppp0 deleted
Sep  5 08:28:41 sveta avahi-daemon[3039]: Withdrawing workstation service for ppp0.
Sep  5 08:28:41 sveta pppd[4127]: Modem hangup
Sep  5 08:28:41 sveta pppd[4127]: Exit.
Sep  5 08:28:59 sveta charon: 15[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:29:19 sveta charon: 05[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:29:22 sveta xl2tpd[4090]: Session 'vpnclient' not up
Sep  5 08:29:39 sveta charon: 10[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:29:59 sveta charon: 11[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:30:01 sveta cron[4155]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
Sep  5 08:30:19 sveta charon: 12[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:30:39 sveta charon: 07[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:30:59 sveta charon: 15[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:31:19 sveta charon: 04[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:31:39 sveta charon: 06[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:31:49 sveta ntpd[3453]: peer 1.10.10.1 now invalid
Sep  5 08:31:59 sveta charon: 08[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:32:19 sveta charon: 10[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:32:39 sveta charon: 13[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:32:53 sveta ntpd[3453]: peer 5.10.10.5 now invalid
Sep  5 08:32:59 sveta charon: 12[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:33:19 sveta charon: 14[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:33:39 sveta charon: 15[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:33:59 sveta charon: 05[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:34:19 sveta charon: 08[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:34:39 sveta charon: 10[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:34:59 sveta charon: 13[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:35:16 sveta su[4009]: pam_unix(su:session): session closed for user root
Sep  5 08:35:19 sveta charon: 12[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:35:39 sveta charon: 07[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:35:59 sveta charon: 15[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:36:19 sveta charon: 04[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:36:39 sveta charon: 06[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:36:59 sveta charon: 09[IKE] sending keep alive to 17.11.7.5[4500]
Sep  5 08:37:19 sveta charon: 12[IKE] sending keep alive to 17.11.7.5[4500]



Even using the following command I can't reach my office desktop:

ipsec up VPN.OFFICE.COM && xl2tpd-control connect vpnclient user-name Pass-Word && ping 1.3.3.1

Code:

connection 'VPN.OFFICE.COM' established successfully
00 OK
PING 1.3.3.1 (1.3.3.1) 56(84) bytes of data.
^C
--- 1.3.3.1 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8000ms


Also the ip represented by 125.64.27.8 has changed but I'd put that down to the DHCP lease expiring, that is my guess.

xl2tpd.Conf
Code:

[lac vpnclient]
lns = vpn.office.com
pppoptfile = /etc/ppp/options.xl2tpd.client
name = user-name
ppp debug = yes



options.xl2tpd.client
Code:

noauth
nodefaultroute


Last edited by Duco Ergo Sum on Sat Sep 06, 2014 2:39 am; edited 1 time in total
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Fri Sep 05, 2014 3:56 pm    Post subject: Reply with quote

Try the following to options.xl2tpd.client:
Code:
noauth
nodefaultroute
require-mppe

We add "require-mppe" as Windows normally requests it
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Fri Sep 05, 2014 9:16 pm    Post subject: Reply with quote

Hi have now added require-mppe and still no joy.

I have also added noccp as this makes the log a little tidier and doesn't seem affect the connection.

Code:

Sep  5 22:07:50 sveta pppd[6080]: MPPE required but peer refused
Sep  5 22:07:50 sveta pppd[6080]: PPPoL2TP options: debugmask 0
Sep  5 22:07:50 sveta pppd[6080]: sent [LCP TermReq id=0x3 "MPPE required but peer refused"]
Sep  5 22:07:50 sveta pppd[6080]: rcvd [LCP TermAck id=0x3]
Sep  5 22:07:50 sveta pppd[6080]: Connection terminated.
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Fri Sep 05, 2014 9:56 pm    Post subject: Reply with quote

ok drop "require-mppe" from the option file as the other end doesn't support it.

LEts try this instead for xl2tpd.conf instead:
Code:

[lac vpnclient]
lns = vpn.office.com
pppoptfile = /etc/ppp/options.xl2tpd.client
name = user-name
ppp debug = yes
length bit = yes 
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Sat Sep 06, 2014 2:17 am    Post subject: Reply with quote

"require-mppe" is dropped

Code:

[lac vpnclient]
lns = vpn.office.com
pppoptfile = /etc/ppp/options.xl2tpd.client
name = user-name
ppp debug = yes
length bit = yes


Same result as before.

In options.xl2tpd.client I have tried switching in and out the following parameters with no change in response characteristics:

Code:

ipcp-accept-local
ipcp-accept-remote
noccp
noauth
usepeerdns
debug
lock
name your_vpn_username
password your_password
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Sat Sep 06, 2014 2:45 am    Post subject: Reply with quote

As of today, this evening at least. This PC will loose its internet connection maybe for more than two weeks. It was my hope to get this finished before that happens, indeed I had hoped to be connected already for some time. None the less, it is the last line in the log below which I am guessing to be the root of my issues.

Code:

Sep  6 03:34:08 sveta pppd[8806]: response found in cache (entry 0)
Sep  6 03:34:08 sveta pppd[8806]: CHAP authentication succeeded
Sep  6 03:34:08 sveta pppd[8806]: sent [IPCP ConfReq id=0x1 <addr 1.2.3.4>]
Sep  6 03:34:08 sveta pppd[8806]: rcvd [IPCP TermAck id=0x1]
Sep  6 03:34:11 sveta pppd[8806]: sent [IPCP ConfReq id=0x1 <addr 1.2.3.4>]
Sep  6 03:34:11 sveta pppd[8806]: rcvd [IPCP ConfReq id=0x1 <addr 17.11.7.5>]
Sep  6 03:34:11 sveta pppd[8806]: sent [IPCP ConfAck id=0x1 <addr 17.11.7.5>]
Sep  6 03:34:11 sveta pppd[8806]: rcvd [IPCP ConfNak id=0x1 <addr 125.64.27.8>]
Sep  6 03:34:11 sveta pppd[8806]: sent [IPCP ConfReq id=0x2 <addr 125.64.27.8>]
Sep  6 03:34:11 sveta pppd[8806]: rcvd [IPCP ConfAck id=0x2 <addr 125.64.27.8>]
Sep  6 03:34:11 sveta charon: 05[KNL] 125.64.27.8 appeared on ppp0
Sep  6 03:34:11 sveta pppd[8806]: local  IP address 125.64.27.8
Sep  6 03:34:11 sveta pppd[8806]: remote IP address 17.11.7.5
Sep  6 03:34:11 sveta charon: 13[KNL] 125.64.27.8 disappeared from ppp0


I will continue to work on this as best I can maybe tethering to my mobile. I am very grateful for all your help and am still hopeful we'll get this working before I loose connectivity for some time.

Thanks.
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Sat Sep 06, 2014 3:24 am    Post subject: Reply with quote

Actually, that normal. Mine looks the same:

Code:

Sep 05 23:15:10 localhost.localdomain pppd[966]: Using interface ppp0
Sep 05 23:15:10 localhost.localdomain pppd[966]: Connect: ppp0 <-->
Sep 05 23:15:10 localhost.localdomain pppd[966]: PPPoL2TP options: debugmask 0
Sep 05 23:15:10 localhost.localdomain pppd[966]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x8558051d>]
Sep 05 23:15:10 localhost.localdomain pppd[966]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x8558051d>]
Sep 05 23:15:13 localhost.localdomain pppd[966]: rcvd [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MS-v2> <magic 0xab156598>]
Sep 05 23:15:13 localhost.localdomain pppd[966]: sent [LCP ConfAck id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MS-v2> <magic 0xab156598>]
Sep 05 23:15:13 localhost.localdomain pppd[966]: PPPoL2TP options: debugmask 0
Sep 05 23:15:13 localhost.localdomain pppd[966]: rcvd [CHAP Challenge id=0xd2 <[HIDDEN]>, name = "LinuxVPN"]
Sep 05 23:15:13 localhost.localdomain pppd[966]: sent [CHAP Response id=0xd2 <[HIDDEN]>, name = "TEST\\[HIDDEN]"]
Sep 05 23:15:13 localhost.localdomain pppd[966]: rcvd [CHAP Success id=0xd2 "S=[HIDDEN] M=Access granted"]
Sep 05 23:15:13 localhost.localdomain pppd[966]: CHAP authentication succeeded
Sep 05 23:15:13 localhost.localdomain pppd[966]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Sep 05 23:15:13 localhost.localdomain pppd[966]: rcvd [IPCP ConfReq id=0x1 <addr 172.21.118.1>]
Sep 05 23:15:13 localhost.localdomain pppd[966]: sent [IPCP ConfAck id=0x1 <addr 172.21.118.1>]
Sep 05 23:15:13 localhost.localdomain pppd[966]: rcvd [IPCP ConfNak id=0x1 <addr 172.21.118.2>]
Sep 05 23:15:13 localhost.localdomain pppd[966]: sent [IPCP ConfReq id=0x2 <addr 172.21.118.2>]
Sep 05 23:15:13 localhost.localdomain pppd[966]: rcvd [IPCP ConfAck id=0x2 <addr 172.21.118.2>]
Sep 05 23:15:13 localhost.localdomain pppd[966]: local  IP address 172.21.118.2
Sep 05 23:15:13 localhost.localdomain pppd[966]: remote IP address 172.21.118.1
Sep 05 23:15:13 localhost.localdomain charon[850]: 15[KNL] 172.21.118.2 appeared on ppp0
Sep 05 23:15:13 localhost.localdomain charon[850]: 01[KNL] 172.21.118.2 disappeared from ppp0
Sep 05 23:15:13 localhost.localdomain charon[850]: 10[KNL] 172.21.118.2 appeared on ppp0
Sep 05 23:15:13 localhost.localdomain charon[850]: 04[KNL] interface ppp0 activated
Sep 05 23:15:13 localhost.localdomain pppd[966]: Script /etc/ppp/ip-up started (pid 969)
Sep 05 23:15:13 localhost.localdomain pppd[966]: Script /etc/ppp/ip-up finished (pid 969), status = 0x0


I'm using Gentoo as the server and Fedora has the client. Maybe if I have them switch roles I might have a better idea what's wrong on here...
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Sat Sep 06, 2014 4:07 am    Post subject: Reply with quote

Well it turns my hunch was right
Code:

Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: Connection established to 192.168.10.108, 1701.  Local: 22935, Remote: 24408 (ref=0/0).
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: Calling on tunnel 22935
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: Call established with 192.168.10.108, Local: 47924, Remote: 24916, Serial: 2 (ref=0/0)
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: start_pppd: I'm running:
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "/usr/sbin/pppd"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "passive"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "nodetach"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: ":"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "name"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "TEST\salahx"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "debug"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "plugin"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "passwordfd.so"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "passwordfd"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "8"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "ipparam"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "192.168.10.108"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "plugin"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "pppol2tp.so"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "pppol2tp"
Sep 05 22:49:33 ardvarc xl2tpd[1094]: xl2tpd[1094]: "9"
Sep 05 22:54:18 ardvarc pppd[3825]: Plugin passwordfd.so loaded.
Sep 05 22:54:18 ardvarc pppd[3825]: Plugin pppol2tp.so loaded.
Sep 05 22:54:18 ardvarc pppd[3825]: pppd 2.4.7 started by root, uid 0
Sep 05 22:54:18 ardvarc pppd[3825]: using channel 67
Sep 05 22:54:18 ardvarc pppd[3825]: Using interface ppp0
Sep 05 22:54:18 ardvarc pppd[3825]: Connect: ppp0 <-->
Sep 05 22:54:18 ardvarc pppd[3825]: PPPoL2TP options: debugmask 0
Sep 05 22:54:18 ardvarc pppd[3825]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc785c4bd>]
Sep 05 22:54:18 ardvarc systemd-sysctl[3829]: Overwriting earlier assignment of kernel/sysrq in file '/usr/lib64/sysctl.d/60-gentoo.conf'.
Sep 05 22:54:18 ardvarc NetworkManager[3845]: <warn> /sys/devices/virtual/net/ppp0: couldn't determine device driver; ignoring...
Sep 05 22:54:18 ardvarc pppd[3825]: rcvd [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MS-v2> <magic 0x21bb57b4>]
Sep 05 22:54:18 ardvarc pppd[3825]: sent [LCP ConfAck id=0x1 <mru 1410> <asyncmap 0x0> <auth chap MS-v2> <magic 0x21bb57b4>]
Sep 05 22:54:21 ardvarc pppd[3825]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xc785c4bd>]
Sep 05 22:54:21 ardvarc pppd[3825]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xc785c4bd>]
Sep 05 22:54:21 ardvarc pppd[3825]: PPPoL2TP options: debugmask 0
Sep 05 22:54:21 ardvarc pppd[3825]: rcvd [CHAP Challenge id=0xe8 <[HIDDEN]>, name = "LinuxVPN"]
Sep 05 22:54:21 ardvarc pppd[3825]: added response cache entry 0
Sep 05 22:54:21 ardvarc pppd[3825]: sent [CHAP Response id=0xe8 <[HIDDEN]>, name = "TEST\\[HIDDEN]"]
Sep 05 22:54:21 ardvarc pppd[3825]: rcvd [CHAP Success id=0xe8 "S=[HIDDEN] M=Access granted"]
Sep 05 22:54:21 ardvarc pppd[3825]: response found in cache (entry 0)
Sep 05 22:54:21 ardvarc pppd[3825]: CHAP authentication succeeded
Sep 05 22:54:21 ardvarc pppd[3825]: sent [IPCP ConfReq id=0x1 <addr 192.168.10.17>]
Sep 05 22:54:21 ardvarc pppd[3825]: rcvd [IPCP ConfReq id=0x1 <addr 172.21.118.1>]
Sep 05 22:54:21 ardvarc pppd[3825]: sent [IPCP ConfAck id=0x1 <addr 172.21.118.1>]
Sep 05 22:54:21 ardvarc pppd[3825]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.10.17>]
Sep 05 22:54:21 ardvarc charon[2094]: 12[KNL] 192.168.10.17 appeared on ppp0
Sep 05 22:54:21 ardvarc pppd[3825]: local  IP address 192.168.10.17
Sep 05 22:54:21 ardvarc pppd[3825]: remote IP address 172.21.118.1
Sep 05 22:54:21 ardvarc charon[2094]: 10[KNL] 192.168.10.17 disappeared from ppp0
Sep 05 22:54:21 ardvarc charon[2094]: 15[KNL] 192.168.10.17 appeared on ppp0
Sep 05 22:54:21 ardvarc charon[2094]: 06[KNL] interface ppp0 activated
Sep 05 22:54:21 ardvarc pppd[3825]: Script /etc/ppp/ip-up started (pid 3835)
Sep 05 22:54:21 ardvarc pppd[3825]: Script /etc/ppp/ip-up finished (pid 3835), status = 0x0
Sep 05 22:55:23 ardvarc xl2tpd[1094]: xl2tpd[1094]: Maximum retries exceeded for tunnel 34550.  Closing.
Sep 05 22:55:23 ardvarc xl2tpd[1094]: xl2tpd[1094]: Terminating pppd: sending TERM signal to pid 3825
Sep 05 22:55:23 ardvarc xl2tpd[1094]: xl2tpd[1094]: Connection 23032 closed to 192.168.10.108, port 1701 (Timeout)
Sep 05 22:55:23 ardvarc pppd[3825]: Terminating on signal 15
Sep 05 22:55:23 ardvarc pppd[3825]: Connect time 1.1 minutes.
Sep 05 22:55:23 ardvarc pppd[3825]: Sent 0 bytes, received 0 bytes.
Sep 05 22:55:23 ardvarc charon[2094]: 12[KNL] interface ppp0 deactivated
Sep 05 22:55:23 ardvarc charon[2094]: 11[KNL] 192.168.10.17 disappeared from ppp0
Sep 05 22:55:23 ardvarc pppd[3825]: Script /etc/ppp/ip-down started (pid 3979)
Sep 05 22:55:23 ardvarc pppd[3825]: PPPoL2TP options: debugmask 0
Sep 05 22:55:23 ardvarc pppd[3825]: sent [LCP TermReq id=0x2 "User request"]
Sep 05 22:55:23 ardvarc pppd[3825]: Script /etc/ppp/ip-down finished (pid 3979), status = 0x0
Sep 05 22:55:24 ardvarc xl2tpd[1094]: xl2tpd[1094]: check_control: Received out of order control packet on tunnel 23032 (got 4, expected 2)
Sep 05 22:55:24 ardvarc xl2tpd[1094]: xl2tpd[1094]: handle_packet: bad control packet!
Sep 05 22:55:24 ardvarc xl2tpd[1094]: xl2tpd[1094]: check_control: Received out of order control packet on tunnel 23032 (got 4, expected 2)
Sep 05 22:55:24 ardvarc xl2tpd[1094]: xl2tpd[1094]: handle_packet: bad control packet!
Sep 05 22:55:26 ardvarc pppd[3825]: sent [LCP TermReq id=0x3 "User request"]
Sep 05 22:55:28 ardvarc xl2tpd[1094]: xl2tpd[1094]: Unable to deliver closing message for tunnel 34550. Destroying anyway.
Sep 05 22:55:29 ardvarc pppd[3825]: Connection terminated.
Sep 05 22:55:29 ardvarc charon[2094]: 05[KNL] interface ppp0 deleted
Sep 05 22:55:29 ardvarc avahi-daemon[2943]: Withdrawing workstation service for ppp0.
Sep 05 22:55:29 ardvarc pppd[3825]: Modem hangup
Sep 05 22:55:29 ardvarc pppd[3825]: Exit.

It exhibits the SAME BEHAVIOR as you: pppd exists soon after it connects. So its not just you. I've notice Fedora produces different outut for xl2tpd than Gentoo, and Gentoo passes some extra option to pppd that Fedora does not. Now I need to figure out where it pulling these option from.
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Sat Sep 06, 2014 4:46 am    Post subject: Reply with quote

Ok I think I finally got it figure out. PPP is using the IP of the primary inteface as the default for the local IP of the PPP link, when we want NO default. So one winds up with 2 interface with the same IP, which causes connectivity loss, which is why the connection dies. Thankfullly there is a ppp option "noipdefault" that tells pppd NOT to do this.
Code:

noipdefault
noauth
nodefaultroute

Restart xl2tpd, reconnect and this time it should work! (It worked for me).
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Sat Sep 06, 2014 6:10 am    Post subject: Reply with quote

Hi,

Unfortunately, still no dice.

Code:

noipdefault
noauth
nodefaultroute
debug


Code:

Sep  6 06:45:44 sveta pppd[4251]: rcvd [CHAP Success id=0x1 "S=[HIDDEN]"]
Sep  6 06:45:44 sveta pppd[4251]: response found in cache (entry 0)
Sep  6 06:45:44 sveta pppd[4251]: CHAP authentication succeeded
Sep  6 06:45:44 sveta pppd[4251]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Sep  6 06:45:45 sveta pppd[4251]: rcvd [IPCP TermAck id=0x1]
Sep  6 06:45:47 sveta pppd[4251]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Sep  6 06:45:48 sveta pppd[4251]: rcvd [IPCP ConfReq id=0x1 <addr 17.11.7.5>]
Sep  6 06:45:48 sveta pppd[4251]: sent [IPCP ConfAck id=0x1 <addr 17.11.7.5>]
Sep  6 06:45:48 sveta pppd[4251]: rcvd [IPCP ConfNak id=0x1 <addr 125.64.27.8>]
Sep  6 06:45:48 sveta pppd[4251]: sent [IPCP ConfReq id=0x2 <addr 125.64.27.8>]
Sep  6 06:45:48 sveta pppd[4251]: rcvd [IPCP ConfAck id=0x2 <addr 125.64.27.8>]
Sep  6 06:45:48 sveta charon: 10[KNL] 125.64.27.8 appeared on ppp0
Sep  6 06:45:48 sveta pppd[4251]: local  IP address 125.64.27.8
Sep  6 06:45:48 sveta charon: 09[KNL] 125.64.27.8 disappeared from ppp0
Sep  6 06:45:48 sveta pppd[4251]: remote IP address 17.11.7.5
Sep  6 06:45:48 sveta charon: 14[KNL] 125.64.27.8 appeared on ppp0
Sep  6 06:45:48 sveta charon: 15[KNL] interface ppp0 activated
Sep  6 06:45:48 sveta pppd[4251]: Script /etc/ppp/ip-up started (pid 4255)
Sep  6 06:45:48 sveta pppd[4251]: Script /etc/ppp/ip-up finished (pid 4255), status = 0x0
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Sat Sep 06, 2014 3:29 pm    Post subject: Reply with quote

According to the output of pppd, it connected and it looks exactly like mine when it connect successfully,Is it still dropping?

If so, look at this line:
Code:

Sep  6 06:45:48 sveta pppd[4251]: local  IP address 125.64.27.8

This value should NOT be the same as any other adapter in your system. If it is the same, then "noipdefault" didn't "take". Restart xl2tpd in that case.
Back to top
View user's profile Send private message
Duco Ergo Sum
Apprentice
Apprentice


Joined: 06 Dec 2005
Posts: 154
Location: Winsford

PostPosted: Sat Sep 06, 2014 6:20 pm    Post subject: Reply with quote

The local IP address is different. My local network is on the range 10.x.x.x while the host network is on 172.x.x.x

It would appear that to get a connection, it has to be within moments of ipsec and the first connection attempt after xl2tpd. I am still unable to communicate over the ppp0 device. It kills the l2tp connection after a short time out. Even before that time out, ping is unable to reach anything on the other side.


# tcpdump -i ppp0 proto 50
Code:

error : ret -1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel


# tcpdump -i ppp0 udp port 1701
Code:

error : ret -1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel



# ifconfig
Code:

bond0: flags=5123<UP,BROADCAST,MASTER,MULTICAST>  mtu 1500
        ether f6:ab:86:9a:72:b6  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 1.2.3.4  netmask 255.255.255.0  broadcast 10.1.1.255
        inet6 fd00::ca60:ff:fecc:4614  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::ca60:ff:fecc:4614  prefixlen 64  scopeid 0x20<link>
        ether c8:60:00:cc:46:14  txqueuelen 1000  (Ethernet)
        RX packets 43497  bytes 53946072 (51.4 MiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 28720  bytes 2992069 (2.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory [HIDDEN]-[HIDDEN] 

enp59s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether c8:60:00:cc:49:fc  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  memory [HIDDEN]-[HIDDEN] 

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 41  bytes 16913 (16.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 41  bytes 16913 (16.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 125.64.27.8  netmask 255.255.255.255  destination 17.11.7.5
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 4  bytes 34 (34.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 40 (40.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Back to top
View user's profile Send private message
salahx
Guru
Guru


Joined: 12 Mar 2005
Posts: 530

PostPosted: Sat Sep 06, 2014 8:04 pm    Post subject: Reply with quote

You won't see ESP or L2TP packets over the ppp interface, just regular traffic, as the IPSec and l2tp stuff is in outer layer.

But if pppd is disconnecting still, i'm at a loss why. It works for me and i tried a few different l2tp connections scenarios. I don't think the problem is related to NAT since that would cause ipsec problems and the ipsec layer is working perfectly.

You can try the unstable version of xl2tpd (1.3.6) and see if that works better (it starts pppd with a few different options). At this point, I know we're close to get it to work, but I'm stumped as to why pppd is disconnected because everything look good.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page Previous  1, 2, 3, 4, 5  Next
Page 2 of 5

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum