Applescript scripted creation of a VPN connection in 10.9
Hi,
I have an Applescript VPN setup script that works fine in 10.8 and previous, but I'm having trouble getting it to work in 10.9. My problem is that the "VPN Type" field in Network in System Preferences is not declared as a child by the sheet that contains it. (In Accessibility Inspector, it gives the message "Parent does not report child as one of its elements.")
So in the 10.8 script, I used the following to select "VPN" and then "PPTP" in the property sheet:
tell application "System Preferences"
reveal pane "Network"
activate
tell application "System Events"
tell process "System Preferences"
tell window 1
delay 1
click button "Add Service"
tell sheet 1
click pop up button 1
click menu item "VPN" of menu 1 of pop up button 1
click pop up button 2
click menu item "PPTP" of menu 1 of pop up button 2
[etc]
In 10.9, this does not work, because there is no pop up button 2 of sheet 1 of window 1 of the Network pane. There is a pop up button, of course, but it is not "of" sheet 1 - it does not appear in sheet 1's AXChildren.
Any ideas? Help a newbie out?
Same issue here, any news on this @ghjm?
Similar Messages
-
Hello!
I want to create bat script to create several VPN connection.
There is powershell command to create vpn connection:
add-vpnconnection -name "Test VPN" -serveraddress "vpn.example.com" -splittunneling -tunneltype "pptp"
And I need to create VPN connection without the option "Use default gateway on remote network" option on VPN connection"
Or modify this option on existent VPN connection with command.
Please help me to find command option or other command to disable "Use default gateway on remote network" option on VPN connection" feature.http://technet.microsoft.com/nl-nl/library/ee431701%28v=ws.10%29.aspx RouteIPv4TrafficOverRAS True – Add a default gateway on the VPN connection False – Do not add default gateway on the VPN connection
-
Trying to set a delay in an Applescript for VPN connection
I need to be able to set some routes upon opening a particular VPN connection so I did some searching and found a really simple Applescript that does the job. Problem is it tries to set the routes before the VPN actually connects so the routes don't go in.
I added in a 10 second delay which does the trick, but I'm thinking there has to be a way to do this that waits until the VPN actually connects before continuing - so if it takes 5 seconds or 10 or whatever, it waits.
The other thing I'm doing that I think is bad is I'm sending a route delete command before sending the add command. Why? Because if I don't and for some reason the route is partially in the table, it doesn't give an error and ends up not routing. Again, probably a better way to do this.
Here is my current script"
-- Connect Work VPN
tell application "System Events"
tell current location of network preferences
set VPNservice to service "Work" -- name of the VPN service
if exists VPNservice then connect VPNservice
end tell
end tell
delay 10
set gateway to "x.x.x.x" -- omitted here for security
do shell script "route delete 192.168.25.0/24 " & gateway with administrator privileges
do shell script "route delete 192.168.20.0/24 " & gateway with administrator privileges
do shell script "route add 192.168.25.0/24 " & gateway with administrator privileges
do shell script "route add 192.168.20.0/24 " & gateway with administrator privileges
Any suggestions??
Thanks.you might want to try asking in the Applescript forum under OS X technologies.
I don't have any VPN connections so can't test anything but applescript dictionary for system events indicates that configuration property of a service has a boolean property "connected". so just run a loop with, say, 1 second delay until this porperty becomes true. presumably it would be something along the lines
<pre style="
font-family: Monaco, 'Courier New', Courier, monospace;
font-size: 10px;
margin: 0px;
padding: 5px;
border: 1px solid #000000;
width: 720px;
color: #000000;
background-color: #ADD8E6;
overflow: auto;"
title="this text can be pasted into the Script Editor">
tell application "System Events"
tell current location of network preferences
set VPNservice to service "Work" -- name of the VPN service
if exists VPNservice then connect VPNservice
repeat until (connected of current configuration of VPNservice)
delay 1
end repeat
end tell
end tell
set gateway to "x.x.x.x" -- omitted here for security
do shell script "route delete 192.168.25.0/24 " & gateway with administrator privileges
do shell script "route delete 192.168.20.0/24 " & gateway with administrator privileges
do shell script "route add 192.168.25.0/24 " & gateway with administrator privileges
do shell script "route add 192.168.20.0/24 " & gateway with administrator privileges</pre> -
Problem in script mounting volume on VPN-server
Hi,
I try to set up the app Chronosync to make a regular backup on a disc volume that is at the University.
Chronosync can be told to backup at certain times, but the folder/volume needs to be mounted.
Chronosync can start an applescript to do this automated.
I made a script that opens the VPN, but I fail to get it to mount the specific volume on the server.
This is what I have so far:
tell application "System Events"
tell current location of network preferences
set VPNservice to service "***" --replace asterix by name of VPN-server
set isConnected to connected of current configuration of VPNservice
tell application "System Events" to tell process VPNservice to activate
if not isConnected then
connect VPNservice
delay 1
tell application "System Events" to tell process VPNservice to keystroke "******" --replace asterix by password
tell application "System Events" to tell process VPNservice to keystroke return
end if
end tell
end tell
This opens the vpn connection, and from there it should be just mounting the personal volume on the university's server.
Actually it looks fairly simple to do: Finder > Go > connect to server > click smb://***** and off you are.
But I just don't get this last piece working.
Help is very welcome!I managed to get a step further and have the script working - that is to say in Applescript. But when I start the script in Chronosync it will not perform the second action, mounting the volume.
Why would that be??
tell application "System Events"
tell current location of network preferences
set VPNservice to service "VPN***"
set isConnected to connected of current configuration of VPNservice
tell application "System Events" to tell process VPNservice to activate
if not isConnected then
connect VPNservice
delay 1
tell application "System Events" to tell process VPNservice to keystroke "--password"
tell application "System Events" to tell process VPNservice to keystroke return
end if
end tell
end tell
delay 4
tell application "Finder" to open location "smb://username:password@servername/username" -
Hi i need help with applescript to stop downloads when vpn fails
I am an apple script novice, I would like to be able to have a script run all the time to detect vpn failures and close transmission when this happens:
so far:
on idle
do shell script "ifconfig -lu"
if "ifconfig -lu" contains "tun0" then
else if "ifconfig -lu" does not contain "tun0" then
tell application "System Events"
tell application "Transmission"
quit
end tell
end tell
end if
end idle
it closes transmission and nothing else. tun0 is my vpn interface and seemed the most fireproof way of understanding the state of the vpn connect. When VPN is down tun0 doesnt exist. Please help.
many thanksThere are several things wrong with your script.
First, the glaring one:
if "ifconfig -lu" contains "tun0" then
This will never, ever, ever be true. What you're asking AppleScript is whether the string "ifconfig -lu" contains the string "tun0". Never going to happen. Not even close.
What you really mean is whether the output of the shell command 'ifconfig -lu' contains 'tun0'. The easiest way to do that is to capture the output of the do shell script command in a variable and then test the variable, not the literal string:
set activeInterfaces to do shell script "ifconfig -lu"
if activeInterfaces does not contain "tun0" then
-- stuff goes here
end if
Now AppleScript runs the shell script and puts the result in activeInterfaces which you then test to see if it contains (or, in this case, does not contain) the string you're looking for.
Note that I've also reworked your if statement.. there's no need to have an empty 'if' clause followed by an else if that checks the opposite... by definition if the first one fails the second one will be true.
Also note that there's no need to tell System Events to tell another application to quit - you can just do that directly.
Next up is that you don't exit your own script after you quit Transmission. So now you have the scenario where the VPN drops, your script detects it and tells transmission to quit. However, your script keeps running so it then rechecks whether the tunnel is up... since it presumably isn't, it then relaunches Transmission in order to tell it to quit again. Then it rechecks whether the tunnel is up, if it isn't, it relaunches Transmission to tell it to quit... then it rechecks... you get the idea.
Ideally you should tell your own script to quit after Transmission has exited so that you're not stuck in this loop.
Lastly you don't include a return value in your idle handler. This means that your idle handler will run every 30 seconds. That might be good enough, or you might want to check more or less frequently. Just return a value indicating the number of seconds to pause between iterations - realise that the more frequently you check, of course, the more load you put on your system
Adding that all up you'll end up with something like:
on idle
set activeInterfaces to do shell script "ifconfig -lu"
if activeInterfaces does not contain "tun0" then
tell application "Transmission" to quit
tell me to quit
end if
return 30 -- 30 is default value, but it doesn't hurt to include it here
end idle -
Applescript with Tunnelblick selecting random VPN
I've been trying to write a simple applescript to get a list of availible VPN connections and pick a random one, here it is:
tell application "Tunnelblick"
set the_values_list to get configurations
set the list_count to the count of the_values_list --gets number of items in list
set pick to random number from 1 to list_count --has it choose a random item
set generated_choice to item pick of the_values_list --sets the generated item as the choice
return generated_choice --displays the choice
tell end
This returns
Result: configuration "USA.Indiana.SouthBend_LOC1S2.UDP" of application "Tunnelblick"
However I try to connect by replacing the return
connect generated_choice --displays the choice
And I get an error
Tunnelblick got an error: Invalid key form.
To connect to a VPN using apple script I should just pass in
connect "USA.Indiana.SouthBend_LOC1S2.UDP"
However I can't seem to just get that value "USA.Indiana.SouthBend_LOC1S2.UDP"
I've spent a very long time trying to debug this, but i'm very novice when it comes to applescript, why could this be happening? It seems like it's passing in array's(list) pocked instead of the value, or? I've tried to convert it to string, I tried to find out the data type of the randomly returned item(didn't work, same error yet again) Any helps would be really appreciated!Hello
Try something like this -
tell application "Tunnelblick"
set c to get some configuration
--set c to some item of (get configurations) -- if the above fails
set n to (c as record)'s «class seld» -- get the name from object specifier record
connect n
end tell
Or this in case 'record' is in application's terminology -
tell application "Tunnelblick"
set c to get some configuration
--set c to some item of (get configurations) -- if the above fails
end tell
set n to (c as record)'s «class seld» -- get the name from object specifier record
tell application "Tunnelblick"
connect n
end tell
The incantation -
(obj as record)'s «class seld»
is a low level method to get the value for seld-key in object specifier record of obj.
It usually works unless obj is a collection. But not tested with this specific application.
Good luck,
H -
Hello, how could I setup or deploy several PPTP-VPN connections via AppleScript? (System Preferences-Network-Add Interface-VPN-PPTP)
Thanks in advance!I must confess that I don't know much about network connections. However, using [GUI Scripting|http://www.macosxautomation.com/applescript/uiscripting/index.html], the following script (tested on my MacBook Pro) should add one "VPN (PPTP)" connection to the Network pane of you System Preferences:
tell application "System Preferences"
reveal pane "Network"
activate
tell application "System Events"
tell process "System Preferences"
tell window 1
click button "Add Service"
tell sheet 1
click pop up button 1
click menu item "VPN" of menu 1 of pop up button 1
delay 1
click pop up button 2
click menu item "PPTP" of menu 1 of pop up button 2
click button "Create"
end tell
click button "Apply"
end tell
end tell
delay 1 -- optional (just for visual feedback)
keystroke "w" using {command down}
end tell
end tell
Before using this script, the Accessibility Frameworks must have been enabled by clicking the checkbox labeled "Enable access for assistive devices" in the Universal Access System Preference pane.
Message was edited by: Pierre L. -
VPN connection created with CMAK fails to update routing table on Windows 8.1 with error 8000ffff
When my clients connect their CMAK-created VPN, it fails to run the script to set their routing table with the following error:
Custom script (to update your routing table) failed (8000ffff)
My objective is to create a VPN connection with split tunneling - does not use the VPN connection as the client's default gateway.
All my clients are on Windows 8.1 64-bit, and are logged in with Administrative privileges
My VPN Clients are on 10.242.2.0/24, my internal network is on 10.172.16.0/24
I want only traffic for 10.172.16.0 to go via the VPN. Everything else should go via the client's internet connection
My Connection Manager Administration Kit profile, was created on Windows 2012 R2 CMAK with the following settings:
"Make this connection the client's default gateway" is UNticked on the IPv4 tab.
Define a routing table update is specified with a text file containing:
+++ Start of txt file +++
REMOVE_GATEWAY
add 10.172.16.0 mask 255.255.255.0 default metric default if default
+++ End of txt file +++
The txt file is saved in DOS/Windows format (not Unicode or UTF-8 which I've read causes problems)
I've tried everything in lower and upper case in the txt file after reading that the file might be case sensitive
The following appears on the client with logging enabled:
[cmdial32] 10:42:34
03 Pre-Init Event CallingProcess = C:\WINDOWS\system32\rasautou.exe
[cmdial32] 10:42:40
04 Pre-Connect Event ConnectionType = 1
[cmdial32] 10:42:40
06 Pre-Tunnel Event UserName = UserName Domain = DUNSetting = VPN (L2TP x64 NoGW) Tunnel DeviceName = TunnelAddress = vpn.mydomain.tld
[cmdial32] 10:42:43
07 Connect Event
[cmdial32] 10:42:43
09 Custom Action Exe ActionType = Connect Actions Description = (none) ActionPath = CMDL32.EXE. The program was launched successfully.
[cmdial32] 10:42:43
08 Custom Action Dll ActionType = Connect Actions Description = to update your routing table ActionPath = C:\Users\UserName\AppData\Roaming\Microsoft\Network\Connections\Cm\VPN64\CMROUTE.DLL ReturnValue
= 0x8000ffff
[cmdial32] 10:42:43
21 On-Error Event ErrorCode = -2147418113 ErrorSource = to update your routing table
[cmdial32] 10:42:43
13 Disconnect Event CallingProcess = C:\WINDOWS\system32\cmdial32.dll
Where can I find out what error codes 8000ffff or -2147418113 mean?That was it. Thanks, Steven
"By default, the dial-up entry and the VPN entry have Make this connection the default gateway selected.
Leave this default in place, and remove any gateways by using the REMOVE_GATEWAY command in the routing table update file itself."
It seems counter-intuitive to leave
Make this connection the default gateway selected, when I specifically don't want that behaviour, but leaving it selected and using REMOVE_GATEWAY works for me. -
RV042 VPN Connection Questions
Hello,
I have successfully connected two RV042s to establish a VPN gateway to VPN gateway connection. I have the follow questions, please comment:
1. I would like to keep the VPN tunnel connection time indefinite. Is it sufficient by checking the "Keep-Alive" box on the VPN -> Gateway To Gateway -> Advance page? Or, I have to ping the RV042 periodically?
2. Do the "Phase 1/Phase 2 SA Life Time" (on VPN -> Gateway To Gateway page) settings have any impact on keeping the VPN connection time indefinite? What are the optimal values for them?
3. Is there an API, command, or script to replace a manual clicking on the "CONNECT" button to establish the VPN tunnel from the VPN -> Summary page? Or, is there a way to accomplish this at power up?
4. Is there a way to establish a VPN tunnel without going through login and clicking the "CONNECT" button? (Auto connect at power up?)
Thank you in advance for the comments.
SteveHi, Mike,
I did not do any extensive testings on the RV042s, but I did the following things to my RV042s:
1. Enabled the "Keep-Alive" feature (see Administration Guide, page 128),
2. Enabled the "Dead Peer Detection" feature and set the interval to 10 seconds. (see Administration Guide, page 129).
Make sure you save the changes.
These features are available below the "Advanced" button under the VPN selection. I hope this help.
You can power down the router or disconnect the network to verify the result. The VPN tunnel should be re-established and stay connected.
Steve -
Automatically create a custom VPN connection and set default wallpaper in a deployment...
Hey guys,
I've been hard at work on creating a custom deployment for our company to allow us to start rolling out Windows 7 at the first of next month. I demonstrated it to the brass today and they were blown away. All they asked for was two changes and I admit I'm stumped. Hopefully someone here can help:
1 - Set Default Wallpaper for *all* users: I've written a script to copy our company wallpaper to "C:\Windows\Web\Wallpaper" during a deployment. Is there any way I can modify that script to set that wallpaper as default for anyone who logs into that computer. Or if there's a non-script way to do this I'm all ears. I just need that wallpaper as default.
2 - Create a VPN Connection for our company intranet: Right now this is being done manually in the Network and Sharing Center. All they are doing is choosing "Set up a new connection or network" >> "Connect to a workplace" >> "Use my Internet Connection (VPN)" and just entering our VPN server IP Address and giving the connection a name. Surely there has to be a way to automate this with a script or something? Can anyone help?
3 - BONUS: This is just gravy, but if anyone can tell me how to "silently" or "automatically" disable the "Highlight newly installed programs" checkbox for all users using a script or something, that would be *wonderful*.
Can anyone help me here?1. Go here http://blogs.technet.com/deploymentguys/archive/2008/06/06/useful-script-number-5-adjusting-the-default-user-registry-hive.aspx . There is a script that will set your default wallpaper for you.
2. Does your company use a VPN client?
3. This option is set in the Registry. You could create a startup script or add this to your Task Sequence. Create the Dword and set it to 0 to disable highlighting.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Start_NotifyNewApps
Rich
http://deploywindows7.wordpress.com/
Thanks for responding Rich,
1. I actually came across that script when I was poking around the Deployment guys forums, but I noticed that it did a lot more than just set the Wallpaper. I was trying to "keep it simple" plus the registry editing sort of made me nervous. I guess I can give it a go and see if it can be made to work for me.
2. Our company dos not use a VPN client. If you look back at my description of the process in bullet point #2 we are just using the Network and Sharing Center that is built into Windows 7 to create a simple VPN connection. That's why I'm so certain there has to be a way to automate this process. ll we are doing is entering an IP Address and giving the connection a name. Surely I can script that, or is there maybe some way to create the connection on one computer and save it as a file that I can then copy to each machine during my deployment?
3. Thanks for answering my bonus one too. Please forgive my ignorance because I am new to a lot of this. I assume I can create a "file" with the proper registry settings that can be applied during deployment right? I've seen people crate files that do this and use the .reg extension. Do you know how to make one of these or can you link me to a tutorial that steps me through it?
You could always edit the script to leave the other parts out. Thanks for the clarification on the VPN Client, just wanted to make absolutely sure. Let me know how if the process you found works for you.
For the reg key, you would want to create the key I described, add it to your scripts directory, and then add a Client Build Custom Task in StateRestore to set the key in the registry. You can do this by adding a RunLineCommand to the Task Sequence. Then the command would look like this
cmd /c regedit /s %deployroot%\scripts\NameOfRegKey.reghttp://deploywindows7.wordpress.com/ -
Certificate error when Lync client login through VPN connection
Hello,
I am using the certificates from internal cert authority on Lync 2013 frontend servers and on edge server internal network. Edge external is using a third part certificate.
The users always use MS VPN connection when work remotely. We have multiple subnets in the company so "use default gateway on remote network" is enabled for routing.
When the users try to log in Lync client from non-domain joined computers while on VPN, they can't log in and get certificate error. It is hard to import the internal certificate on the computers.
What change do I need to do to the Lync certificates? ThanksYou have a few options:
1) You could attempt to hardcode the client so that it always connects through the edge. This can be done through tools->options->personal->advanced->manual configuration (but you may have to hardcode the FQDN in your hosts file so it doesn't
attempt to resolve via internal DNS). This may not work since your firewall may not be too happy with "internal" traffic leaving and coming back through the edge.
2) Write a script that helps automate the certificate installation and try to walk users through it.
3) Bite the bullet and use a third party certificate on the internal servers.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
How do I troubleshoot a site to site vpn connection?
I have a site to site vpn connection setup to a client site that functions fine except for 2 ip addresses on the client are not responding.
They insist the problem is at our end but I don't know how to troubleshoot it. The access rules are there for both the problematic IP addresses exactly the same as all the others which work fine.
The connection is over port 21.
Can anyone point me in the right direction to find the fault?
Thanks
GrahamThanks for the ongoing help Abhishek. Here are the results you requested:
Result of the command: "packet-tracer input inside tcp 78.129.151.9 21 172.16.157.164 21 detailed"
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 Outside
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group allow in interface Inside
access-list allow extended permit ip any any
Additional Information:
Forward Flow based lookup yields rule:
in id=0xab8da840, priority=12, domain=permit, deny=false
hits=23185385, user_data=0xa8acab80, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xab87da98, priority=0, domain=inspect-ip-options, deny=true
hits=26999122, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 4
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xac19fc90, priority=70, domain=encrypt, deny=false
hits=5, user_data=0x7c0e604, cs_id=0xab83dc88, reverse, flags=0x0, protocol=0
src ip=78.129.151.9, mask=255.255.255.255, port=0
dst ip=172.16.157.164, mask=255.255.255.255, port=0, dscp=0x0
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group allow out interface Outside
access-list allow extended permit ip any any
Additional Information:
Forward Flow based lookup yields rule:
out id=0xab8da4b8, priority=12, domain=permit, deny=false
hits=23344429, user_data=0xa8acac00, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 6
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xac19fbb0, priority=69, domain=ipsec-tunnel-flow, deny=false
hits=5, user_data=0x7c1089c, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=172.16.157.164, mask=255.255.255.255, port=0
dst ip=78.129.151.9, mask=255.255.255.255, port=0, dscp=0x0
Phase: 7
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xab831ea0, priority=0, domain=inspect-ip-options, deny=true
hits=23303214, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 8
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 27682039, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_encrypt
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_ipsec_tunnel_flow
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: Inside
input-status: up
input-line-status: up
output-interface: Outside
output-status: up
output-line-status: up
Action: allow
Result of the command: "sh crypto isa sa"
1 IKE Peer: 94.128.3.13
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
Result of the command: "sh crypto ipsec sa peer 94.128.3.130"
peer address: 94.128.3.130
Crypto map tag: VPNPEER, seq num: 40, local addr: 87.117.213.66
access-list HK extended permit ip host 78.129.151.9 host 172.16.158.72
local ident (addr/mask/prot/port): (78.129.151.9/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.16.158.72/255.255.255.255/0/0)
current_peer: 94.128.3.130
#pkts encaps: 134528, #pkts encrypt: 134528, #pkts digest: 134528
#pkts decaps: 134434, #pkts decrypt: 134434, #pkts verify: 134434
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 134528, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 87.117.213.66, remote crypto endpt.: 94.128.3.130
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: DC42A606
current inbound spi : 8D93AAC5
inbound esp sas:
spi: 0x8D93AAC5 (2375264965)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1564526/2674)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xDC42A606 (3695355398)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1565777/2674)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: VPNPEER, seq num: 40, local addr: 87.117.213.66
access-list HK extended permit ip host 78.129.151.9 host 172.16.158.11
local ident (addr/mask/prot/port): (78.129.151.9/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.16.158.11/255.255.255.255/0/0)
current_peer: 94.128.3.130
#pkts encaps: 48577, #pkts encrypt: 48577, #pkts digest: 48577
#pkts decaps: 55798, #pkts decrypt: 55798, #pkts verify: 55798
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 48577, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 87.117.213.66, remote crypto endpt.: 94.128.3.130
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: F6D08308
current inbound spi : 8DF816EB
inbound esp sas:
spi: 0x8DF816EB (2381846251)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1565999/2672)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x000001FF
outbound esp sas:
spi: 0xF6D08308 (4140860168)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1565999/2672)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: VPNPEER, seq num: 40, local addr: 87.117.213.66
access-list HK extended permit ip host 78.129.151.9 host 172.16.157.164
local ident (addr/mask/prot/port): (78.129.151.9/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.16.157.164/255.255.255.255/0/0)
current_peer: 94.128.3.130
#pkts encaps: 33383, #pkts encrypt: 33383, #pkts digest: 33383
#pkts decaps: 62020, #pkts decrypt: 62020, #pkts verify: 62020
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 33383, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 87.117.213.66, remote crypto endpt.: 94.128.3.130
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 4F1C0C7B
current inbound spi : E7AD7104
inbound esp sas:
spi: 0xE7AD7104 (3886903556)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1554196/1167)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x4F1C0C7B (1327238267)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1565786/1167)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: VPNPEER, seq num: 40, local addr: 87.117.213.66
access-list HK extended permit ip host 78.129.151.9 host 172.16.158.71
local ident (addr/mask/prot/port): (78.129.151.9/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.16.158.71/255.255.255.255/0/0)
current_peer: 94.128.3.130
#pkts encaps: 37285, #pkts encrypt: 37285, #pkts digest: 37285
#pkts decaps: 65179, #pkts decrypt: 65179, #pkts verify: 65179
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 37285, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 87.117.213.66, remote crypto endpt.: 94.128.3.130
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: A4FF525F
current inbound spi : 25C04F5C
inbound esp sas:
spi: 0x25C04F5C (633360220)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1490798/1167)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xA4FF525F (2768196191)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1564601/1167)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: VPNPEER, seq num: 40, local addr: 87.117.213.66
access-list HK extended permit ip host 78.129.151.9 host 172.16.158.73
local ident (addr/mask/prot/port): (78.129.151.9/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.16.158.73/255.255.255.255/0/0)
current_peer: 94.128.3.130
#pkts encaps: 2173002, #pkts encrypt: 2173002, #pkts digest: 2173002
#pkts decaps: 4166416, #pkts decrypt: 4166416, #pkts verify: 4166416
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 2173002, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 87.117.213.66, remote crypto endpt.: 94.128.3.130
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: B5DAC5BA
current inbound spi : 8B01255A
inbound esp sas:
spi: 0x8B01255A (2332108122)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (934511/1915)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xB5DAC5BA (3051013562)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1556432/1915)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: VPNPEER, seq num: 40, local addr: 87.117.213.66
access-list HK extended permit ip host 78.129.151.9 host 172.17.167.10
local ident (addr/mask/prot/port): (78.129.151.9/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.17.167.10/255.255.255.255/0/0)
current_peer: 94.128.3.130
#pkts encaps: 289506, #pkts encrypt: 289506, #pkts digest: 289506
#pkts decaps: 424145, #pkts decrypt: 424145, #pkts verify: 424145
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 289506, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 87.117.213.66, remote crypto endpt.: 94.128.3.130
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 66956330
current inbound spi : 55173067
inbound esp sas:
spi: 0x55173067 (1427583079)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1552267/2682)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x66956330 (1721066288)
transform: esp-3des esp-md5-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 20058112, crypto-map: VPNPEER
sa timing: remaining key lifetime (kB/sec): (1565576/2682)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001 -
Cannot establish VPN connection
I am using wicd to manage my network connections.
I am now trying to establish a VPN connection via pptpsetup, but it turned out that it failed to get a sucessful connection. The following is some debuging information:
PS:
I can use the VPN on my Android phone and Windows 8 computer with their default settings.
The router used is TP-LINK WR841N. I also tried to make the VPN connection throgh a Windows XP guest in my Virtualbox, but I get a 619 ERROR.
jiang:~/ $ sudo pon kierk debug dump logfd 2 nodetach
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/peers/kirk)
name jiang # (from /etc/ppp/peers/kirk)
remotename kirk # (from /etc/ppp/peers/kirk)
# (from /etc/ppp/peers/kirk)
pty pptp xxx.xxx.xxx.xxx --nolaunchpppd # (from /etc/ppp/peers/kirk)
crtscts # (from /etc/ppp/options)
# (from /etc/ppp/options)
asyncmap 0 # (from /etc/ppp/options)
lcp-echo-failure 4 # (from /etc/ppp/options)
lcp-echo-interval 30 # (from /etc/ppp/options)
hide-password # (from /etc/ppp/options)
ipparam kierk # (from /etc/ppp/peers/kirk)
proxyarp # (from /etc/ppp/options)
nobsdcomp # (from /etc/ppp/peers/kirk)
nodeflate # (from /etc/ppp/peers/kirk)
require-mppe-128 # (from /etc/ppp/peers/kirk)
noipx # (from /etc/ppp/options)
using channel 21
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x71ca3d38> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x71ca3d38> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2c64d2c3> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2c64d2c3> <pcomp> <accomp>]
rcvd [CHAP Challenge id=0x2b <a88a56750015778c17b36c340ab95b54>, name = "pptpd"]
Discarded non-LCP packet when LCP not open
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x71ca3d38> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x170af2bc> <pcomp> <accomp>]
sent [LCP ConfAck id=0x2 <asyncmap 0x0> <auth chap MS-v2> <magic 0x170af2bc> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x71ca3d38> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0x71ca3d38]
rcvd [CHAP Challenge id=0x4f <e7fbc765e5caffc883e1fd5ac7ddd514>, name = "pptpd"]
Warning - secret file /etc/ppp/chap-secrets has world and/or group access
added response cache entry 0
sent [CHAP Response id=0x4f <6d44c943c527b9747f3a45fc527d2fe0000000037d7cd2d3359f8489fd322782173df80a2eb90bf200>, name = "jiang"]
rcvd [LCP EchoRep id=0x0 magic=0x170af2bc]
rcvd [CHAP Success id=0x4f "S=08E4FE5840F9196A9EF5377E65C8D20A2C030 M=Access granted"]
response found in cache (entry 0)
CHAP authentication succeeded
Couldn't set pass-filter in kernel: Invalid argument
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.0.103>]
rcvd [IPCP ConfReq id=0x1 <addr 172.16.36.1>]
sent [IPCP ConfAck id=0x1 <addr 172.16.36.1>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 192.168.0.103>]
rcvd [IPCP ConfNak id=0x2 <addr 172.16.36.5>]
sent [IPCP ConfReq id=0x3 <addr 172.16.36.5>]
rcvd [IPCP ConfAck id=0x3 <addr 172.16.36.5>]
Cannot determine ethernet address for proxy ARP
local IP address 172.16.36.5
remote IP address 172.16.36.1
Script /etc/ppp/ip-up started (pid 13121)
Script /etc/ppp/ip-up finished (pid 13121), status = 0x0
Last edited by hellolj (2014-06-24 03:13:14)Hi,
I don't want to sound sarcastic but why didn't you try moving to the NetworkManager utility, I remember well that (yeah it's a Shitian) back in Backtrack 5 and even the fourth connexions were managed by wicd and always caused troubles at some point. NetworkManager handles very well VPN connections without problems and still allows you to make advances configurations. Maybe you should consider trying it in your Virtual Box and post results. Sometimes thiking easy avoids headaches and lets you relax.
On the other hand, it is true that router's "PPTP & VPN passthrough" option can cause troubles when using VPNs, and catalin's solution might be the best, but unless you absolutely need to use wicd (I can't think of a reason right now), you should consider easing things up with NetworkManager. Again just my belief.
Are you trying to connect a VPN or create a VPN connection betweed two points ?
Hope this helps.
Last edited by sugartest (2014-07-10 13:12:57) -
[SOLVED, kind of] VPN connection problems
Hi guys,
I'm having a problem connecting to a VPN in KF5:
Until a couple days ago, I was using KDE4, and there I was still able to connect to a VPN (I'm using IPVanish), although after connecting to any VPN I always had to run the command
# ip route add default dev tun0
for the NetworkManager to actually use the connection.
However, now with KF5, this doesn't seem to work anymore. All my VPN connections are listed in the applet, and connecting to any fo them also seems to work (it takes a few second, then the VPN connection is added to the "Active Connections" section), however, all my network traffic still goes through my "normal" connection. Running the above command after connecting to a VPN doesn't change anything.
Here is the log of NetworkManager, I can't spot anything unusual:
Mar 02 22:09:10 keineeile NetworkManager[420]: <info> Starting VPN service 'openvpn'...
Mar 02 22:09:10 keineeile NetworkManager[420]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 1454
Mar 02 22:09:10 keineeile NetworkManager[420]: <info> VPN service 'openvpn' appeared; activating connections
Mar 02 22:09:10 keineeile NetworkManager[420]: <info> VPN plugin state changed: starting (3)
Mar 02 22:09:10 keineeile NetworkManager[420]: nm-openvpn-Message: openvpn started with pid 1458
Mar 02 22:09:10 keineeile NetworkManager[420]: <info> VPN connection 'IPVanish - DE, Dresden' (Connect) reply received.
Mar 02 22:09:10 keineeile nm-openvpn[1458]: OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 2 2014
Mar 02 22:09:10 keineeile nm-openvpn[1458]: library versions: OpenSSL 1.0.2 22 Jan 2015, LZO 2.09
Mar 02 22:09:10 keineeile nm-openvpn[1458]: WARNING: No server certificate verification method has been enabled. See [url]http://openvpn.net/howto.html#mitm[/url] for more info.
Mar 02 22:09:10 keineeile nm-openvpn[1458]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 02 22:09:10 keineeile nm-openvpn[1458]: Attempting to establish TCP connection with [AF_INET]5.9.50.241:443 [nonblock]
Mar 02 22:09:11 keineeile nm-openvpn[1458]: TCP connection established with [AF_INET]5.9.50.241:443
Mar 02 22:09:11 keineeile nm-openvpn[1458]: TCPv4_CLIENT link local: [undef]
Mar 02 22:09:11 keineeile nm-openvpn[1458]: TCPv4_CLIENT link remote: [AF_INET]5.9.50.241:443
Mar 02 22:09:15 keineeile nm-openvpn[1458]: [drs-c01.ipvanish.com] Peer Connection Initiated with [AF_INET]5.9.50.241:443
Mar 02 22:09:17 keineeile nm-openvpn[1458]: TUN/TAP device tun0 opened
Mar 02 22:09:17 keineeile nm-openvpn[1458]: /usr/lib/networkmanager/nm-openvpn-service-openvpn-helper --tun -- tun0 1500 1572 172.20.25.230 255.255.252.0 init
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> (tun0): carrier is OFF
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> (tun0): new Tun device (driver: 'unknown' ifindex: 4)
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> (tun0): exported as /org/freedesktop/NetworkManager/Devices/3
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> VPN connection 'IPVanish - DE, Dresden' (IP Config Get) reply received.
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> VPN connection 'IPVanish - DE, Dresden' (IP4 Config Get) reply received.
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> VPN Gateway: 5.9.50.241
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> Tunnel Device: tun0
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> IPv4 configuration:
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> Internal Gateway: 172.20.24.1
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> Internal Address: 172.20.25.230
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> Internal Prefix: 22
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> Internal Point-to-Point Address: 0.0.0.0
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> Maximum Segment Size (MSS): 0
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> Forbid Default Route: yes
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> Internal DNS: 198.18.0.1
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> Internal DNS: 198.18.0.2
Mar 02 22:09:17 keineeile nm-openvpn[1458]: Initialization Sequence Completed
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> DNS Domain: '(none)'
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> No IPv6 configuration
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> (tun0): link connected
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> VPN connection 'IPVanish - DE, Dresden' (IP Config Get) complete.
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> VPN plugin state changed: started (4)
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> (tun0): device state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> (tun0): device state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> (tun0): Activation: starting connection 'tun0'
Mar 02 22:09:17 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 1 of 5 (Device Prepare) scheduled...
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> Writing DNS information to /usr/bin/resolvconf
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 1 of 5 (Device Prepare) started...
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 2 of 5 (Device Configure) scheduled...
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 1 of 5 (Device Prepare) complete.
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 2 of 5 (Device Configure) starting...
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): device state change: prepare -> config (reason 'none') [40 50 0]
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 2 of 5 (Device Configure) successful.
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 3 of 5 (IP Configure Start) scheduled.
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 2 of 5 (Device Configure) complete.
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 3 of 5 (IP Configure Start) started...
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): device state change: config -> ip-config (reason 'none') [50 70 0]
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 5 of 5 (IPv4 Configure Commit) scheduled...
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 3 of 5 (IP Configure Start) complete.
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 5 of 5 (IPv4 Commit) started...
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): Activation: Stage 5 of 5 (IPv4 Commit) complete.
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
Mar 02 22:09:18 keineeile NetworkManager[420]: <info> (tun0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Mar 02 22:09:19 keineeile NetworkManager[420]: <info> (tun0): Activation: successful, device activated.
My system:
$ uname -a
Linux keineeile 3.18.6-1-ARCH #1 SMP PREEMPT Sat Feb 7 08:44:05 CET 2015 x86_64 GNU/Linux
I'd be thankful for any hint or tip!
Edit:
Okay, I figure out a way to use VPN:
NetworkManager somehow appears to have some problems with OpenVPN. I tried to set up a connection using PPTP (both are offered by the provider), and it works right away without doing any additional work.
It's not really a solution to the above problems, but it solves the issue for me...
Last edited by keineeile (2015-03-04 18:10:30)Try going to www.whatismyip.com whilst it works, then double check when it doesn't. Router might be having its 'heartbeat' and changing IP's. Going to a static might work, or using something like dyndns.
Also, find out whay port your VPN uses then to to www.canyouseeme.org to check you can be seen from the outside world, if not, then could be port forwarding issue.
Both of these are kind of unlikely seeing as it is a daily thing that happens at the same time, however they would be worth checking just to make sure.
Just my two cents -
Can I enable "Use default gateway on remote network" on VPN connection using Group Policy?
Hi,
First timer here so please bear with me!
Environment: Domain Windows 2003, Clients: Windows 7 and Windows XP (with Client Side Extensions pushed out)
When creating a VPN connection on a client machine manually with default settings the "Use default gateway on remote network" found in [Connection Properties - Networking - IPv4 - Advanced] is enabled, which is good as we don't allow split-tunneling.
I have a test GPO that creates a new VPN Connection [Computer Config - Preferences - Control Panel - Network Options], but the above setting is unticked.
Am I missing something on the options for the GP preference to set this automtically?
I can write a script to directly change the C:\Users\All Users\Microsoft\Network\Connections\Pbk\rasphone.pbk file but would prefer if I could sort it all out using Group Policy.
Any help would be greatly appreciated!
Thanks a lot!
DavidShane,
There is actually a way to set the "Use default gateway on remote network" through Group Policy Preferences. And this may even be a better way to do it, because you may change this flag without touching any other settings, or other VPN connections.
(All VPN connections are stored in the same .pbk file.)
Here's the trick: Opening the .pbk file in notepad, I realized that this is actually an oldstyle ini-structured file. And Group Policy Preferences can update ini files! In the .pbk file the section names are the VPN connections names, like [My VPN],
and the property IpPrioritizeRemote is the flag "Use default gateway on remote network".
So, in Group Policy Management Editor, go to Preferences / Windows Settings / Ini Files.
Create a new object with Action = Update, and File Path =
C:\ProgramData\Microsoft\Network\Connections\pbk\rasphone.pbk
(If this is where your file is located, I guess it is in c:\users if the VPN connection is made for a single user.)
Section Name should be the display name of your VPN connection, without the brackets.
Property Name = IpPrioritizeRemote
Property Value = 1
Peter, www.skov.com, Denmark
Peter :-)
This is great, but just one question. I also want to append a list of DNS Sufixes in order (when viewing a VPN properties, this is buried in
"Networking --> IPv4/6 --> Advanced --> DNS --> Append these DNS Suffixes (in order)". However, for the VPNs I have manually created with this list populated, I can't see any entries in the rasphone.pbk. Does anyone know
where these are stored?
Cheers.
Maybe you are looking for
-
Is there any stadard patterns for achnowledging the client from the MDB regarding the success of a method call. I can make the client to listen on a particular Queue/Topic and MDB can send the status to this configured Queue or Topic. Is there any ot
-
How to parse xml using DocumentBuilder ?
I am trying to parse this xml snippet: <root> <data a="0.0" b="1.0"/> <data a="0.1" b="2.0"/> <data a="0.2" b="3.0"/> <data a="0.3" b="4.0"/> <data a="0.4" b="5.0"/> <data a="0.5" b="6.0"/> </root> using the following: String test = getDummyXmlSn
-
VBScript not working in OBI11g iBots in Win 2008 Server r2 - 64bits
Hi, we are facing issues whilw running vbscript from OBI11g 64 bit (11.1.1.5.0 (Build 110427.0752 64-bit) in Win2008 64bit server. its running fine in win2003 32bit Server. The VBScript works as follows... 1. Connects to Oracle DB (Oracle 11g 64 bit
-
Hi, Our requirement for refund process is such that when a customer ask for refund first we have to check whether customer is move-in or non move-in. We take 1000 Rs. deposit at the time of new registration and 4000 after move-in Now in both cases th
-
Table class to container mapping in INIT_CNTRANS phase
Hi , I have run into the same situation. What is the process to change the to the tables/indexes mentioned in the sccreen? Which tcode to use? Below is what i got on my EHPI screen? INFO: An inconsistency has been detected in your system: Release '7