L2TP - PPP IPCP failure
Hi
I am in the process of building a broadband solution where the telco owns the LAC/LTS infrastrucutre and I own the LNS. The sites are using ADSLoPSTN and run PPPoA to a dialer i/face. The LNS is a 7201 running 12.4-15.T6, the remote is 12.4-17b AdvIPServices
I have an issue where the remote site is not entering the ip address of the LNS into its routing table as a host route, nor does it appear in show users.
The IP Address at the site is being delivered successfully by radius and everything works, but I need the host route for other reasons.
EDIT: RESOLVED
An erronous line of code had been entered at the remote site router config templates:
ip address-pool local
This breaks IPCP - not terminally but just enough to prevent the host route being installed.
My first suggestion is to switch from Kerberos to MS-CHAPv2 and try again.
Personally, I have not been able to get Kerberos authentication to work reliably, and in fact, right now I seem to not be able to set it any longer (thanks, now I have something to fix )
Let us know if that 'fixed' it or post the log once that is done and we will continue along.
Peter
Similar Messages
-
VPN Settings Server Admin L2TP PPP Authentication Kereberos option dimmed?
Hi. I set up my 10.4 server as an open directory master. Kerberos works on the LAN for single signon.
I am trying to configure VPN service now. When I go to the "Settings" section of VPN in Server Admin, under L2TP, "PPP Authentication", MS-CHAPv2 is selectable but "Kerberos" is dimmed, i.e. I can't select it. What do I need to do to be able to used Kerberos here?
Thanks,Thanks BrianFL. This helps hugely. Yes, I just to set up a simple filesharing VPN not the kind of VPN that bypass Internet censorship. I use ethernet connection directly from my router yes.
1. I just need to use the server app to set up a VPN and port forwarding. That is it?
2. The setting I have made according to the guide with Server Admin Tools seems never going away, even after I deleted the server that has all the settings inside Server Admin Tools. Upon creating a new server inside Server Admin Tools, the new server inherits all the settings from the one I just deleted. Any idea how I can restore to Server Admin Tools's defaults settings?
3. Even VNC (I use RealVNC) on the mini stopped working after I made changes according to the guide and deleted all the changes I can find. What is the address format for lion's build in VNC (192.168.0.100:5800?) like? I forgot how it is.
Thanks so much! -
L2TP / PPP & peer refused to authenticate
Hi
Having some trouble with a basic L2TP VPN setup in Xserve 10.6.1 (kerberos auth). From what I've read in the meantime, it seems to indicate that OSX Server is asking for client authentication, that isn't given by the device? (using iPhone 3.0.1 and OSX 10.6.1 client to test). Do I have to turn off client auth somehow? Any suggestions appreciated!
Using Kerberos with a shared secret (no certificate).
fullstatus from the vpn setup is below:
vpn:servicePortsAreRestricted = "NO"
vpn:readWriteSettingsVersion = 1
vpn:servers:com.apple.ppp.pptp:AuthenticationProtocol = "MSCHAP2"
vpn:servers:com.apple.ppp.pptp:CurrentConnections = 0
vpn:servers:com.apple.ppp.pptp:enabled = no
vpn:servers:com.apple.ppp.pptp:MPPEKeySize = "MPPEKeySize128"
vpn:servers:com.apple.ppp.pptp:Type = "PPP"
vpn:servers:com.apple.ppp.pptp:SubType = "PPTP"
vpn:servers:com.apple.ppp.pptp:AuthenticatorPlugins = "DSAuth"
vpn:servers:com.apple.ppp.l2tp:AuthenticationProtocol = "EAP"
vpn:servers:com.apple.ppp.l2tp:CurrentConnections = 0
vpn:servers:com.apple.ppp.l2tp:enabled = yes
vpn:servers:com.apple.ppp.l2tp:startedTime = "2009-10-07 12:41:51 +1000"
vpn:servers:com.apple.ppp.l2tp:Type = "PPP"
vpn:servers:com.apple.ppp.l2tp:SubType = "L2TP"
vpn:servers:com.apple.ppp.l2tp:AuthenticatorPlugins = "DSAuth"
vpn:servers:com.apple.ppp.l2tp:pid = 7459
vpn:servicePortsRestrictionInfo = emptyarray
vpn:health = emptydictionary
vpn:logPaths:com.apple.ppp.pptp_ServerLog = "/var/log/ppp/vpnd.log"
vpn:logPaths:com.apple.ppp.pptp_PPPLog = "/var/log/ppp/vpnd.log"
vpn:logPaths:vpnLog = "/var/log/ppp/vpnd.log"
vpn:configured = yes
vpn:state = "RUNNING"
vpn:setStateVersion = 1
Full server log output for a connection attempt below:
2009-10-07 12:59:55 EST Incoming call... Address given to client = 10.10.5.205
Wed Oct 7 12:59:55 2009 : Directory Services Authentication plugin initialized
Wed Oct 7 12:59:55 2009 : Directory Services Authorization plugin initialized
Wed Oct 7 12:59:55 2009 : L2TP incoming call in progress from '10.10.5.118'...
Wed Oct 7 12:59:55 2009 : L2TP received SCCRQ
Wed Oct 7 12:59:55 2009 : L2TP sent SCCRP
Wed Oct 7 12:59:55 2009 : L2TP received SCCCN
Wed Oct 7 12:59:55 2009 : L2TP received ICRQ
Wed Oct 7 12:59:55 2009 : L2TP sent ICRP
Wed Oct 7 12:59:55 2009 : L2TP received ICCN
Wed Oct 7 12:59:55 2009 : L2TP connection established.
Wed Oct 7 12:59:56 2009 : using link 0
Wed Oct 7 12:59:56 2009 : Using interface ppp0
Wed Oct 7 12:59:56 2009 : Connect: ppp0 <--> socket[34:18]
Wed Oct 7 12:59:56 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0x1e583301> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x2d2bf884> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : lcp_reqci: returning CONFACK.
Wed Oct 7 12:59:56 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x2d2bf884> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : rcvd [LCP ConfNak id=0x1 <auth chap MS-v2>]
Wed Oct 7 12:59:56 2009 : sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x1e583301> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x1e583301> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : sent [LCP EchoReq id=0x0 magic=0x1e583301]
Wed Oct 7 12:59:56 2009 : peer refused to authenticate: terminating link
Wed Oct 7 12:59:56 2009 : sent [LCP TermReq id=0x3 "peer refused to authenticate"]
Wed Oct 7 12:59:56 2009 : Connection terminated.
Wed Oct 7 12:59:56 2009 : L2TP disconnecting...
Wed Oct 7 12:59:56 2009 : L2TP sent CDN
Wed Oct 7 12:59:56 2009 : L2TP sent StopCCN
Wed Oct 7 12:59:56 2009 : L2TP disconnected
2009-10-07 12:59:56 EST --> Client with address = 10.10.5.205 has hungup
Message was edited by: skermajoMy first suggestion is to switch from Kerberos to MS-CHAPv2 and try again.
Personally, I have not been able to get Kerberos authentication to work reliably, and in fact, right now I seem to not be able to set it any longer (thanks, now I have something to fix )
Let us know if that 'fixed' it or post the log once that is done and we will continue along.
Peter -
Solved: 'ppp' Dependency Failure
Hi,
When I tried updating 'pacman -Syu' today, a dependency failed involving 'archboot ppp rp-pppoe'. I removed the packages related to the issue before I updated, but when I tried to re-install:
> pacman -Rc rp-pppoe ppp
> pacman -Syu
> pacman -S archboot
resolving dependencies...
warning: cannot resolve "ppp=2.4.6", a dependency of "rp-pppoe"
warning: cannot resolve "rp-pppoe>=3.10-7", a dependency of "archboot"
:: The following package cannot be upgraded due to unresolvable dependencies:
archboot
:: Do you want to skip the above package for this upgrade? [y/N] n
error: failed to prepare transaction (unexpected error)
> pacman -Ss ppp
core/ppp 2.4.7-1
extra/rp-pppoe 3.11-5
Before the update, I had installed:
ppp 2.4.6-2
rp-pppoe 3.11-5
Is ppp=2.4.6 indeed a dependency of 'rp-pppoe', or can it be a higher version? The page for rp-pppoe says ppp=2.4.7 as a dependency, which is different than what pacman says. Why not use >=?
Could anyone provide any feedback or maybe a solution?
Using x64.
Thank you.
Last edited by AGT (2014-09-03 23:25:12)I agree: in this case, yes; rp-pppoe does not accept any other version than one, but why was that done in the first place? Was that intentional?
Or, I'm thinking, an update to rp-pppoe, with the current base version, could be released, in the meanwhile, to accept other versions of ppp, as well.
Oops: I just noticed that thea also posted on this topic before me.
Last edited by AGT (2014-09-03 17:46:43) -
L2TP/PPP Traffic Generator
I need to generate 2000+ L2TP Sessions to a Cisco Router for testing purpose. Does anybody have any ideas of what product can be used to gererate this traffic.
I have used iPerf for similar type testing:
http://sourceforge.net/projects/iperf/ -
Troubleshooting high cpu on ciso 7200 for ADSL L2tp
hi all ,
i have cisco 7200 as LNS router for ADSL.
now there is cpu 10 % differ between hardware & software !!
in rush hour the differ is 20 % and cpu is 95 % !!!!
here i want to ask ,
does a high value if (IP INPUT)
i have the cpu as :
Bras2#sh processes cpu sorted
CPU utilization for five seconds: 46%/36%; one minute: 48%; five minutes: 47%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
87 17598348 81792634 215 3.75% 3.82% 3.85% 0 IP Input
122 6780696 68885502 98 1.43% 1.49% 1.51% 0 L2X Data Daemon
267 652328 3839852 169 0.87% 0.83% 0.80% 0 PPP Events
261 837328 436010 1920 0.55% 0.44% 0.35% 0 L2TP mgmt daemon
275 1665220 1634254 1018 0.55% 0.57% 0.55% 0 SNMP ENGINE
262 574524 378112 1519 0.39% 0.29% 0.24% 0 L2TUN Applicatio
52 1019288 22961 44392 0.39% 0.39% 0.39% 0 Compute load avg
112 951036 174201 5459 0.31% 0.31% 0.31% 0 CEF: IPv4 proces
142 59512 26465240 2 0.15% 0.19% 0.18% 0 HQF Shaper Backg
256 89812 1276789 70 0.15% 0.15% 0.15% 0 IPHC Admin
102 182336 433843 420 0.15% 0.10% 0.08% 0 SSM connection m
97 150508 128933 1167 0.15% 0.09% 0.08% 0 SSS Manager
258 486356 1268702 383 0.15% 0.18% 0.16% 0 RADIUS
78 83244 300654 276 0.15% 0.15% 0.14% 0 ACCT Periodic Pr
56 225176 23195 9707 0.15% 0.08% 0.05% 0 HC Counter Timer
273 623508 3248144 191 0.15% 0.20% 0.21% 0 IP SNMP
16 780412 2008294 388 0.07% 0.55% 0.46% 0 EnvMon
291 176 380 463 0.07% 0.01% 0.00% 2 SSH Process
289 3296 447173 7 0.07% 0.00% 0.00% 0 MLD
20 992 117612 8 0.07% 0.00% 0.00% 0 ARP Background
80 41692 18825 2214 0.07% 0.02% 0.00% 0 CDP Protocol
266 30024 3564894 8 0.07% 0.05% 0.07% 0 PPP manager
274 323728 1633937 198 0.07% 0.11% 0.13% 0 PDU DISPATCHER
139 35600 64784 549 0.07% 0.01% 0.00% 0 PPP Bind
25 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
26 636 16121 39 0.00% 0.00% 0.00% 0 DDR Timers
24 0 8 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
28 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
29 0 1 0 0.00% 0.00% 0.00% 0 RO Notify Timers
27 0 5 0 0.00% 0.00% 0.00% 0 Entity MIB API
30 0 1 0 0.00% 0.00% 0.00% 0 RMI RM Notify Wa
32 0 2 0 0.00% 0.00% 0.00% 0 SMART
33 576 112990 5 0.00% 0.00% 0.00% 0 GraphIt
34 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
35 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
36 0 2 0 0.00% 0.00% 0.00% 0 XML Proxy Client
31 12 220 54 0.00% 0.00% 0.00% 0 EEM ED Syslog
23 166932 860 194106 0.00% 0.02% 0.01% 0 AAA high-capacit
39 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
40 33388 90640 368 0.00% 0.05% 0.01% 0 Net Background
41 0 4 0 0.00% 0.00% 0.00% 0 IDB Work
42 16 412 38 0.00% 0.00% 0.00% 0 Logger
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
43 852 112782 7 0.00% 0.00% 0.00% 0 TTY Background
44 2484 112998 21 0.00% 0.00% 0.00% 0 Per-Second Jobs
45 8444 30499 276 0.00% 0.00% 0.00% 0 IF-MGR control p
46 612 33340 18 0.00% 0.00% 0.00% 0 IF-MGR event pro
47 0 1 0 0.00% 0.00% 0.00% 0 Inode Table Dest
48 0 1 0 0.00% 0.00% 0.00% 0 IKE HA Mgr
49 0 1 0 0.00% 0.00% 0.00% 0 IPSEC HA Mgr
50 0 4 0 0.00% 0.00% 0.00% 0 rf task
37 0 2 0 0.00% 0.00% 0.00% 0 VSA background
38 0 1 0 0.00% 0.00% 0.00% 0 VSA Cleanup Proc
22 0 1 0 0.00% 0.00% 0.00% 0 CEF MIB API
54 0 1 0 0.00% 0.00% 0.00% 0 Token Daemon
55 8 1553 5 0.00% 0.00% 0.00% 0 Transport Port A
17 0 1 0 0.00% 0.00% 0.00% 0 OIR Handler
57 0 1 0 0.00% 0.00% 0.00% 0 Coproc Event Pro
58 0 1 0 0.00% 0.00% 0.00% 0 POS APS Event Pr
59 0 1 0 0.00% 0.00% 0.00% 0 SONET alarm time
60 0 1 0 0.00% 0.00% 0.00% 0 CSP Timer
61 204 4 51000 0.00% 0.00% 0.00% 0 USB Startup
62 0 2 0 0.00% 0.00% 0.00% 0 FPD Management P
63 0 1 0 0.00% 0.00% 0.00% 0 FPD Action Proce
64 0 2 0 0.00% 0.00% 0.00% 0 VNM DSPRM MAIN
65 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_DELA
66 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_SCTP
67 312 112992 2 0.00% 0.00% 0.00% 0 ISA Common Helpe
68 0 2 0 0.00% 0.00% 0.00% 0 Flash MIB Update
69 0 137 0 0.00% 0.00% 0.00% 0 Flash Card Oir
70 0 1 0 0.00% 0.00% 0.00% 0 CES Line Conditi
71 0 1 0 0.00% 0.00% 0.00% 0 CF_INTERDEV_SCTP
72 608 13885 43 0.00% 0.00% 0.00% 0 Collection proce
73 0 2 0 0.00% 0.00% 0.00% 0 Ethernet CFM
74 420 110120 3 0.00% 0.00% 0.00% 0 Ethernet Timer C
75 0 1 0 0.00% 0.00% 0.00% 0 delayed evt hand
76 14204 76635 185 0.00% 0.01% 0.00% 0 AAA Server
77 152732 330843 461 0.00% 0.07% 0.07% 0 AAA ACCT Proc
15 0 1 0 0.00% 0.00% 0.00% 0 IPC BackPressure
79 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
51 1360 34703 39 0.00% 0.00% 0.00% 0 Net Input
18 0 1 0 0.00% 0.00% 0.00% 0 Crash writer
82 0 2 0 0.00% 0.00% 0.00% 0 Ethernet LMI
53 27432 2073 13232 0.00% 0.01% 0.00% 0 Per-minute Jobs
21 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
85 4 14 285 0.00% 0.00% 0.00% 0 IP ARP Adjacency
86 0 1 0 0.00% 0.00% 0.00% 0 IP ARP Retry Age
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
14 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager
88 340 22531 15 0.00% 0.00% 0.00% 0 ICMP event handl
89 0 5 0 0.00% 0.00% 0.00% 0 TurboACL
90 0 2 0 0.00% 0.00% 0.00% 0 TurboACL chunk
91 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Echo event
92 52 191 272 0.00% 0.00% 0.00% 0 MOP Protocols
93 0 1 0 0.00% 0.00% 0.00% 0 LSP Tunnel FRR
94 0 1 0 0.00% 0.00% 0.00% 0 MPLS Auto-Tunnel
95 7280 94698 76 0.00% 0.00% 0.00% 0 PPP Hooks
96 3312 186 17806 0.00% 0.21% 0.05% 0 AAA aux
13 300 110122 2 0.00% 0.00% 0.00% 0 IPC Deferred Por
98 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Mana
99 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Time
100 0 2 0 0.00% 0.00% 0.00% 0 Spanning Tree
101 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
12 420 110123 3 0.00% 0.00% 0.00% 0 IPC Periodic Tim
103 0 1 0 0.00% 0.00% 0.00% 0 AC Switch
104 4 377 10 0.00% 0.00% 0.00% 0 Authentication P
105 0 1 0 0.00% 0.00% 0.00% 0 Auth-proxy AAA B
106 0 2 0 0.00% 0.00% 0.00% 0 EAPoUDP Process
107 0 2 0 0.00% 0.00% 0.00% 0 IP Host Track Pr
108 0 2 0 0.00% 0.00% 0.00% 0 KRB5 AAA
109 10700 103089 103 0.00% 0.00% 0.00% 0 IP Background
110 20472 32419 631 0.00% 0.01% 0.00% 0 IP RIB Update
111 28 2276 12 0.00% 0.00% 0.00% 0 CEF background p
11 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager
113 2984 18512 161 0.00% 0.00% 0.00% 0 ADJ background
114 38364 30893 1241 0.00% 0.02% 0.00% 0 PPP IP Route
115 16196 84753 191 0.00% 0.00% 0.00% 0 PPP IPCP
116 0 1 0 0.00% 0.00% 0.00% 0 IP Traceroute
117 296 3464 85 0.00% 0.00% 0.00% 0 TCP Timer
118 252 1714 147 0.00% 0.00% 0.00% 0 TCP Protocols
119 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
120 0 377 0 0.00% 0.00% 0.00% 0 HTTP CORE
121 0 2 0 0.00% 0.00% 0.00% 0 RLM groups Proce
10 0 1884 0 0.00% 0.00% 0.00% 0 IPC Dynamic Cach
123 0 1 0 0.00% 0.00% 0.00% 0 ac_atm_state_eve
124 0 2 0 0.00% 0.00% 0.00% 0 SNMP Timers
125 876 112720 7 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc
126 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers
127 416 112720 3 0.00% 0.00% 0.00% 0 bsm_xmt_proc
128 0 1 0 0.00% 0.00% 0.00% 0 COPS
129 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
130 0 3 0 0.00% 0.00% 0.00% 0 Flow Exporter Ti
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
131 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM Input
132 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM TIMER
133 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
134 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Inspect Tim
135 0 1 0 0.00% 0.00% 0.00% 0 LAPB Process
136 0 2 0 0.00% 0.00% 0.00% 0 LFDp Input Proc
137 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
9 0 2 0 0.00% 0.00% 0.00% 0 ATM VC Auto Crea
81 0 2 0 0.00% 0.00% 0.00% 0 Ethernet OAM Pro
140 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
141 0 1 0 0.00% 0.00% 0.00% 0 MQC Flow Event B
83 0 2 0 0.00% 0.00% 0.00% 0 CEF switching ba
143 4904 1113579 4 0.00% 0.00% 0.00% 0 RBSCP Background
144 0 2 0 0.00% 0.00% 0.00% 0 SCTP Main Proces
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
84 4388 11191 392 0.00% 0.00% 0.00% 0 ADJ resolve proc
8 0 2 0 0.00% 0.00% 0.00% 0 ATM AutoVC Perio
148 0 1 0 0.00% 0.00% 0.00% 0 IPS Process
149 0 2 0 0.00% 0.00% 0.00% 0 IPS Auto Update
150 0 2 0 0.00% 0.00% 0.00% 0 SDEE Management
151 620 219806 2 0.00% 0.00% 0.00% 0 Inspect process
152 0 1 0 0.00% 0.00% 0.00% 0 xcpa-driver
153 60 9030 6 0.00% 0.00% 0.00% 0 FW DP Inspect pr
154 640 219803 2 0.00% 0.00% 0.00% 0 CCE DP URLF cach
155 0 2 0 0.00% 0.00% 0.00% 0 URL filter proc
156 0 1 0 0.00% 0.00% 0.00% 0 XSM_EVENT_ENGINE
157 284 11275 25 0.00% 0.00% 0.00% 0 XSM_ENQUEUER
158 196 11275 17 0.00% 0.00% 0.00% 0 XSM Historian
159 0 1 0 0.00% 0.00% 0.00% 0 Select Timers
160 0 2 0 0.00% 0.00% 0.00% 0 HTTP Process
161 0 2 0 0.00% 0.00% 0.00% 0 CIFS API Process
162 0 2 0 0.00% 0.00% 0.00% 0 CIFS Proxy Proce
163 0 1 0 0.00% 0.00% 0.00% 0 Crypto HW Proc
164 24 7532 3 0.00% 0.00% 0.00% 0 ACE policy loade
165 60 4521 13 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_
166 0 2 0 0.00% 0.00% 0.00% 0 cpf_process_msg_
167 0 2 0 0.00% 0.00% 0.00% 0 AAA Cached Serve
168 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
169 0 1 0 0.00% 0.00% 0.00% 0 EM Background Pr
170 0 1 0 0.00% 0.00% 0.00% 0 Key chain liveke
171 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
172 28872 54359 531 0.00% 0.00% 0.00% 0 LOCAL AAA
173 0 6 0 0.00% 0.00% 0.00% 0 MPLS Auto Mesh P
174 0 2 0 0.00% 0.00% 0.00% 0 TPLUS
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
175 0 2 0 0.00% 0.00% 0.00% 0 VSP_MGR
176 0 1 0 0.00% 0.00% 0.00% 0 FW_TEST_TRP
177 0 1 0 0.00% 0.00% 0.00% 0 EPM MAIN PROCESS
178 4 3 1333 0.00% 0.00% 0.00% 0 Crypto WUI
179 0 2 0 0.00% 0.00% 0.00% 0 Crypto Support
180 0 1 0 0.00% 0.00% 0.00% 0 IPSECv6 PS Proc
181 4 1 4000 0.00% 0.00% 0.00% 0 CCVPM_HTSP
182 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_R2
183 0 1 0 0.00% 0.00% 0.00% 0 EPHONE MWI Refre
184 0 126 0 0.00% 0.00% 0.00% 0 FB/KS Log HouseK
185 0 2 0 0.00% 0.00% 0.00% 0 EPHONE MWI BG Pr
186 0 1 0 0.00% 0.00% 0.00% 0 Skinny HW confer
187 0 1 0 0.00% 0.00% 0.00% 0 CCSWVOICE
188 0 1 0 0.00% 0.00% 0.00% 0 cpf_process_tpQ
189 0 1 0 0.00% 0.00% 0.00% 0 http client proc
190 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
191 0 1 0 0.00% 0.00% 0.00% 0 QOS_MODULE_MAIN
192 0 1 0 0.00% 0.00% 0.00% 0 RPMS_PROC_MAIN
193 0 1 0 0.00% 0.00% 0.00% 0 VoIP AAA
194 0 2 0 0.00% 0.00% 0.00% 0 Dialog Manager
195 36 9 4000 0.00% 0.00% 0.00% 0 crypto engine pr
196 0 4 0 0.00% 0.00% 0.00% 0 Crypto CA
197 0 1 0 0.00% 0.00% 0.00% 0 Crypto PKI-CRL
198 0 1 0 0.00% 0.00% 0.00% 0 encrypt proc
199 18492 1442 12823 0.00% 0.00% 0.00% 0 crypto sw pk pro
200 0 1 0 0.00% 0.00% 0.00% 0 Crypto INT
201 0 3 0 0.00% 0.00% 0.00% 0 Crypto IKE Dispa
202 0 3 0 0.00% 0.00% 0.00% 0 Crypto IKMP
203 0 1 0 0.00% 0.00% 0.00% 0 IPSEC manual key
204 56 5652 9 0.00% 0.00% 0.00% 0 IPSEC key engine
205 0 1 0 0.00% 0.00% 0.00% 0 CRYPTO QoS proce
206 4 8 500 0.00% 0.00% 0.00% 0 Crypto ACL
207 0 1 0 0.00% 0.00% 0.00% 0 Crypto PAS Proc
208 0 1 0 0.00% 0.00% 0.00% 0 GDOI GM Process
209 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY
210 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY AC
211 0 1 0 0.00% 0.00% 0.00% 0 MV64 TDR Process
212 0 1 0 0.00% 0.00% 0.00% 0 IMA Traps
213 0 1 0 0.00% 0.00% 0.00% 0 SYSMGT Events
214 0 2 0 0.00% 0.00% 0.00% 0 Control-plane ho
215 0 1 0 0.00% 0.00% 0.00% 0 DATA Transfer Pr
216 0 1 0 0.00% 0.00% 0.00% 0 DATA Collector
217 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
218 22396 77367 289 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
219 24 11298 2 0.00% 0.00% 0.00% 0 RMON Recycle Pro
220 0 2 0 0.00% 0.00% 0.00% 0 RMON Deferred Se
221 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
222 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Resource
223 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Routing
224 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Track
225 20 3531 5 0.00% 0.00% 0.00% 0 Crypto cTCP proc
226 0 1 0 0.00% 0.00% 0.00% 0 IP SLAs Ethernet
227 0 1 0 0.00% 0.00% 0.00% 0 RMON Packets
228 780 112376 6 0.00% 0.00% 0.00% 0 trunk conditioni
229 0 1 0 0.00% 0.00% 0.00% 0 trunk conditioni
230 0 157 0 0.00% 0.00% 0.00% 0 EEM Server
231 4 2 2000 0.00% 0.00% 0.00% 0 Call Home proces
232 48 213 225 0.00% 0.00% 0.00% 0 Syslog
233 0 1 0 0.00% 0.00% 0.00% 0 VPDN Test
234 0 2 0 0.00% 0.00% 0.00% 0 EEM Policy Direc
235 0 2 0 0.00% 0.00% 0.00% 0 EEM ED CLI
236 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Counter
237 0 3 0 0.00% 0.00% 0.00% 0 EM ED GOLD
238 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Interface
239 0 3 0 0.00% 0.00% 0.00% 0 EEM ED IOSWD
240 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Ipsla
241 0 3 0 0.00% 0.00% 0.00% 0 EEM ED None
242 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Nf
243 0 3 0 0.00% 0.00% 0.00% 0 EEM ED OIR
244 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RF
245 0 3 0 0.00% 0.00% 0.00% 0 EEM ED SNMP
246 0 2 0 0.00% 0.00% 0.00% 0 EEM ED SNMP Noti
247 12 2881 4 0.00% 0.00% 0.00% 0 EEM ED Timer
248 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Test
249 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Config
250 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Env
251 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RPC
252 0 1 0 0.00% 0.00% 0.00% 0 L2X Socket proce
253 0 1 0 0.00% 0.00% 0.00% 0 Key Proc
254 4 1884 2 0.00% 0.00% 0.00% 0 Call Home Timer
255 0 1 0 0.00% 0.00% 0.00% 0 tHUB
6 3008 10386 289 0.00% 0.00% 0.00% 0 Pool Manager
257 16 65 246 0.00% 0.00% 0.00% 0 SSH Event handle
5 541952 28222 19203 0.00% 0.12% 0.15% 0 Check heaps
259 0 3 0 0.00% 0.00% 0.00% 0 WCCP V2 Protocol
260 8 1887 4 0.00% 0.00% 0.00% 0 Secure Login
4 0 1 0 0.00% 0.00% 0.00% 0 EDDRI_MAIN
3 0 1 0 0.00% 0.00% 0.00% 0 chkpt message ha
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
263 11512 129066 89 0.00% 0.00% 0.00% 0 VPDN failure man
264 1044 22558 46 0.00% 0.00% 0.00% 0 Track
265 0 1 0 0.00% 0.00% 0.00% 0 IP VFR proc
19 14880 59648 249 0.00% 0.00% 0.00% 0 ARP Input
2 2376 22599 105 0.00% 0.01% 0.00% 0 Load Meter
268 316 112815 2 0.00% 0.00% 0.00% 0 Multilink PPP
269 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
270 736 219805 3 0.00% 0.00% 0.00% 0 IP NAT Ager
271 0 1 0 0.00% 0.00% 0.00% 0 IP NAT WLAN
272 620 24477 25 0.00% 0.00% 0.00% 0 IP SLAs Event Pr
138 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
147 0 1 0 0.00% 0.00% 0.00% 0 CHKPT DevTest
145 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
276 0 2 0 0.00% 0.00% 0.00% 0 IP SNMPV6
277 0 1 0 0.00% 0.00% 0.00% 0 SNMP ConfCopyPro
278 0 1 0 0.00% 0.00% 0.00% 0 SNMP Traps
279 360116 45545 7906 0.00% 0.22% 0.11% 0 VTEMPLATE Backgr
280 0 4 0 0.00% 0.00% 0.00% 0 IP-EIGRP Router
281 40020 226871 176 0.00% 0.03% 0.00% 0 IP-EIGRP: PDM
282 10660 92668 115 0.00% 0.00% 0.00% 0 IP-EIGRP: HELLO
283 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
284 20 1869 10 0.00% 0.00% 0.00% 0 DFS flush period
285 1764 61146 28 0.00% 0.00% 0.00% 0 IPv6 IDB
286 8 1870 4 0.00% 0.00% 0.00% 0 IPv6 Input
287 0 1 0 0.00% 0.00% 0.00% 0 IPv6 ND
288 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Address
1 156 2155 72 0.00% 0.00% 0.00% 0 Chunk Manager
290 0 3 0 0.00% 0.00% 0.00% 0 IPv6 RIB Event H
146 0 1 0 0.00% 0.00% 0.00% 0 CHKPT EXAMPLEIn an Adaptive Session Redundancy (ASR) environment, if you run traffic to a configuration that contains discrepancies between the redundant indexes on the two CSSs, the CPU utilization for each processor on the CSS may climb to an abnormal level (at 2000 flows/second, approximately 50 percent utilization for each processor).
If you set the logging level to notice-5 or higher, the SCM utilization may peak at approximately 90 percent because each connection generates a redundant index mismatch log entry. For example:
AUG 7 14:12:15 3/1 1124272 SLR-5: Rejected. Redundant global rule index (7) not found.
This might probably the reason for the High CPU utilization.
The CSS 11800 with CSS8-SCM Redundant System Control Module (SCM) is designated for end of sales.
The recommended replacements for the Cisco CSS 11800 include the Cisco CSS 11500 Series Content Services Switch or the Content Switching Module (CSM)an integrated services module for the Cisco Catalyst. 6500 Series Switch and the Cisco 7600 Internet Router. -
Mountain Lion VPN server "IPCP maximum config-requests exceeded" error
I have OS-X Server running on Mountain Lion 10.8.4 I had to reinstall the system due to a hard drive failure and ever since reinstalling OS-X server the VPN service has been driving me mad. Every so often without any obviosu reason the service starts failing and comes up with a "IPCP: Maximum Config-Requests exceeded" error. On the client side it looks like Connecting >> Authenticating >> "You have ben disconnected" message. It seems like this happens every time you restart the machine (so after a fresh restart I can NEVER log in at all and get this error) and switching the VPN service off and back on again in Server app gets rid of the problem every time. Then the problem comes back sometimes after a few minutes, sometimes ater a few hours or days even. I have the exact same settings as I did before where it ran without fault for months and would be back up and running after power failures and automatic restarts. I have not found one single thread anywhere where someone could explain what this is and the best solution I have seen so far was to write a script to turn the VPN server off and back on all the time. Could someone PLEASE help me here. Ay help at geting rid of this problem would b very much appreciated!
VPN not working:
vpn:vpnHost = "XX.XXX.XXX.XX"
vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains = _empty_array
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.1.254"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.pptp:enabled = yes
vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"
vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.1.240"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.1.254"
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains = _empty_array
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.1.254"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.l2tp:enabled = yes
vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>
vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.1.225"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.1.239"
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"
vpn:Servers:com.apple.ppp.l2tp:L2TP:IPSecSharedSecretValue = "xxxxxxxxxx"
VPN working:
vpn:vpnHost = "xx.xxx.xxx.xx"
vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains = _empty_array
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.1.254"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.pptp:enabled = yes
vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"
vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.1.240"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.1.254"
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains = _empty_array
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.1.254"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.l2tp:enabled = yes
vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>
vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.1.225"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.1.239"
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"
vpn:Servers:com.apple.ppp.l2tp:L2TP:IPSecSharedSecretValue = "xxxxxxxxxx" -
Native iOS L2TP VPN not working on Lion Server
Hi Folks,
I have a very strange issue concerning making VPN work on two iOS devices I have. I have recently setup Lion Server on a MacMini here in the office with L2TP VPN using a shared secrert phrase and a password authentication.
I have Lion running on an a MacBook Air (which I setup VPN using the provisioning profile "VPN.mobileprovision") and Snow Leopard running on an iMac. (VPN was set up manually). Both systems have been tested to work both inside and outsideof my internal network as I have tested with an air card.
I also have an iPhone running 4.3.4/4.3.5 that I setup by emailing the provisioning profile and and iPad 1 running iOS 5 beta 4 setup with the vpn provisioning profile. Neither the iPad nor iPhone seem to work at all either internally nor externally. In fact I never see any activity in the vpnd.log when I attempt to connect to with these devices. All I get is the standard "The L2TP-VPN server did not respond. Try reconnecting. ..."
Based on my success with the OSX Clients both inside and outside my local network I feel it is safe to say that I do not think the issue resides on the Lion Server nor the network/firewall configuration. I am running a Time Capsule with FW 7.5.2/7.4.2. There was no change in behavior with either version of the Time capsule firmware for the clients whether they were OSX or iOS. I must be clearly missing something here and I don't know what. Any help any of you could provide would be greatly appreciated. Thanks!
Please see the below settings for my VPN Settings on the host and iOS client
root# serveradmin settings vpn
vpn:vpnHost = ""
vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.pptp:enabled = no
vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"
vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.224"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.254"
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.l2tp:enabled = yes
vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>
vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.241"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.249"
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"Issue is resolved. I used the initial random generated shared secret that was generated by Lion Server. The shared secret has special characters. IOS did not like the special characters. See iPhone Console Log below:
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: Reading configuration from "/etc/racoon/racoon.conf"
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: /var/run/racoon/68.9.232.78.conf:6: "?gLA" syntax error
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: fatal parse failure (1 errors)
That is why I never saw any attempt to connect. The actual process would bomb out before attempting to make a connection to the server.
The shared secret key was:
Y|WNwvM_O"?gLA$F@adT
Looks like it was the " or the ? symbols.
Once I changed the shared secret key the issue went away and the iPhone and iPad could connect to vpn without issue.
Figured I'd let you all know -
ASR 1001 L2TP sessions // License issue?
Hello,
This is my first post, in the fisrt place, sorry for my english, is not my native language.
I have purchased a refurbished ASR 1001 without any license for using as LNS:
Cisco IOS XE Software, Version 03.12.00.S - Standard Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S, RELEASE SOFTWARE (fc2)
asr1001-universalk9.03.12.00.S.154-2.S-std.bin
The scenario is this:
LAC (from network provider) send L2TP packet sessions-> LNS (ASR 1001, assign public IP to user and close the L2TP session).
The configuration of ASR is the typical for xDSL connections.
1) The LAC send requests to LNS Loopback interface:
interface Loopbacktest1
ip address 5.6.7.8 255.255.255.255
snmp ifindex persist
2) LNS assign the loopback interface to vpdn group, that points to virtual-template:
vpdn-group VpdnG1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname Provider01
dsl-line-info-forwarding
source-ip 5.6.7.8
lcp renegotiation always
l2tp tunnel password 7 XXXXXXXX
interface Virtual-Template1
description Int-Vi1 VpdnG1
mtu 1501
ip unnumbered GigabitEthernetX/X/X
ip mtu 1460
ip tcp adjust-mss 1400
no peer default ip address
ppp max-terminate 255
ppp max-configure 255
ppp max-failure 255
ppp max-bad-auth 10
ppp authentication pap chap ppp_authent2
ppp multilink
Since here, all is OK, but the problem is that the ASR cannot reach connected users and evidently the user doesn't have internet connectivity because he cannot reach the gateway IP (ASR IP).
Interface User Mode Idle Peer Address
Vi1.1 test1 PPPoVPDN - 1.2.3.4
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
1589 3324 Provider01 est 5.6.7.8 1 VpdnG1
ASR1001#ping 1.2.3.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.2.3.4, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASR1001 in not forwardinf the traffic to end users
Exactly the same configuration works fine in 7201 cisco router.
After read some information in internet and cisco web and test several IOS images and configurations I have activated 2 of 3 (marked in bold down) possible licenses that are available to test in the router (these are available during 60 days).
SLASR1-IPB
Cisco ASR 1000 IP BASE License
SLASR1-AIS
Cisco ASR 1000 Advanced IP Services License
SLASR1-AES
Cisco ASR 1000 Advanced Enterprise Services License
***Result-> After apply Advanced IP Service or Advanced Enterprise license the ASR works perfectly, forwarding the traffic to the end users. The router can reach gateway and have internet connection.
I would like to try IP BASE License but there is no possibility to activate the test period in the router, I don't know if you knows any way to test it. This is the details that router shows about this 3 license types:
Index 1 Feature: adventerprise
Period left: 8 weeks 1 day
Period Used: 2 days 12 hours
License Type: EvalRightToUse
License State: Active, In Use
License Count: Non-Counted
License Priority: Low
Index 2 Feature: advipservices
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 3 Feature: ipbase
-->There is no more info about IP base license<---
If I use the command "license boot level" I can apply the IP base license, but after reload the router, nothing happens.
ASR1001(config)#license boot level ?
adventerprise Advanced Enterprise License Level
advipservices Advanced IP Services License Level
ipbase IP Base License Level
Then my answers are:
1) Is 100% necessary to have a license in ASR1001 to use the router as LNS as showed? Apparently after my tests I will answer "yes", but I'm not sure if my configuration is the only one that I can configure. Maybe exist another way to config the required scenario and avoid the purchase license.
2) Do you know if IP Base license will active the forwarding packet function in the ASR? I think yes, but before buy this license I need to be sure. As you know Ip Base is the most cheap license.
Thanks in advantage!
RegardsHello,
Documentation states that licensing on the ASR 1000 are now honor-based since 3.7s. I didn't test it though.
Basically, your license marked now as "EvalRTU" will be moved to an "RTU" license, indicating you would need to buy a license to keep your honor intact, but no disruption in features or connectivity will happen.
Since your test was more than 60 days ago, can you confirm this behavior with 3.12 ?
Thanks,
Kind regards,
Sources:
- All Cisco ASR 1000 feature and performance upgrade licenses are honor-based; that is, they are not enforced through a PAK (Product Activation Key). Note: Prior to Cisco IOS XE Software Release 3.7S, performance upgrade licenses that are required to upgrade the Cisco ASR 1001 from 2.5 to 5 Gbps or the Cisco ASR 1002-X from 5 to 10 to 20 to 36 Gbps are enforced through a PAK. Similarly, prior to Cisco IOS XE Software Release 3.6S, technology package licenses are enforced through a PAK. [1]
- When the 60-Day Evaluation Period expires, the license automatically changes to an RTU license. As with all other RTU licenses, there is no functionality disruption or accessibility concerns following this transition. [2]
[1] http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/guide-c07-731639.html
[2] http://www.cisco.com/c/en/us/td/docs/routers/asr1000/install/guide/1001-x/asr1hig/asr1lic.html -
Hi all,
hoping someone can shed some light on this,
i have an 887va configured to connect to my isp on my test bed. I have configured the router to connect using PPPoA as usual but i am getting LCP TERMREQ packets from my ISP in response to my CHAP responses. no other errors, just a termreq.
Strange thing is , from time to time it does connect but can take hours. I know the username and password are correct as they work straight away when i use a little netgear adsl modem i have here so clearly something else is wrong, i suspect the ISP end but thought i would check here first.
I am not getting any clue as to the reason why im getting termreq back from the ISP , sh ppp stats shows the disconnect reasons as entirely due to '17 received LCP TERMREQ from peer'. Its almost like it doesnt understand my response rather than it being incorrect. i wondered if the secret is being hashed correctly but i cant think of a reason why it wouldnt be I have a crypto map confiured buy not applied as yet..
here is the debug output for the failed session (debug ppp auth, neg and errors)
*Jul 2 06:50:59.837: PPP: Alloc Context [86E2C804]
*Jul 2 06:50:59.837: ppp975 PPP: Phase is ESTABLISHING
*Jul 2 06:50:59.837: Vi2 PPP: Using dialer call direction
*Jul 2 06:50:59.837: Vi2 PPP: Treating connection as a callout
*Jul 2 06:50:59.837: Vi2 PPP: Session handle[F3000030] Session id[975]
*Jul 2 06:50:59.837: Vi2 LCP: Event[OPEN] State[Initial to Starting]
*Jul 2 06:50:59.837: Vi2 PPP: No remote authentication for call-out
*Jul 2 06:50:59.837: Vi2 LCP: O CONFREQ [Starting] id 1 len 10
*Jul 2 06:50:59.837: Vi2 LCP: MagicNumber 0x14194245 (0x050614194245)
*Jul 2 06:50:59.837: Vi2 LCP: Event[UP] State[Starting to REQsent]
*Jul 2 06:51:00.089: Vi2 LCP: I CONFREQ [REQsent] id 103 len 19
*Jul 2 06:51:00.089: Vi2 LCP: MRU 1500 (0x010405DC)
*Jul 2 06:51:00.089: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Jul 2 06:51:00.089: Vi2 LCP: MagicNumber 0x23918A01 (0x050623918A01)
*Jul 2 06:51:00.089: Vi2 LCP: O CONFACK [REQsent] id 103 len 19
*Jul 2 06:51:00.089: Vi2 LCP: MRU 1500 (0x010405DC)
*Jul 2 06:51:00.089: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Jul 2 06:51:00.089: Vi2 LCP: MagicNumber 0x23918A01 (0x050623918A01)
*Jul 2 06:51:00.089: Vi2 LCP: Event[Receive ConfReq+] State[REQsent to ACKsent]
*Jul 2 06:51:00.093: Vi2 LCP: I CONFACK [ACKsent] id 1 len 10
*Jul 2 06:51:00.093: Vi2 LCP: MagicNumber 0x14194245 (0x050614194245)
*Jul 2 06:51:00.093: Vi2 LCP: Event[Receive ConfAck] State[ACKsent to Open]
*Jul 2 06:51:00.097: Vi2 PPP: Queue CHAP code[1] id[1]
*Jul 2 06:51:00.117: Vi2 PPP: No authorization without authentication
*Jul 2 06:51:00.117: Vi2 PPP: Phase is AUTHENTICATING, by the peer
*Jul 2 06:51:00.117: Vi2 CHAP: Redirect packet to Vi2
*Jul 2 06:51:00.117: Vi2 CHAP: I CHALLENGE id 1 len 35 from "bras-xxxxx"
*Jul 2 06:51:00.117: Vi2 PPP: Sent CHAP SENDAUTH Request
*Jul 2 06:51:00.117: Vi2 LCP: State is Open
*Jul 2 06:51:00.117: Vi2 PPP: Received SENDAUTH Response FAIL
*Jul 2 06:51:00.117: Vi2 CHAP: Using hostname from interface CHAP
*Jul 2 06:51:00.117: Vi2 CHAP: Using password from interface CHAP
*Jul 2 06:51:00.117: Vi2 CHAP: O RESPONSE id 1 len 37 from "[email protected]"
*Jul 2 06:51:00.861: Vi2 LCP: I TERMREQ [Open] id 104 len 4
*Jul 2 06:51:00.861: Vi2 PPP DISC: Received LCP TERMREQ from peer
*Jul 2 06:51:00.861: PPP: NET STOP send to AAA.
*Jul 2 06:51:00.861: Vi2 PPP: Phase is TERMINATING
*Jul 2 06:51:00.861: Vi2 LCP: O TERMACK [Open] id 104 len 4
*Jul 2 06:51:00.861: Vi2 LCP: Event[Receive TermReq] State[Open to Stopping]
*Jul 2 06:51:02.869: Vi2 PPP: No remote authentication for call-out
*Jul 2 06:51:02.869: Vi2 LCP: Event[Timeout-] State[Stopping to Stopped]
*Jul 2 06:51:02.869: Vi2 LCP: Event[DOWN] State[Stopped to Starting]
*Jul 2 06:51:02.869: Vi2 PPP: Phase is DOWN
here are the relevant parts of the config, dialer 1 is bound to virtual-access 2
controller VDSL 0
interface Ethernet0
no ip address
shutdown
interface ATM0
description BT-Circuit-No...
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
description Connection-To-BT-number-ATM0
ip address negotiated
no ip redirects
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin optional
ppp chap hostname [email protected]
ppp chap password 0 mypassword
ppp pap sent-username [email protected] password 0 mypassword
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
dialer-list 1 protocol ip permit
ip nat inside source list PUBLIC-PAT interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
any ideas appreciated.
Cheers
ShaunIs it possible that MS-CHAP has a limit on the size of usernames and/or password!? Can't we get a better error code than "CHAP Failure id=0x6f" which doesn't seem to be documented anywhere on the Internet?
-
Only my MBP Drops L2TP VPN Connection after 60 Seconds
My Old G4 Laptop and my Dual G5 Tower both connect to my office via L2TP VPN without an issue. with the exact same settings exported over to my mac book pro, the connection drops after exactly 60 seconds. I've tried both wireless and wired connections, and in either case, the VPN drops after 60 seconds of connect time.
I checked with my VPN administrator. He upgraded the XServe to Mac OS 10.4.5, and we tried again, with the same results. He sent me the server log to post:
2006-03-14 14:39:20 PST Listening for connections...
2006-03-14 14:43:44 PST terminating on signal 15
2006-03-14 14:43:44 PST terminating on signal 15
#End-Date: 2006-03-14 14:43:44 PST
#End-Date: 2006-03-14 14:43:44 PST
#Start-Date: 2006-03-14 14:44:55 PST
#Fields: date time s-comment
#Start-Date: 2006-03-14 14:44:55 PST
#Fields: date time s-comment
2006-03-14 14:44:55 PST Loading plugin /System/Library/Extensions/L2TP.ppp
2006-03-14 14:44:55 PST Loading plugin /System/Library/Extensions/PPTP.ppp
2006-03-14 14:44:58 PST Listening for connections...
2006-03-14 14:44:58 PST Listening for connections...
2006-03-14 17:06:52 PST Incoming call... Address given to client = 172.16.6.2
Tue Mar 14 17:06:52 2006 : Directory Services Authentication plugin initialized
Tue Mar 14 17:06:52 2006 : Directory Services Authorization plugin initialized
Tue Mar 14 17:06:52 2006 : PPTP incoming call in progress from 'REDACTED'...
Tue Mar 14 17:06:52 2006 : PPTP connection established.
Tue Mar 14 17:06:52 2006 : using link 0
Tue Mar 14 17:06:52 2006 : Using interface ppp0
Tue Mar 14 17:06:52 2006 : Connect: ppp0 <--> socket[34:17]
Tue Mar 14 17:06:52 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe2f50f1d> <pcomp> <accomp>]
Tue Mar 14 17:06:52 2006 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x122fcd45> <pcomp> <accomp>]
Tue Mar 14 17:06:52 2006 : lcp_reqci: returning CONFACK.
Tue Mar 14 17:06:52 2006 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x122fcd45> <pcomp> <accomp>]
Tue Mar 14 17:06:55 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe2f50f1d> <pcomp> <accomp>]
Tue Mar 14 17:06:55 2006 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe2f50f1d> <pcomp> <accomp>]
Tue Mar 14 17:06:55 2006 : sent [LCP EchoReq id=0x0 magic=0xe2f50f1d]
Tue Mar 14 17:06:55 2006 : sent [CHAP Challenge id=0xbf <cc4af73a9d88941b39418f9c31043e6c>, name = "osxvpn.local"]
Tue Mar 14 17:06:55 2006 : rcvd [LCP EchoReq id=0x0 magic=0x122fcd45]
Tue Mar 14 17:06:55 2006 : sent [LCP EchoRep id=0x0 magic=0xe2f50f1d]
Tue Mar 14 17:06:55 2006 : rcvd [LCP EchoRep id=0x0 magic=0x122fcd45]
Tue Mar 14 17:06:55 2006 : rcvd [CHAP Response id=0xbf <REDACTED>, name = "dpisoni"]
Tue Mar 14 17:06:55 2006 : sent [CHAP Success id=0xbf "S=REDACTED M=Access granted"]
Tue Mar 14 17:06:55 2006 : DSAccessControl plugin: User 'dpisoni' authorized for access
Tue Mar 14 17:06:55 2006 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Tue Mar 14 17:06:55 2006 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Tue Mar 14 17:06:55 2006 : sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Tue Mar 14 17:06:55 2006 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Tue Mar 14 17:06:55 2006 : MPPE 128-bit stateless compression enabled
Tue Mar 14 17:06:55 2006 : sent [IPCP ConfReq id=0x1 <addr 172.16.100.51>]
Tue Mar 14 17:06:55 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:06:55 2006 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Mar 14 17:06:55 2006 : ipcp: returning Configure-NAK
Tue Mar 14 17:06:55 2006 : sent [IPCP ConfNak id=0x1 <addr 172.16.6.2> <ms-dns1 172.16.5.100> <ms-dns3 172.16.5.100>]
Tue Mar 14 17:06:55 2006 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::0216:cbff:fe89:f062>]
Tue Mar 14 17:06:55 2006 : Unsupported protocol 0x8057 received
Tue Mar 14 17:06:55 2006 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 16 cb ff fe 89 f0 62]
Tue Mar 14 17:06:55 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:06:55 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:06:55 2006 : rcvd [IPCP ConfAck id=0x1 <addr 172.16.100.51>]
Tue Mar 14 17:06:55 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:06:55 2006 : rcvd [IPCP ConfReq id=0x2 <addr 172.16.6.2> <ms-dns1 172.16.5.100> <ms-dns3 172.16.5.100>]
Tue Mar 14 17:06:55 2006 : ipcp: returning Configure-ACK
Tue Mar 14 17:06:55 2006 : sent [IPCP ConfAck id=0x2 <addr 172.16.6.2> <ms-dns1 172.16.5.100> <ms-dns3 172.16.5.100>]
Tue Mar 14 17:06:55 2006 : ipcp: up
Tue Mar 14 17:06:55 2006 : found interface en0 for proxy arp
Tue Mar 14 17:06:55 2006 : local IP address 172.16.100.51
Tue Mar 14 17:06:55 2006 : remote IP address 172.16.6.2
Tue Mar 14 17:06:58 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:06:58 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:06:58 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:06:58 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:01 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:01 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:01 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:01 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:04 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:04 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:04 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:04 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:07 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:07 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:07 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:07 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:10 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:10 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:10 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:10 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:13 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:13 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:13 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:13 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:16 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:16 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:16 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:16 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:19 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:19 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:19 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:19 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:22 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:22 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:22 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:22 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:25 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:25 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:25 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:25 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:28 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:28 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:31 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:31 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:31 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:31 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:34 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:34 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:34 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:34 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:37 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:37 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:37 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:37 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:40 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:40 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:40 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:40 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:43 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:43 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:43 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:43 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:46 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:46 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:46 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:46 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:49 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:49 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:49 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:49 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:52 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:52 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:52 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:52 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:55 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:55 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:55 2006 : rcvd [LCP TermReq id=0x2 "MPPE disabled"]
Tue Mar 14 17:07:55 2006 : LCP terminated by peer (MPPE disabled)
Tue Mar 14 17:07:55 2006 : ipcp: down
Tue Mar 14 17:07:55 2006 : sent [LCP TermAck id=0x2]
Tue Mar 14 17:07:55 2006 : rcvd [LCP TermReq id=0x3 "MPPE disabled"]
Tue Mar 14 17:07:55 2006 : sent [LCP TermAck id=0x3]
Tue Mar 14 17:07:55 2006 : Connection terminated.
Tue Mar 14 17:07:55 2006 : Connect time 1.1 minutes.
Tue Mar 14 17:07:55 2006 : Sent 0 bytes, received 8176 bytes.
Tue Mar 14 17:07:55 2006 : PPTP disconnecting...
Tue Mar 14 17:07:55 2006 : PPTP disconnected
2006-03-14 17:07:55 PST --> Client with address = 172.16.6.2 has hungup -
BOnjour à vous,
Je me permet de vous demander votre aide sur la configuration de mes routeurs C887 et C888.
Voici l'architecture souhaitée :
Je souhaiterais donc monter un tunnel L2TP depuis mon routeur CISCO, jusqu'à mon LNS en passant par une connexion internet naté via mon LAN (routeur LTE).
Le problème rencontré est que je traverse deux NAT. Le premier sur mon routeur LTE et le second sur le réseau de mon opérateur (l'IP de l'itnerface pstn de mon routeur 4G est une IP privé).
Mon routeur Cisco 887VA-W est connecté à mon router LTE via une interface LAN.
D'après mes recherches j'ai le choix entre plusieurs solutions, dont VPDN :
CISCO
service internal
vpdn enable
vpdn-group L2TP
request-dialin
protocol l2tp
pool-member 1
initiate-to ip "IP_LNS"
no l2tp tunnel authentication
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer vpdn
dialer-group 1
no cdp enable
ppp authentication ms-chap callin
ppp chap hostname CTCQUATRE
ppp chap password 0 ***********
ip route "IP_LNS" 255.255.255.255 FastEthernet0
ip route 0.0.0.0 0.0.0.0 Dialer1
Avec cette solution, le tunnel ne tente pas de s'initialiser. Je n'ai aucun résultat dans mes debugs.
Je vous metterai ce soir la configuration que j'ai effectué avec un pseudowire.
Merci pour votre lecture.
Cordialement,
BenoîtBonjour à vous,
J'ai trouvé la solution à ce problème.
En faite la technologie VPDN n'est pas approprié, elle permet de configurer un routeur en tant que LAC L2TP.
J'ai opté pour la solution pseudowire L2TPv2.
Voici la configuration fonctionnelle :
CISCO
l2tp-class PW
hostname HOSTNAME
vlan 2
name DATA
pseudowire-class L2TP
encapsulation l2tpv2
protocol l2tpv2 PW
ip local interface Vlan2
interface FastEthernet0
switchport access vlan 2
switchport trunk native vlan 2
switchport mode trunk
no ip address
interface FastEthernet1
switchport access vlan 2
switchport trunk native vlan 2
switchport mode trunk
no ip address
interface Virtual-PPP1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1420
ppp chap hostname &HOST&
ppp chap password &PASS&
ppp ipcp dns request
ppp ipcp route default
no cdp enable
pseudowire &IPLNS& 1 encapsulation l2tpv2 pw-class L2TP
interface Vlan1
no ip address
shutdown
interface Vlan2
description Vlan Data
ip address 192.168.127.252 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly in
ip nat inside source list NAT interface Virtual-PPP1 overload
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 0.0.0.0 0.0.0.0 192.168.127.254 10
ip route &IPLNS& 255.255.255.255 192.168.127.254
ip access-list extended NAT
permit ip 192.168.0.0 0.0.255.255 any
J'espère que cette réponse aidera quelques-uns d'entre vous.
Benoît -
Hi,
We have a LNS which is connecting to our partners LAC. I've been mandated to provide password authentication for this connection. Looking online, all that I see is authentication for the users that will be using the LAC/LNS connection. But... I don't see a way to authenticate the LAC itself. This is a working tunnel currently, with no password for the LAC/LNS connection.
Here's our config:
vpdn-group VZ
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname VZWLAC
source-ip 216.x.x.254
local name GC
l2tp tunnel framing capabilities all
l2tp tunnel bearer capabilities all
ip pmtu
ip mtu adjust
interface Virtual-Template1
ip unnumbered Loopback0
ip mtu 1400
ip policy route-map clear-df
peer default ip address pool guamcell
no keepalive
ppp authentication chap
ppp ipcp dns 63.x.x.20 63.103.50.17
Thanks!
Lisa GBetter you can try LNS authentication server performs an authentication process based on the LNS local name and shared password . And the LNS can perform the authentication locally
-
10.6.4 Server L2TP VPN using external RADIUS - Authorization Failed
I'm using 10.6.4 with VPN L2TP configured successfully using local user database for authentication. Now i want to configure the VPN to use Steel Belted Radius server for authentication (that hooked up to another LDAP server) for authentication.
I've configured the VPN service to use the radius server, authentication to radius is occurring but i'm getting errors that the user is not authorized to use the VPN service.
Is there a way to configure 10.6's VPN service to authorize any user that successfully authenticates against Radius?
NOTE: I've played around with Server Admin's access for VPN, with it set to all users, everyone ect, this did not make any difference to the error i'm getting from the vpn service.
Here's the log out put when the connection fails.
2010-08-27 12:52:34 PDT Loading plugin /System/Library/Extensions/L2TP.ppp
2010-08-27 12:52:34 PDT Listening for connections...
2010-08-27 12:52:39 PDT Incoming call... Address given to client = 192.168.105.1
Fri Aug 27 12:52:39 2010 : Directory Services Authorization plugin initialized
Fri Aug 27 12:52:39 2010 : L2TP incoming call in progress from '[ip address redacted]'…
Fri Aug 27 12:52:39 2010 : L2TP received SCCRQ
Fri Aug 27 12:52:39 2010 : L2TP sent SCCRP
Fri Aug 27 12:52:39 2010 : L2TP received SCCCN
Fri Aug 27 12:52:39 2010 : L2TP received ICRQ
Fri Aug 27 12:52:39 2010 : L2TP sent ICRP
Fri Aug 27 12:52:39 2010 : L2TP received ICCN
Fri Aug 27 12:52:39 2010 : L2TP connection established.
Fri Aug 27 12:52:39 2010 : using link 0
Fri Aug 27 12:52:39 2010 : Using interface ppp0
Fri Aug 27 12:52:39 2010 : Connect: ppp0 <--> socket[34:18]
Fri Aug 27 12:52:39 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : lcp_reqci: returning CONFACK.
Fri Aug 27 12:52:39 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoReq id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : sent [CHAP Challenge id=0xc8 <086a03234947113037497f4326585a1f>, name = "OSX SERVER"]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoReq id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoRep id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoRep id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : rcvd [CHAP Response id=0xc8 <5ad3c0cb063694e473f51c9252e007f400000000000000003701b4fa8e7b844e072cddeceefa73 173d7415c85cae976700>, name = "USERNAME"]
Fri Aug 27 12:52:40 2010 : sent [CHAP Success id=0xc8 "S=934D6E79F45791A61C378789A4D719BC6F249574"]
*Fri Aug 27 12:52:40 2010 : CHAP peer authentication succeeded for USERNAME*
*Fri Aug 27 12:52:40 2010 : DSAccessControl plugin: User 'USERNAME' not authorized for access*
*Fri Aug 27 12:52:40 2010 : sent [LCP TermReq id=0x2 "Authorization failed"]*
Fri Aug 27 12:52:40 2010 : Connection terminated.
Fri Aug 27 12:52:40 2010 : L2TP disconnecting...
Fri Aug 27 12:52:40 2010 : L2TP sent CDN
Fri Aug 27 12:52:40 2010 : L2TP sent StopCCN
Fri Aug 27 12:52:40 2010 : L2TP disconnected
2010-08-27 12:52:40 PDT --> Client with address = 192.168.105.1 has hungup
Message was edited by: sarah maysI'm using 10.6.4 with VPN L2TP configured successfully using local user database for authentication. Now i want to configure the VPN to use Steel Belted Radius server for authentication (that hooked up to another LDAP server) for authentication.
I've configured the VPN service to use the radius server, authentication to radius is occurring but i'm getting errors that the user is not authorized to use the VPN service.
Is there a way to configure 10.6's VPN service to authorize any user that successfully authenticates against Radius?
NOTE: I've played around with Server Admin's access for VPN, with it set to all users, everyone ect, this did not make any difference to the error i'm getting from the vpn service.
Here's the log out put when the connection fails.
2010-08-27 12:52:34 PDT Loading plugin /System/Library/Extensions/L2TP.ppp
2010-08-27 12:52:34 PDT Listening for connections...
2010-08-27 12:52:39 PDT Incoming call... Address given to client = 192.168.105.1
Fri Aug 27 12:52:39 2010 : Directory Services Authorization plugin initialized
Fri Aug 27 12:52:39 2010 : L2TP incoming call in progress from '[ip address redacted]'…
Fri Aug 27 12:52:39 2010 : L2TP received SCCRQ
Fri Aug 27 12:52:39 2010 : L2TP sent SCCRP
Fri Aug 27 12:52:39 2010 : L2TP received SCCCN
Fri Aug 27 12:52:39 2010 : L2TP received ICRQ
Fri Aug 27 12:52:39 2010 : L2TP sent ICRP
Fri Aug 27 12:52:39 2010 : L2TP received ICCN
Fri Aug 27 12:52:39 2010 : L2TP connection established.
Fri Aug 27 12:52:39 2010 : using link 0
Fri Aug 27 12:52:39 2010 : Using interface ppp0
Fri Aug 27 12:52:39 2010 : Connect: ppp0 <--> socket[34:18]
Fri Aug 27 12:52:39 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : lcp_reqci: returning CONFACK.
Fri Aug 27 12:52:39 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoReq id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : sent [CHAP Challenge id=0xc8 <086a03234947113037497f4326585a1f>, name = "OSX SERVER"]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoReq id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoRep id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoRep id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : rcvd [CHAP Response id=0xc8 <5ad3c0cb063694e473f51c9252e007f400000000000000003701b4fa8e7b844e072cddeceefa73 173d7415c85cae976700>, name = "USERNAME"]
Fri Aug 27 12:52:40 2010 : sent [CHAP Success id=0xc8 "S=934D6E79F45791A61C378789A4D719BC6F249574"]
*Fri Aug 27 12:52:40 2010 : CHAP peer authentication succeeded for USERNAME*
*Fri Aug 27 12:52:40 2010 : DSAccessControl plugin: User 'USERNAME' not authorized for access*
*Fri Aug 27 12:52:40 2010 : sent [LCP TermReq id=0x2 "Authorization failed"]*
Fri Aug 27 12:52:40 2010 : Connection terminated.
Fri Aug 27 12:52:40 2010 : L2TP disconnecting...
Fri Aug 27 12:52:40 2010 : L2TP sent CDN
Fri Aug 27 12:52:40 2010 : L2TP sent StopCCN
Fri Aug 27 12:52:40 2010 : L2TP disconnected
2010-08-27 12:52:40 PDT --> Client with address = 192.168.105.1 has hungup
Message was edited by: sarah mays -
PPP and virtual-access2 is down, please help
Dear All,
Since yesterday we have problems with our Cisco 878 SDSL router/modem. We make use of a standard script from our ISP (KPN.com). When we have uploaded the script by Windows Terminal, the router is unable to establish a ppp connection with our ISP. Virtual-access2 link is up, but the protocol is down.
Please find underneath the standard script from KPN.com. Please help we have already lost 1 day with "trial and error" and the service and support is not that great from our ISP.
Thanks in advance for your reply.
Cheers.
FYI
version 12.4
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
no service udp-small-servers
no service tcp-small-servers
no service dhcp
hostname IDSL-ADV-Cust-CPE-SDSL
logging rate-limit console 10 except errors
boot-start-marker
boot-end-marker
ip subnet-zero
ip cef
no ip dhcp-client network-discovery
ip dhcp pool IAS
import all
origin ipcp
ip name-server 194.151.228.18
ip name-server 194.151.228.34
controller DSL 0
mode atm
line-term cpe
line-mode auto
dsl-mode shdsl symmetric annex B
interface BRI0
no ip address
encapsulation hdlc
shutdown
interface ATM0
no ip address
no shutdown
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description To IAS over ADSL Access Router
pvc 2/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
ip address pool IAS
ip verify unicast reverse-path
no shutdown
no cdp enable
hold-queue 32 in
interface Dialer0
ip address negotiated
ip verify unicast reverse-path
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname KPN
ppp chap password xx
ppp pap sent-username kpn password xxx
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp address accept
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
control-plane
scheduler max-task-time 5000
endHi,
beside that the proposed config has no NAT, it appears fine. Can you send output of "show dsl interface" and "show atm PVC 2/35".
Maybe you are looking for
-
Erratic iSight problem on MacBook Pro
The iSight camera on my MacBook Pro 17" comes and goes constantly. It vanishes from System Profiler at times too. I've rest the NVRAM and logged in as other users too. Its like it has a mind of its own. Turning on the green LED and off, then refusing
-
I have written program to see alv list. When i run the program it shows first field value in all fields in same row.I mean it looks like row1 : 1 1 1 1 1 row2 : 2 2 2 2 2 row3: 3 3 3 3 3 I am calling function to do list with this program : gd_repid =
-
Manage photos on iphone without computer
How do I manage photos on my iphone without a computer?
-
Every month a new sales target is given to each customer (distributor) for promoting the sales. This sales target is based on customer and material group. In below example represents the sales target of A.V international customer. Ex: customer M
-
please let us downgrade our device <Subject Edited by Host>