L2TP / PPP & peer refused to authenticate

Hi
Having some trouble with a basic L2TP VPN setup in Xserve 10.6.1 (kerberos auth). From what I've read in the meantime, it seems to indicate that OSX Server is asking for client authentication, that isn't given by the device? (using iPhone 3.0.1 and OSX 10.6.1 client to test). Do I have to turn off client auth somehow? Any suggestions appreciated!
Using Kerberos with a shared secret (no certificate).
fullstatus from the vpn setup is below:
vpn:servicePortsAreRestricted = "NO"
vpn:readWriteSettingsVersion = 1
vpn:servers:com.apple.ppp.pptp:AuthenticationProtocol = "MSCHAP2"
vpn:servers:com.apple.ppp.pptp:CurrentConnections = 0
vpn:servers:com.apple.ppp.pptp:enabled = no
vpn:servers:com.apple.ppp.pptp:MPPEKeySize = "MPPEKeySize128"
vpn:servers:com.apple.ppp.pptp:Type = "PPP"
vpn:servers:com.apple.ppp.pptp:SubType = "PPTP"
vpn:servers:com.apple.ppp.pptp:AuthenticatorPlugins = "DSAuth"
vpn:servers:com.apple.ppp.l2tp:AuthenticationProtocol = "EAP"
vpn:servers:com.apple.ppp.l2tp:CurrentConnections = 0
vpn:servers:com.apple.ppp.l2tp:enabled = yes
vpn:servers:com.apple.ppp.l2tp:startedTime = "2009-10-07 12:41:51 +1000"
vpn:servers:com.apple.ppp.l2tp:Type = "PPP"
vpn:servers:com.apple.ppp.l2tp:SubType = "L2TP"
vpn:servers:com.apple.ppp.l2tp:AuthenticatorPlugins = "DSAuth"
vpn:servers:com.apple.ppp.l2tp:pid = 7459
vpn:servicePortsRestrictionInfo = emptyarray
vpn:health = emptydictionary
vpn:logPaths:com.apple.ppp.pptp_ServerLog = "/var/log/ppp/vpnd.log"
vpn:logPaths:com.apple.ppp.pptp_PPPLog = "/var/log/ppp/vpnd.log"
vpn:logPaths:vpnLog = "/var/log/ppp/vpnd.log"
vpn:configured = yes
vpn:state = "RUNNING"
vpn:setStateVersion = 1
Full server log output for a connection attempt below:
2009-10-07 12:59:55 EST Incoming call... Address given to client = 10.10.5.205
Wed Oct 7 12:59:55 2009 : Directory Services Authentication plugin initialized
Wed Oct 7 12:59:55 2009 : Directory Services Authorization plugin initialized
Wed Oct 7 12:59:55 2009 : L2TP incoming call in progress from '10.10.5.118'...
Wed Oct 7 12:59:55 2009 : L2TP received SCCRQ
Wed Oct 7 12:59:55 2009 : L2TP sent SCCRP
Wed Oct 7 12:59:55 2009 : L2TP received SCCCN
Wed Oct 7 12:59:55 2009 : L2TP received ICRQ
Wed Oct 7 12:59:55 2009 : L2TP sent ICRP
Wed Oct 7 12:59:55 2009 : L2TP received ICCN
Wed Oct 7 12:59:55 2009 : L2TP connection established.
Wed Oct 7 12:59:56 2009 : using link 0
Wed Oct 7 12:59:56 2009 : Using interface ppp0
Wed Oct 7 12:59:56 2009 : Connect: ppp0 <--> socket[34:18]
Wed Oct 7 12:59:56 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0x1e583301> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x2d2bf884> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : lcp_reqci: returning CONFACK.
Wed Oct 7 12:59:56 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x2d2bf884> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : rcvd [LCP ConfNak id=0x1 <auth chap MS-v2>]
Wed Oct 7 12:59:56 2009 : sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x1e583301> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x1e583301> <pcomp> <accomp>]
Wed Oct 7 12:59:56 2009 : sent [LCP EchoReq id=0x0 magic=0x1e583301]
Wed Oct 7 12:59:56 2009 : peer refused to authenticate: terminating link
Wed Oct 7 12:59:56 2009 : sent [LCP TermReq id=0x3 "peer refused to authenticate"]
Wed Oct 7 12:59:56 2009 : Connection terminated.
Wed Oct 7 12:59:56 2009 : L2TP disconnecting...
Wed Oct 7 12:59:56 2009 : L2TP sent CDN
Wed Oct 7 12:59:56 2009 : L2TP sent StopCCN
Wed Oct 7 12:59:56 2009 : L2TP disconnected
2009-10-07 12:59:56 EST --> Client with address = 10.10.5.205 has hungup
Message was edited by: skermajo

My first suggestion is to switch from Kerberos to MS-CHAPv2 and try again.
Personally, I have not been able to get Kerberos authentication to work reliably, and in fact, right now I seem to not be able to set it any longer (thanks, now I have something to fix )
Let us know if that 'fixed' it or post the log once that is done and we will continue along.
Peter

Similar Messages

VPN Settings Server Admin L2TP PPP Authentication Kereberos option dimmed?

Hi. I set up my 10.4 server as an open directory master. Kerberos works on the LAN for single signon.
I am trying to configure VPN service now. When I go to the "Settings" section of VPN in Server Admin, under L2TP, "PPP Authentication", MS-CHAPv2 is selectable but "Kerberos" is dimmed, i.e. I can't select it. What do I need to do to be able to used Kerberos here?
Thanks,

Thanks BrianFL. This helps hugely. Yes, I just to set up a simple filesharing VPN not the kind of VPN that bypass Internet censorship. I use ethernet connection directly from my router yes.
1. I just need to use the server app to set up a VPN and port forwarding. That is it?
2. The setting I have made according to the guide with Server Admin Tools seems never going away, even after I deleted the server that has all the settings inside Server Admin Tools. Upon creating a new server inside Server Admin Tools, the new server inherits all the settings from the one I just deleted. Any idea how I can restore to Server Admin Tools's defaults settings?
3. Even VNC (I use RealVNC) on the mini stopped working after I made changes according to the guide and deleted all the changes I can find. What is the address format for lion's build in VNC (192.168.0.100:5800?) like? I forgot how it is.
Thanks so much!

Messages (Jabber) Refuses to Authenticate AD Users after 10.9.2/Server 3.0.3 update

Once again, an update appears to have broken Messages/Jabber's ability to authenticate AD users after the 10.9.2/Server 3.0.3 update even though it was working well before. Hoping someone here has some ideas for how to help!
I can log in just fine as a local user (e.g. [email protected]), but no luck with AD users (e.g. [email protected]). As always, it fails with no intelligible error message whatsoever:
Mar 1 09:46:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] connect
Mar 1 09:46:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58658] disconnect jid=unbound, packets: 0
Mar 1 09:48:00 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] connect
Mar 1 09:48:01 comet.ADdomain.private jabberd/c2s[604]: [9] [::ffff:76.24.227.229, port=58667] disconnect jid=unbound, packets: 0
I reset the jabber server configuration as described here to no avail: https://discussions.apple.com/thread/5354428
The DNS configuration looks good:
changeip -checkhostname
Primary address     = 10.0.17.15
Current HostName    = comet.ADdomain.private
DNS HostName        = comet.ADdomain.private
The names match. There is nothing to change.
dirserv:success = "success"
The Jabber status from jabber:
serveradmin fullstatus jabber
jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "0"
jabber:currentConnectionsPort1 = "0"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.211"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "comet.ADdomain.private"
jabber:hosts:_array_index:0 = "comet.ADdomain.private"
jabber:setStateVersion = 1
jabber:startedTime = "2014-03-01 17:39:06 +0000"
jabber:readWriteSettingsVersion = 1
Full jabber server startup log:
Mar 1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: waiting for jabberd to finish startup...
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: loaded user table (1 users)
Mar 1 09:52:19 comet.ADdomain.private jabberd/router[1785]: couldn't open filter file /etc/jabberd/router-filter.xml: No such file or directory
Mar 1 09:52:19 comet.ADdomain.private servermgrd[180]: servermgr_jabber[N]: jabberd service startup completed.
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/s2s[1787]: starting up (interval=60, queue=60, keepalive=0, idle=86400)
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: starting up
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
Mar 1 09:52:19 comet.ADdomain.private jabberd/c2s[1786]: initialized auth module 'apple_od'
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: initialised storage driver 'sqlite'
Mar 1 09:52:19 comet.ADdomain.private jabberd/sm[1784]: modules search path: /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd/modules
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'sess-end' (order 0 index 0 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-sess' (order 0 index 1 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-sess' (order 1 index 2 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'in-sess' (order 2 index 3 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=5347] listening for incoming connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [comet.ADdomain.private] configured; realm=comet.ADdomain.private, registration disabled, using PEM:/etc/certificates/mail.ADdomainbio.com.E41BBC081993E348B26181D9CB334A28137A8D8D.concat.pem
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49353] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [c2s] online (bound to 127.0.0.1, port 49353)
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5222] listening for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: [::, port=5223] listening for SSL connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/c2s[1786]: ready for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'in-sess' (order 3 index 4 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49354] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'in-sess' (order 4 index 5 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] set as default route
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [s2s] online (bound to 127.0.0.1, port 49354)
Mar 1 09:52:20 comet.ADdomain.private jabberd/s2s[1787]: ready for connections
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'in-sess' (order 5 index 6 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'in-sess' (order 6 index 7 seq 0)
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Starting up...
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Loading persistent rooms from disk...
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Finished loading rooms from disk
Mar 1 09:52:20 comet.ADdomain.private Rooms[1792]: Connecting to XMPP server at 'comet.ADdomain.private' as 'rooms.comet.ADdomain.private'...
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'in-sess' (order 7 index 8 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'in-sess' (order 8 index 9 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'in-sess' (order 9 index 10 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'in-sess' (order 10 index 11 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-sess' (order 11 index 12 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'in-sess' (order 12 index 13 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'in-router' (order 0 index 14 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'validate' added to chain 'in-router' (order 1 index 1 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'in-router' (order 2 index 12 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'in-router' (order 3 index 2 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'out-router' (order 0 index 2 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-sm' (order 0 index 0 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-ping' added to chain 'pkt-sm' (order 1 index 6 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-time' added to chain 'pkt-sm' (order 2 index 15 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'pkt-sm' (order 3 index 16 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-sm' (order 4 index 9 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-sm' (order 5 index 8 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'pkt-sm' (order 6 index 11 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'pkt-sm' (order 7 index 17 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'echo' added to chain 'pkt-sm' (order 8 index 18 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-sm' (order 9 index 12 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'pkt-user' (order 0 index 3 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'presence' added to chain 'pkt-user' (order 1 index 12 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'pkt-user' (order 2 index 5 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'amp' added to chain 'pkt-user' (order 3 index 9 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'deliver' added to chain 'pkt-user' (order 4 index 13 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'pkt-user' (order 5 index 4 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'pkt-user' (order 6 index 10 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'pkt-user' (order 7 index 0 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'session' added to chain 'pkt-router' (order 0 index 14 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'disco' added to chain 'pkt-router' (order 1 index 8 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-load' (order 0 index 19 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'autobuddy' added to chain 'user-load' (order 1 index 20 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-load' (order 2 index 3 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster-publish' added to chain 'user-load' (order 3 index 21 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-load' (order 4 index 2 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-load' (order 5 index 4 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-create' (order 0 index 19 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'template-roster' added to chain 'user-create' (order 1 index 22 seq 0)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'active' added to chain 'user-delete' (order 0 index 19 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'announce' added to chain 'user-delete' (order 1 index 11 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'offline' added to chain 'user-delete' (order 2 index 10 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'privacy' added to chain 'user-delete' (order 3 index 2 seq 4)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'roster' added to chain 'user-delete' (order 4 index 3 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'vacation' added to chain 'user-delete' (order 5 index 4 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-last' added to chain 'user-delete' (order 6 index 0 seq 3)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-private' added to chain 'user-delete' (order 7 index 7 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-vcard' added to chain 'user-delete' (order 8 index 5 seq 2)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'iq-version' added to chain 'disco-extend' (order 0 index 16 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: module 'help' added to chain 'disco-extend' (order 1 index 17 seq 1)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: version: jabberd sm 2.2.17-409
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: [comet.ADdomain.private] configured
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: attempting connection to router at 127.0.0.1, port=5347
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] connect
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49355] authenticated as jabberd
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: connection to router established
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [sm] online (bound to 127.0.0.1, port 49355)
Mar 1 09:52:20 comet.ADdomain.private jabberd/sm[1784]: sm ready for sessions
Mar 1 09:52:20 comet.ADdomain.private jabberd/router[1785]: [comet.ADdomain.private] online (bound to 127.0.0.1, port 49355)
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] connect
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49356] authenticated as proxy65.comet.ADdomain.private
Mar 1 09:52:22 comet.ADdomain.private jabberd/router[1785]: [proxy65.comet.ADdomain.private] online (bound to 127.0.0.1, port 49356)
Mar 1 09:52:23 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] connect
Mar 1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [127.0.0.1, port=49357] authenticated as rooms.comet.ADdomain.private
Mar 1 09:52:24 comet.ADdomain.private jabberd/router[1785]: [rooms.comet.ADdomain.private] online (bound to 127.0.0.1, port 49357)
Mar 1 09:52:24 comet.ADdomain.private Rooms[1792]: Successfully connected to XMPP server, ready for activity
I am not sure if it's attempting to authenticate to AD or not, and if so, why it might be failing. Any suggestions would be greatly appreciated!

uscadvit wrote:
Here is the output without the name of our AD:
Advanced Options - User Experience
Create mobile account at login = Disabled
     Require confirmation        = Enabled
Force home to startup disk     = Enabled
     Mount home as sharepoint    = Enabled
Use Windows UNC path for home = Enabled
     Network protocol to be used = smb
Default user Shell             = /bin/bash
Advanced Options - Mappings
Mapping UID to attribute       = not set
Mapping user GID to attribute = not set
Mapping group GID to attribute = not set
Generate Kerberos authority    = Enabled
Advanced Options - Administrative
Preferred Domain controller    = not set
Allowed admin groups           = not set
Authentication from any domain = Enabled
Packet signing                 = allow
Packet encryption              = allow
Password change interval       = 14
Restrict Dynamic DNS updates   = not set
Namespace mode                 = domain
That looks correct. Lets collect a few more config items.
Copy / paste the output of this command when run against c2s.xml:
sudo grep '<id require-starttls="true" pemfile="' /Library/Server/Messages/Config/jabberd/c2s.xml
Ours looks like this:
<id require-starttls="true" pemfile="/etc/certificates/chat.example.com.1234567890.concat.pem" private-key-password="12345678-1234-1234-12345678" cachain="/etc/certificates/chat.example.com.1234567890.chain.pem" realm="example.com">example.com</id>
Copy / paste the output of this command when run against sm.xml. To give us context, it will display the 6 lines above and below the text:
sudo grep -C 6 'If not set, the SM id is used. -->' /Library/Server/Messages/Config/jabberd/sm.xml
Ours looks like this:
    <local>                <id>example.com</id>            </local>
Copy / paste the output of this command:
sudo serveradmin settings jabber
Ours looks like this:
jabber:dataLocation = "/Library/Server/Messages"jabber:s2sRestrictDomains = nojabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"jabber:sslCAFile = "/etc/certificates/chat.example.com.1234567890.chain.pem"jabber:jabberdClientPortTLS = 5222jabber:sslKeyFile = "/etc/certificates/chat.example.com.1234567890.concat.pem"jabber:initialized = yesjabber:enableXMPP = nojabber:savedChatsArchiveInterval = 7jabber:authLevel = "STANDARD"jabber:hostsCommaDelimitedString = "example.com"jabber:jabberdClientPortSSL = 5223jabber:requireSecureS2S = nojabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"jabber:enableSavedChats = nojabber:enableAutoBuddy = yesjabber:s2sAllowedDomains = _empty_arrayjabber:logLevel = "ALL"jabber:hosts:_array_index:0 = "example.com"jabber:eventLogArchiveInterval = 7jabber:jabberdS2SPort = 0
Also, while you're troubleshooting, I found Adium's debug window to be invaluble for showing errors during logon (even if you plan to use Messages).
You can open it in debug mode by holding option + click Adium.app, select "start in debug mode". Then in Adium menu > Debug window.

10.5 Client refuses to authenticate Kerberos or obey managed preferences

I am sure this has come up time and again, but a search in the forums has not come back with a work around.
I am running Tiger Server 10.4.11 as an OD master serving up portable accounts in a mixed Tiger and Leopard Client Environment. I just did a Leopard upgrades on two MacBooks that were previously bound to the OD server when running Tiger.
Upon completing the upgrades I have found two things:
1) Local and network users working on the laptops are no longer being challenged for a kerberos ticket to authenticate to network shares served up by the 10.4 server
2) Managed preferences for users as well as the clients are no longer being obeyed by the Leopard upgraded clients.
Everything works as it should on my Tiger Clients connecting to the server.
I have flushed the kerberos plists and rebound the Leopard clients to no effect, except to see some managed preferences on the login screen that somehow were honored in the upgrade be rolled back to factory defaults.
I know that Apple has made a lot of changes in Leopard, but is there any known work around to get Leopard to pull kerberos tickets from the server and obey managed preferences? I am not yet ready to make the upgrade to Leopard server with a stable server environment already in place.
Seems to me there should be some sort of workaround.
Help!
TIA,
Art
Message was edited by: MacWay

Turns out it was a time synch issue. I discovered this without any help from the forums.

L2TP/PPP Traffic Generator

I need to generate 2000+ L2TP Sessions to a Cisco Router for testing purpose. Does anybody have any ideas of what product can be used to gererate this traffic.

I have used iPerf for similar type testing:
http://sourceforge.net/projects/iperf/

Mac OS X Server Refuses to Authenticate One User for Contacts

I have a 10.8.5 Server which has suddenly decided to refuse to accept a password for one particular user, but only for Contacts and Calendars.
The user is a local, ID 502. Changing the password makes no difference. Mail and filesharing still works just fine.
Sometimes it reports a DAV error 1 in the log. This lead me to suspect it was an issue with Apache, though the web & wiki services are not configured but Profile Manager is. WebDAV does work to mount fileshares for this user though. Just CalDAV and CardDAV don't work any more.
Any ideas?

[Here is a crib sheet for connecting Windows to Samba|http://labs.hoffmanlabs.com/node/1590]

L2TP - PPP IPCP failure

Hi
I am in the process of building a broadband solution where the telco owns the LAC/LTS infrastrucutre and I own the LNS. The sites are using ADSLoPSTN and run PPPoA to a dialer i/face. The LNS is a 7201 running 12.4-15.T6, the remote is 12.4-17b AdvIPServices
I have an issue where the remote site is not entering the ip address of the LNS into its routing table as a host route, nor does it appear in show users.
The IP Address at the site is being delivered successfully by radius and everything works, but I need the host route for other reasons.
EDIT: RESOLVED
An erronous line of code had been entered at the remote site router config templates:
ip address-pool local
This breaks IPCP - not terminally but just enough to prevent the host route being installed.

My first suggestion is to switch from Kerberos to MS-CHAPv2 and try again.
Personally, I have not been able to get Kerberos authentication to work reliably, and in fact, right now I seem to not be able to set it any longer (thanks, now I have something to fix )
Let us know if that 'fixed' it or post the log once that is done and we will continue along.
Peter

Problems Connecting to VPN Server ( Mac OS X Server 10.6.2

Hi
We are using Mac OS X Server 10.6.2 ( Snow Leopard Server). I have set it up as a VPN server. When I connect to it from my Macbook Pro ( Snow Leopard ), the logs in Server Admin shows,
2010-01-05 10:45:35 SGT Incoming call... Address given to client = 10.10.10.8
Tue Jan 5 10:45:35 2010 : Directory Services Authentication plugin initialized
Tue Jan 5 10:45:35 2010 : Directory Services Authorization plugin initialized
Tue Jan 5 10:45:35 2010 : L2TP incoming call in progress from '119.234.0.27'...
Tue Jan 5 10:45:35 2010 : L2TP received SCCRQ
Tue Jan 5 10:45:35 2010 : L2TP sent SCCRP
Tue Jan 5 10:45:36 2010 : L2TP received SCCCN
Tue Jan 5 10:45:36 2010 : L2TP received ICRQ
Tue Jan 5 10:45:36 2010 : L2TP sent ICRP
Tue Jan 5 10:45:36 2010 : L2TP received ICCN
Tue Jan 5 10:45:36 2010 : L2TP connection established.
Tue Jan 5 10:45:36 2010 : using link 0
Tue Jan 5 10:45:36 2010 : Using interface ppp0
Tue Jan 5 10:45:36 2010 : Connect: ppp0 <--> socket[34:18]
Tue Jan 5 10:45:36 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x65f87f32> <pcomp> <accomp>]
Tue Jan 5 10:45:36 2010 : rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]
Tue Jan 5 10:45:36 2010 : sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x65f87f32> <pcomp> <accomp>]
Tue Jan 5 10:45:37 2010 : rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x65f87f32> <pcomp> <accomp>]
Tue Jan 5 10:45:39 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x313e74f9> <pcomp> <accomp>]
Tue Jan 5 10:45:39 2010 : lcp_reqci: returning CONFACK.
Tue Jan 5 10:45:39 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x313e74f9> <pcomp> <accomp>]
Tue Jan 5 10:45:39 2010 : sent [LCP EchoReq id=0x0 magic=0x65f87f32]
Tue Jan 5 10:45:39 2010 : peer refused to authenticate: terminating link
Tue Jan 5 10:45:39 2010 : sent [LCP TermReq id=0x3 "peer refused to authenticate"]
Tue Jan 5 10:45:39 2010 : Connection terminated.
Tue Jan 5 10:45:39 2010 : L2TP disconnecting...
Tue Jan 5 10:45:39 2010 : L2TP sent CDN
Tue Jan 5 10:45:39 2010 : L2TP sent StopCCN
Tue Jan 5 10:45:39 2010 : L2TP disconnected
2010-01-05 10:45:39 SGT --> Client with address = 10.10.10.8 has hungup
Any help is deeply appreciated. Thanks!
David

HI All ( again )
I managed to get pass the authentication problem, but something else comes up...
Tue Jan 5 16:30:53 2010 : CHAP peer authentication succeeded for xyz
Tue Jan 5 16:30:53 2010 : DSAccessControl plugin: User 'xyz' authorized for access
Tue Jan 5 16:30:53 2010 : sent [IPCP ConfReq id=0x1 <addr 10.10.10.203>]
Tue Jan 5 16:30:53 2010 : sent [ACSCP ConfReq id=0x1]
Tue Jan 5 16:30:53 2010 : rcvd [LCP ProtRej id=0x2 80 21 01 01 00 0a 03 06 0a 0a 0a cb]
Tue Jan 5 16:30:53 2010 : rcvd [ACSCP ConfReq id=0x1 <ms-dns1 0.0.0.1> <ms-dns1 0.0.0.1>]
Tue Jan 5 16:30:53 2010 : sent [ACSCP ConfRej id=0x1 <ms-dns1 0.0.0.1> <ms-dns1 0.0.0.1>]
Tue Jan 5 16:30:53 2010 : rcvd [ACSCP ConfAck id=0x1]
Tue Jan 5 16:30:53 2010 : rcvd [ACSCP ConfReq id=0x2]
Tue Jan 5 16:30:53 2010 : sent [ACSCP ConfAck id=0x2]
Tue Jan 5 16:31:13 2010 : rcvd [LCP EchoReq id=0x1 magic=0x7f467f40]
Tue Jan 5 16:31:13 2010 : sent [LCP EchoRep id=0x1 magic=0x102c8c28]
Tue Jan 5 16:31:33 2010 : rcvd [LCP EchoReq id=0x2 magic=0x7f467f40]
Tue Jan 5 16:31:33 2010 : sent [LCP EchoRep id=0x2 magic=0x102c8c28]
Tue Jan 5 16:31:53 2010 : sent [LCP EchoReq id=0x1 magic=0x102c8c28]
Tue Jan 5 16:31:53 2010 : rcvd [LCP EchoRep id=0x1 magic=0x7f467f40]
Tue Jan 5 16:31:54 2010 : rcvd [LCP EchoReq id=0x3 magic=0x7f467f40]
Tue Jan 5 16:31:54 2010 : sent [LCP EchoRep id=0x3 magic=0x102c8c28]
LCP EchoRep continues to repeat endlessly while my Macbook shows VPN connection status as "Authenticating....."
Any ideas anyone?
David

IPad2, Verizon 3G, VPN Connectivity Issues

Greetings all. I am the systems administrator for my corporation and have seen an issue that I wish to present to the community for discussion.
For those enterprise users that have an iPad2 with Verizons 3G, are you experiencing connectivity issues while trying to connect to your VPNs from the 3G network? If so, have you found any work around to allow connectivity or does it work fine for you?
Here's a summary of my issues:
We have a VPN server built on Debian Linux that has been in operation for over four years. It handles remote VPN connections from Windows, Linux, Android, OS X, iOS, and from many different devices including multiple flavors of Apple products (iMacs, Minis, MacBooks, iPads, etc.). To date, it has performed flawlessly with assorted devices connecting to it through broadband and assorted 3G networks.
Recently I purchased an iPad2 with Verizon 3G. I was able to set up the VPN connection using PPTP and connect using a Wi-Fi connection. When I turned off the Wi-Fi and attempted the same connection via Verizon 3G, it fails. I then took an associates iPad1 using AT&T 3G, set up the same connection, and was able to connect. I don't have access to an iPad2 on AT&T 3G so, I can't speak for that.
Here's the logs from the VPN server while connecting from my iPad2:
Wi-Fi
Jul 27 05:20:43 localhost pppd[31694]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Jul 27 05:20:43 localhost pppd[31694]: pptpd-logwtmp: $Version$
Jul 27 05:20:43 localhost pppd[31694]: pppd 2.4.4 started by root, uid 0
Jul 27 05:20:43 localhost pppd[31694]: Using interface ppp2
Jul 27 05:20:43 localhost pppd[31694]: Connect: ppp2 <--> /dev/pts/4
Jul 27 05:20:46 localhost pppd[31694]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
Jul 27 05:20:46 localhost pppd[31694]: found interface eth1 for proxy arp
Jul 27 05:20:46 localhost pppd[31694]: local IP address 192.168.1.69
Jul 27 05:20:46 localhost pppd[31694]: remote IP address 192.168.1.82
Jul 27 05:20:46 localhost pppd[31694]: pptpd-logwtmp.so ip-up ppp2 scott XXX.XXX.XXX.XXX (removed external IP for security reasons)
Quick connect, able to utilize VPN connection normally. No issues.
Verizon 3G
Jul 27 05:20:29 localhost pppd[31682]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Jul 27 05:20:29 localhost pppd[31682]: pptpd-logwtmp: $Version$
Jul 27 05:20:29 localhost pppd[31682]: pppd 2.4.4 started by root, uid 0
Jul 27 05:20:29 localhost pppd[31682]: Using interface ppp2
Jul 27 05:20:29 localhost pppd[31682]: Connect: ppp2 <--> /dev/pts/4
Jul 27 05:20:32 localhost pppd[31682]: peer refused to authenticate: terminating link
Jul 27 05:20:33 localhost pppd[31682]: Connection terminated.
Jul 27 05:20:33 localhost pppd[31682]: Exit.
As you can see, the peer refuses to authenticate causing the link to be terminated while attempting to connect using Verizons network. This is with the same VPN connection settings on the iPad2 that just worked with WiFi connection from the same device.
Here's what I can verify with regards to 3G networks:
Older (<4) iPhones and iPad1 using AT&T can connect
Windows and OS X based laptops using Sprint 3G can connect
Android based smart phones using Sprint 3G can connect
I have not called Verizon or Apple Support yet but, that's next when I have the time. My initial conclusion is that there is something with Verizons 3G services that is causing the issue. It may be that Verizon is using some sort of data compression process that is problematic with VPN transmission. While the log shows an unsupported IPv6 protocol when connecting via Wi-Fi, it still negotiates a successful connection and I don't think that's the root cause for the disconnect. Thoughts?

Hi Alexander,
I am running in to the exact same issue (although not with Linux). Did you ever find a fix for this? I have some support tickets open with my VAR's, but found your post and thought I would check. If I find anything I will post.
Thanks
Stu

10.6.4 Server L2TP VPN using external RADIUS - Authorization Failed

I'm using 10.6.4 with VPN L2TP configured successfully using local user database for authentication. Now i want to configure the VPN to use Steel Belted Radius server for authentication (that hooked up to another LDAP server) for authentication.
I've configured the VPN service to use the radius server, authentication to radius is occurring but i'm getting errors that the user is not authorized to use the VPN service.
Is there a way to configure 10.6's VPN service to authorize any user that successfully authenticates against Radius?
NOTE: I've played around with Server Admin's access for VPN, with it set to all users, everyone ect, this did not make any difference to the error i'm getting from the vpn service.
Here's the log out put when the connection fails.
2010-08-27 12:52:34 PDT Loading plugin /System/Library/Extensions/L2TP.ppp
2010-08-27 12:52:34 PDT Listening for connections...
2010-08-27 12:52:39 PDT Incoming call... Address given to client = 192.168.105.1
Fri Aug 27 12:52:39 2010 : Directory Services Authorization plugin initialized
Fri Aug 27 12:52:39 2010 : L2TP incoming call in progress from '[ip address redacted]'…
Fri Aug 27 12:52:39 2010 : L2TP received SCCRQ
Fri Aug 27 12:52:39 2010 : L2TP sent SCCRP
Fri Aug 27 12:52:39 2010 : L2TP received SCCCN
Fri Aug 27 12:52:39 2010 : L2TP received ICRQ
Fri Aug 27 12:52:39 2010 : L2TP sent ICRP
Fri Aug 27 12:52:39 2010 : L2TP received ICCN
Fri Aug 27 12:52:39 2010 : L2TP connection established.
Fri Aug 27 12:52:39 2010 : using link 0
Fri Aug 27 12:52:39 2010 : Using interface ppp0
Fri Aug 27 12:52:39 2010 : Connect: ppp0 <--> socket[34:18]
Fri Aug 27 12:52:39 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : lcp_reqci: returning CONFACK.
Fri Aug 27 12:52:39 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoReq id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : sent [CHAP Challenge id=0xc8 <086a03234947113037497f4326585a1f>, name = "OSX SERVER"]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoReq id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoRep id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoRep id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : rcvd [CHAP Response id=0xc8 <5ad3c0cb063694e473f51c9252e007f400000000000000003701b4fa8e7b844e072cddeceefa73 173d7415c85cae976700>, name = "USERNAME"]
Fri Aug 27 12:52:40 2010 : sent [CHAP Success id=0xc8 "S=934D6E79F45791A61C378789A4D719BC6F249574"]
*Fri Aug 27 12:52:40 2010 : CHAP peer authentication succeeded for USERNAME*
*Fri Aug 27 12:52:40 2010 : DSAccessControl plugin: User 'USERNAME' not authorized for access*
*Fri Aug 27 12:52:40 2010 : sent [LCP TermReq id=0x2 "Authorization failed"]*
Fri Aug 27 12:52:40 2010 : Connection terminated.
Fri Aug 27 12:52:40 2010 : L2TP disconnecting...
Fri Aug 27 12:52:40 2010 : L2TP sent CDN
Fri Aug 27 12:52:40 2010 : L2TP sent StopCCN
Fri Aug 27 12:52:40 2010 : L2TP disconnected
2010-08-27 12:52:40 PDT --> Client with address = 192.168.105.1 has hungup
Message was edited by: sarah mays

I'm using 10.6.4 with VPN L2TP configured successfully using local user database for authentication. Now i want to configure the VPN to use Steel Belted Radius server for authentication (that hooked up to another LDAP server) for authentication.
I've configured the VPN service to use the radius server, authentication to radius is occurring but i'm getting errors that the user is not authorized to use the VPN service.
Is there a way to configure 10.6's VPN service to authorize any user that successfully authenticates against Radius?
NOTE: I've played around with Server Admin's access for VPN, with it set to all users, everyone ect, this did not make any difference to the error i'm getting from the vpn service.
Here's the log out put when the connection fails.
2010-08-27 12:52:34 PDT Loading plugin /System/Library/Extensions/L2TP.ppp
2010-08-27 12:52:34 PDT Listening for connections...
2010-08-27 12:52:39 PDT Incoming call... Address given to client = 192.168.105.1
Fri Aug 27 12:52:39 2010 : Directory Services Authorization plugin initialized
Fri Aug 27 12:52:39 2010 : L2TP incoming call in progress from '[ip address redacted]'…
Fri Aug 27 12:52:39 2010 : L2TP received SCCRQ
Fri Aug 27 12:52:39 2010 : L2TP sent SCCRP
Fri Aug 27 12:52:39 2010 : L2TP received SCCCN
Fri Aug 27 12:52:39 2010 : L2TP received ICRQ
Fri Aug 27 12:52:39 2010 : L2TP sent ICRP
Fri Aug 27 12:52:39 2010 : L2TP received ICCN
Fri Aug 27 12:52:39 2010 : L2TP connection established.
Fri Aug 27 12:52:39 2010 : using link 0
Fri Aug 27 12:52:39 2010 : Using interface ppp0
Fri Aug 27 12:52:39 2010 : Connect: ppp0 <--> socket[34:18]
Fri Aug 27 12:52:39 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : lcp_reqci: returning CONFACK.
Fri Aug 27 12:52:39 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoReq id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : sent [CHAP Challenge id=0xc8 <086a03234947113037497f4326585a1f>, name = "OSX SERVER"]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoReq id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoRep id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoRep id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : rcvd [CHAP Response id=0xc8 <5ad3c0cb063694e473f51c9252e007f400000000000000003701b4fa8e7b844e072cddeceefa73 173d7415c85cae976700>, name = "USERNAME"]
Fri Aug 27 12:52:40 2010 : sent [CHAP Success id=0xc8 "S=934D6E79F45791A61C378789A4D719BC6F249574"]
*Fri Aug 27 12:52:40 2010 : CHAP peer authentication succeeded for USERNAME*
*Fri Aug 27 12:52:40 2010 : DSAccessControl plugin: User 'USERNAME' not authorized for access*
*Fri Aug 27 12:52:40 2010 : sent [LCP TermReq id=0x2 "Authorization failed"]*
Fri Aug 27 12:52:40 2010 : Connection terminated.
Fri Aug 27 12:52:40 2010 : L2TP disconnecting...
Fri Aug 27 12:52:40 2010 : L2TP sent CDN
Fri Aug 27 12:52:40 2010 : L2TP sent StopCCN
Fri Aug 27 12:52:40 2010 : L2TP disconnected
2010-08-27 12:52:40 PDT --> Client with address = 192.168.105.1 has hungup
Message was edited by: sarah mays

Configuring PPP options for only one VPN connection

How do you configure PPP options for only one VPN connection that is using L2TP over IPSec? The built-in VPN client in 10.4.9 is failing authentication because it won't talk MSCHAP-V2 (this is the only authentication protocol I can use) with the server. I am able to establish a connection if I add the following to /etc/ppp/options:
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
However, these options will affect all PPP connections. The preference file that contains the network configurations (/Library/Preferences/SystemConfiguration/preferences.plist) also contains PPP options for each specific network service. After some searching around, I found that there are several keys that seem promising (MSCHAP2, etc.). But these keys take a string value and I have no clue what they should be. These keys are defined in SCSchemaDefinitions.h file.
Any ideas?
Mac OS X (10.4.9)

Hi Brian,
I just tried to check all of ADDT´s "includes" files for any internal references (read: "require" or "require_once" statements) to the file "tNG_config.inc.php". So far I can only see this file referenced in the file "tNG.inc.php" (within the "$KT_tNG_uploadFileList1" array).
So what could this mean ? Maybe you´ll have to make copies of the the original "tNG.inc.php" as well and save them as, say, "tNG.inc_ital.php" file plus make sure that these copies internally point to a different "tNG_config_ital.inc.php" file -- because it´s always the first mentioned file which gets referenced from e.g. an ADDT login page (see the "Load the tNG classes" - part)
I want to use ADDT’s User Registration Wizard and I have looked at all the neat stuff in the Control Panel/Login Settings
The Control Panel will always update the main "tNG_config.inc.php" file, so any further modifications will have to become manually applied to the custom files you´re creating.
Cheers,
Günter

Only my MBP Drops L2TP VPN Connection after 60 Seconds

My Old G4 Laptop and my Dual G5 Tower both connect to my office via L2TP VPN without an issue. with the exact same settings exported over to my mac book pro, the connection drops after exactly 60 seconds. I've tried both wireless and wired connections, and in either case, the VPN drops after 60 seconds of connect time.

I checked with my VPN administrator. He upgraded the XServe to Mac OS 10.4.5, and we tried again, with the same results. He sent me the server log to post:
2006-03-14 14:39:20 PST Listening for connections...
2006-03-14 14:43:44 PST terminating on signal 15
2006-03-14 14:43:44 PST terminating on signal 15
#End-Date: 2006-03-14 14:43:44 PST
#End-Date: 2006-03-14 14:43:44 PST
#Start-Date: 2006-03-14 14:44:55 PST
#Fields: date time s-comment
#Start-Date: 2006-03-14 14:44:55 PST
#Fields: date time s-comment
2006-03-14 14:44:55 PST Loading plugin /System/Library/Extensions/L2TP.ppp
2006-03-14 14:44:55 PST Loading plugin /System/Library/Extensions/PPTP.ppp
2006-03-14 14:44:58 PST Listening for connections...
2006-03-14 14:44:58 PST Listening for connections...
2006-03-14 17:06:52 PST Incoming call... Address given to client = 172.16.6.2
Tue Mar 14 17:06:52 2006 : Directory Services Authentication plugin initialized
Tue Mar 14 17:06:52 2006 : Directory Services Authorization plugin initialized
Tue Mar 14 17:06:52 2006 : PPTP incoming call in progress from 'REDACTED'...
Tue Mar 14 17:06:52 2006 : PPTP connection established.
Tue Mar 14 17:06:52 2006 : using link 0
Tue Mar 14 17:06:52 2006 : Using interface ppp0
Tue Mar 14 17:06:52 2006 : Connect: ppp0 <--> socket[34:17]
Tue Mar 14 17:06:52 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe2f50f1d> <pcomp> <accomp>]
Tue Mar 14 17:06:52 2006 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x122fcd45> <pcomp> <accomp>]
Tue Mar 14 17:06:52 2006 : lcp_reqci: returning CONFACK.
Tue Mar 14 17:06:52 2006 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x122fcd45> <pcomp> <accomp>]
Tue Mar 14 17:06:55 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe2f50f1d> <pcomp> <accomp>]
Tue Mar 14 17:06:55 2006 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe2f50f1d> <pcomp> <accomp>]
Tue Mar 14 17:06:55 2006 : sent [LCP EchoReq id=0x0 magic=0xe2f50f1d]
Tue Mar 14 17:06:55 2006 : sent [CHAP Challenge id=0xbf <cc4af73a9d88941b39418f9c31043e6c>, name = "osxvpn.local"]
Tue Mar 14 17:06:55 2006 : rcvd [LCP EchoReq id=0x0 magic=0x122fcd45]
Tue Mar 14 17:06:55 2006 : sent [LCP EchoRep id=0x0 magic=0xe2f50f1d]
Tue Mar 14 17:06:55 2006 : rcvd [LCP EchoRep id=0x0 magic=0x122fcd45]
Tue Mar 14 17:06:55 2006 : rcvd [CHAP Response id=0xbf <REDACTED>, name = "dpisoni"]
Tue Mar 14 17:06:55 2006 : sent [CHAP Success id=0xbf "S=REDACTED M=Access granted"]
Tue Mar 14 17:06:55 2006 : DSAccessControl plugin: User 'dpisoni' authorized for access
Tue Mar 14 17:06:55 2006 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Tue Mar 14 17:06:55 2006 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Tue Mar 14 17:06:55 2006 : sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Tue Mar 14 17:06:55 2006 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Tue Mar 14 17:06:55 2006 : MPPE 128-bit stateless compression enabled
Tue Mar 14 17:06:55 2006 : sent [IPCP ConfReq id=0x1 <addr 172.16.100.51>]
Tue Mar 14 17:06:55 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:06:55 2006 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Mar 14 17:06:55 2006 : ipcp: returning Configure-NAK
Tue Mar 14 17:06:55 2006 : sent [IPCP ConfNak id=0x1 <addr 172.16.6.2> <ms-dns1 172.16.5.100> <ms-dns3 172.16.5.100>]
Tue Mar 14 17:06:55 2006 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::0216:cbff:fe89:f062>]
Tue Mar 14 17:06:55 2006 : Unsupported protocol 0x8057 received
Tue Mar 14 17:06:55 2006 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 16 cb ff fe 89 f0 62]
Tue Mar 14 17:06:55 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:06:55 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:06:55 2006 : rcvd [IPCP ConfAck id=0x1 <addr 172.16.100.51>]
Tue Mar 14 17:06:55 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:06:55 2006 : rcvd [IPCP ConfReq id=0x2 <addr 172.16.6.2> <ms-dns1 172.16.5.100> <ms-dns3 172.16.5.100>]
Tue Mar 14 17:06:55 2006 : ipcp: returning Configure-ACK
Tue Mar 14 17:06:55 2006 : sent [IPCP ConfAck id=0x2 <addr 172.16.6.2> <ms-dns1 172.16.5.100> <ms-dns3 172.16.5.100>]
Tue Mar 14 17:06:55 2006 : ipcp: up
Tue Mar 14 17:06:55 2006 : found interface en0 for proxy arp
Tue Mar 14 17:06:55 2006 : local IP address 172.16.100.51
Tue Mar 14 17:06:55 2006 : remote IP address 172.16.6.2
Tue Mar 14 17:06:58 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:06:58 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:06:58 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:06:58 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:01 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:01 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:01 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:01 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:04 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:04 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:04 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:04 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:07 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:07 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:07 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:07 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:10 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:10 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:10 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:10 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:13 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:13 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:13 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:13 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:16 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:16 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:16 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:16 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:19 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:19 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:19 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:19 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:22 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:22 2006 : rcvd [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:22 2006 : sent [ACSCP] 04 01 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:22 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:25 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:25 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:25 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:25 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:28 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:28 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:31 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:31 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:31 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:31 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:34 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:34 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:34 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:34 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:37 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:37 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:37 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:37 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:40 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:40 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:40 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:40 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:43 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:43 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:43 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:43 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:46 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:46 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:46 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:46 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:49 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:49 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:49 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:49 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:52 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:52 2006 : rcvd [ACSCP] 01 02 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Tue Mar 14 17:07:52 2006 : sent [ACSCP] 04 02 00 0a 01 06 00 00 00 01
Tue Mar 14 17:07:52 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:55 2006 : sent [ACSCP] 01 01 00 04
Tue Mar 14 17:07:55 2006 : rcvd [ACSCP] 02 01 00 04
Tue Mar 14 17:07:55 2006 : rcvd [LCP TermReq id=0x2 "MPPE disabled"]
Tue Mar 14 17:07:55 2006 : LCP terminated by peer (MPPE disabled)
Tue Mar 14 17:07:55 2006 : ipcp: down
Tue Mar 14 17:07:55 2006 : sent [LCP TermAck id=0x2]
Tue Mar 14 17:07:55 2006 : rcvd [LCP TermReq id=0x3 "MPPE disabled"]
Tue Mar 14 17:07:55 2006 : sent [LCP TermAck id=0x3]
Tue Mar 14 17:07:55 2006 : Connection terminated.
Tue Mar 14 17:07:55 2006 : Connect time 1.1 minutes.
Tue Mar 14 17:07:55 2006 : Sent 0 bytes, received 8176 bytes.
Tue Mar 14 17:07:55 2006 : PPTP disconnecting...
Tue Mar 14 17:07:55 2006 : PPTP disconnected
2006-03-14 17:07:55 PST --> Client with address = 172.16.6.2 has hungup

After full system update ppp does not work anymore

Well, I have this problem:
1) I install Arch Linux from the latest Core
2) I manually install the latest versions of wvdial and its dependences (xplc and wvstreams). This is an offline installation (because I can't set up internet without wvdial. So I save these packages on USB drive, and there I lanch pacman -U *.pkg.tar.gz)
3) I set up my GPRS internet connection (I use a mobile phone)
Everything works well (i.e.: I can ping google without problem).
Problems arise if I decide to update my system. In this case, indeed, after updating and rebooting, my connection doesn't work no more. Everything works fine until I update. After update, I can say hello to my ppp.
Then, I add some some details.
These are the last lines of messages.log after a successful connection (i.e.: before the full update of my system)
pl2303 4-2:1.0: pl2303 converter detected
usb 4.2: pl2303 now attached to ttyUSB0
usbcore: registered new interface driver pl2303
pl2303: prolific pl2303 USB to serial adaptor driver
PPP generic driver version 2.4.2
NET: registered protocol family 10
lo: disabled privacy extensions
pppd 2.4.5 started by root, uid 0
using interface ppp0
connect ppp <-> /dev/ttyUSB0
PAP authenticate suceed
PPP BSD compression module registered
PPP deflate compression module registered
local IP address ...
remote ID address ...
primary DNS address ...
secondary DNS address ...
The last lines of messages.log after the update are:
pl2303 4-2:1.0: pl2303 converter detected
usb 4.2: pl2303 now attached to ttyUSB0
usbcore: registered new interface driver pl2303
pl2303: prolific pl2303 USB to serial adaptor driver
PPP generic driver version 2.4.2
NET: registered protocol family 10
lo: disabled privacy extensions
pppd 2.4.5 started by root, uid 0
As you can see, it's seems there are problems in "using ppp0 interface". Indeed, pppd starts, but ppp0 interface not. I can also add that ifconfig ppp0 up and similar commands do not work (ppp0: no such device, or something like that).
So, what can I do?

I don't use ppp so this is just a guess. However, after a recent upgrade I saw a message from pacman:
[2010-02-14 09:07] >>> The kernel-mode plugin has a new place.
[2010-02-14 09:07] >>> It's now located under /usr/lib/rp-pppoe/rp-pppoe.so
[2010-02-14 09:07] >>> Change LINUX_PLUGIN to the new path in your /etc/ppp/pppoe.conf
[2010-02-14 09:07] upgraded rp-pppoe (3.10-2 -> 3.10-4)
Could this be the problem?
Last edited by loafer (2010-02-23 20:01:29)

Native iOS L2TP VPN not working on Lion Server

Hi Folks,
I have a very strange issue concerning making VPN work on two iOS devices I have. I have recently setup Lion Server on a MacMini here in the office with L2TP VPN using a shared secrert phrase and a password authentication.
I have Lion running on an a MacBook Air (which I setup VPN using the provisioning profile "VPN.mobileprovision") and Snow Leopard running on an iMac. (VPN was set up manually). Both systems have been tested to work both inside and outsideof my internal network as I have tested with an air card.
I also have an iPhone running 4.3.4/4.3.5 that I setup by emailing the provisioning profile and and iPad 1 running iOS 5 beta 4 setup with the vpn provisioning profile. Neither the iPad nor iPhone seem to work at all either internally nor externally. In fact I never see any activity in the vpnd.log when I attempt to connect to with these devices. All I get is the standard "The L2TP-VPN server did not respond. Try reconnecting. ..."
Based on my success with the OSX Clients both inside and outside my local network I feel it is safe to say that I do not think the issue resides on the Lion Server nor the network/firewall configuration. I am running a Time Capsule with FW 7.5.2/7.4.2. There was no change in behavior with either version of the Time capsule firmware for the clients whether they were OSX or iOS. I must be clearly missing something here and I don't know what. Any help any of you could provide would be greatly appreciated. Thanks!
Please see the below settings for my VPN Settings on the host and iOS client
root# serveradmin settings vpn
vpn:vpnHost = ""
vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.pptp:enabled = no
vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"
vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.224"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.254"
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.l2tp:enabled = yes
vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>
vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.241"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.249"
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"

Issue is resolved. I used the initial random generated shared secret that was generated by Lion Server. The shared secret has special characters. IOS did not like the special characters. See iPhone Console Log below:
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: Reading configuration from "/etc/racoon/racoon.conf"
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: /var/run/racoon/68.9.232.78.conf:6: "?gLA" syntax error
Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: fatal parse failure (1 errors)
That is why I never saw any attempt to connect. The actual process would bomb out before attempting to make a connection to the server.
The shared secret key was:
Y|WNwvM_O"?gLA$F@adT
Looks like it was the " or the ? symbols.
Once I changed the shared secret key the issue went away and the iPhone and iPad could connect to vpn without issue.
Figured I'd let you all know

Netcfg2 with ppp (3G, UMTS) ?

Hey guys,
I'm currently using wvdial and a profile for that to bring up my 3G connection.
/etc/wvdial.conf
[Dialer Defaults]
Modem = /dev/ttyUSB0
Baud = 460800
[Dialer three]
Phone = *99***1#
Username = three.ie
Password = three.ie
Stupid Mode = 1
Dial Command = ATDT
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Init4 = AT+CGDCONT=1,"IP","3internet"
Auto DNS = off
Check DNS = off
How do I make use of netcfg2's PPP capabilities? I see it looks in /etc/ppp/peers/ for a config file there... I tried putting in PEER="wvdial" (there's such a file there) but that didn't work at all.
Any suggestions?

To use netcfg's ppp abilities, you can't use vwdial. You use pppd directly, by writing a peers file and a chat script. I've set up using my phone as a bluetooth modem, but I haven't actually tried yet if it works. But anyway, based on my knowledge this could work:
/etc/ppp/peers/three
connect "/usr/sbin/chat -f /etc/ppp/three.chat"
/dev/ttyUSB0
460800
crtscts
defaultroute
usepeerdns
noauth
novj
novjccomp
nobsdcomp
nopcomp
noaccomp
user three.ie
password three.ie
/etc/ppp/three.chat
TIMEOUT 35
ECHO ON
ABORT '\nBUSY\r'
ABORT '\nERROR\r'
ABORT '\nNO ANSWER\r'
ABORT '\nNO CARRIER\r'
ABORT '\nNO DIALTONE\r'
ABORT '\nRINGING\r\n\r\nRINGING\r'
'' \rAT
OK 'AT+CGDCONT=1,"IP","3internet"'
OK ATD*99***1#
CONNECT ""
/etc/network.d/three
CONNECTION="ppp"
PEER="three"
What I *do* know that works is setting up pppoe. It's very similar, the peers file has a few different options in it and there's no chat script, but otherwise same principle.

L2TP / PPP & peer refused to authenticate

Similar Messages

Maybe you are looking for