Non L2TP PPTP VPN?
Is it possible via the gui? So I can have a nice clickable icon in my menubar instead of using the Cisco client application?
I received the same error message on my mbp "VPN Server can not be reached". I can connect to my VPN server with my iOS device and 10.8 Mac OS laptop fine.
Open terminal, type : sudo chmod 555 /usr/sbin/racoon
It works for me. I am on 10.9.3.
Similar Messages
-
i had go in add in vpn configuration. so that is L2tp/pptp/ipse. what am i have to write on my description/ server / account.
For what it's worth, you posted this in 2011, and here in 2014 I am still having this same issue. Over the last two days, I have had to unlock my apple account 8 times. I didn't get any new devices. I haven't initiated a password reset. I didn't forget my password. I set up two factor authentication and have been able to do the unlocking with the key and using a code sent to one of my devices.
That all works.
It's this having to unlock my account every time I go to use any of my devices. And I have many: iMac, iPad, iPad2, iPad mini, iPhone 5s, iPod touch (daughter), and my old iPhone 4 being used as an ipod touch now. They are all synced, and all was working just fine.
I have initiated an incident with Apple (again) but I know they are just going to suggest I change my Apple ID. It's a simple one, and one that I am sure others think is theirs. I don't want to change it. I shouldn't have to. Apple should be able to tell me who is trying to use it, or at least from where.
Thanks for listening,
Melissa -
Looking for help to set up l2tp Ipsec vpn on asa 5055
I am trying to set up a L2tp Ipsec vpn on asa 5055 and I am using windows 8.1 build in VPN client to connect to it. I got the following error. Anyone has experence please help.
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, All IPSec SA proposals found unacceptable!
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending notify message
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing blank hash payload
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing ipsec notify payload for msg id 1
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing qm hash payload
Apr 17 22:48:21 [IKEv1]IP = 209.171.88.81, IKE_DECODE SENDING Message (msgid=6a50f8f9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, QM FSM error (P2 struct &0xad6946b8, mess id 0x1)!
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE QM Responder FSM error history (struct &0xad6946b8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2,
EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2,
EV_COMP_HASH
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending delete/delete with reason message
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, Removing peer from correlator table failed, no match!
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE SA MM:d8870fa5 rcv'd Terminate: state MM_ACTIVE flags 0x00000042, refcnt 1, tuncnt 0
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE SA MM:d8870fa5 terminating: flags 0x01000002, refcnt 0, tuncnt 0
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending delete/delete with reason message
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing blank hash payload
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing IKE delete payload
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing qm hash payload
Apr 17 22:48:21 [IKEv1]IP = 209.171.88.81, IKE_DECODE SENDING Message (msgid=232654dc) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, Session is being torn down. Reason: Phase 2 Mismatch
I am new to this so I don't know what I should do next. ThanksHere it is. Thanks.
CL-T179-12IH# show run crypto
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint vpn
enrollment self
subject-name CN=174.142.90.17
crl configure
crypto ca trustpool policy
crypto ca certificate chain vpn
certificate 2d181c55
308201ff 30820168 a0030201 0202042d 181c5530 0d06092a 864886f7 0d010105
05003044 31163014 06035504 03130d31 37342e31 34322e39 302e3137 312a3028
06092a86 4886f70d 01090216 1b434c2d 54313739 2d313249 482e7072 69766174
65646e73 2e636f6d 301e170d 31353034 31363033 31393439 5a170d32 35303431
33303331 3934395a 30443116 30140603 55040313 0d313734 2e313432 2e39302e
3137312a 30280609 2a864886 f70d0109 02161b43 4c2d5431 37392d31 3249482e
70726976 61746564 6e732e63 6f6d3081 9f300d06 092a8648 86f70d01 01010500
03818d00 30818902 818100bf 797d1cc1 cfffc634 8c3b2a4b ce27b1c9 3fc3e026
4f6cd8f4 c9675aca b5176cef 7f3df142 35ba4e15 2613d34c 91bb5da3 14b34b6c
71e4ff44 f129046f 7f91e73f 2c9d42f9 93001559 ea6c71c1 1a848073 15da79f7
a41081ee b4cd3cc3 baa7a272 3a5fb32d 66dedee6 5994d4b2 ad9d7489 44ec9eb9
44038a2a 817e935f 1bb7ad02 03010001 300d0609 2a864886 f70d0101 05050003
8181002c 6cee9ae7 a037698a 5690aca1 f01c87db 04d9cbc6 65bda6dc a17fc4b6
b1fd419e 56df108f b06edfe6 ab5a5eb3 5474a7fe 58970da3 23e6bc6e 36ab8f62
d5c442bf 43581eb3 26b8cf26 6a667a8b ddd25a73 a094f0d0 65092ff8 d2a644d8
3d7da7ca efeb9e2f 84807fdf 0cf3d75e bcb65ba4 7b51cb49 f912f516 f95b5d86
da0e01
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint vpn
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400 -
[Solved] NetworkManager-pptp VPN not working after update to 0.9.10
Hello,
I have a PPTP VPN set up and it's been working for a long time. However, after I updated last night to networkmanager-0.9.10, it is no longer able to connect to the remote network. I can activate the VPN connection, enter my password, but after a short period of time, the connection reports: "Error: Connection activation failed: the VPN service returned invalid configuration." As I mentioned before, this VPN was working right before the update and I didn't change the configuration on either my computer or the destination network so I'm pretty sure that this is something to do with the update. I'm wondering if anybody else has run into this problem and if they've been able to find a solution. I've been searching all over these forums and the internet for some hours now and I haven't found anything yet. I'm hoping that somebody might be able to point me in the right direction or maybe know of something that might have changed with the new update.
Here is my VPN configuration (using NetworkManager-PPTP. I've also obscured the public IP address):
[connection]
id=MyVPN
uuid=fe6e6265-1a79-4a69-b6d1-8b47e9d4c948
type=vpn
permissions=user:greyseal96:;
autoconnect=false
timestamp=1408950986
[vpn]
service-type=org.freedesktop.NetworkManager.pptp
gateway=192.168.146.114
require-mppe=yes
user=greyseal96
password-flags=3
[ipv6]
method=auto
[ipv4]
method=auto
route1=10.17.0.0/16,10.17.1.1,1
never-default=true
Here are my logs during the time that I tried to connect:
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> Starting VPN service 'pptp'...
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 1938
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' appeared; activating connections
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN plugin state changed: starting (3)
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: pppd started with pid 1945
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (Connect) reply received.
Aug 24 23:44:21 MyArchBox pppd[1945]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
Aug 24 23:44:21 MyArchBox pppd[1945]: pppd 2.4.6 started by root, uid 0
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Aug 24 23:44:21 MyArchBox pppd[1945]: Using interface ppp0
Aug 24 23:44:21 MyArchBox pppd[1945]: Connect: ppp0 <--> /dev/pts/2
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Using interface ppp0
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Connect: ppp0 <--> /dev/pts/2
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 10)
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/9
Aug 24 23:44:21 MyArchBox pptp[1947]: nm-pptp-service-1938 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 50048).
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 6 / phase 'authenticate'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): passwd-hook, requesting credentials...
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): got credentials from NetworkManager-pptp
Aug 24 23:44:25 MyArchBox pppd[1945]: CHAP authentication succeeded
Aug 24 23:44:25 MyArchBox NetworkManager[578]: CHAP authentication succeeded
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE 128-bit stateless compression enabled
Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE 128-bit stateless compression enabled
Aug 24 23:44:25 MyArchBox pppd[1945]: Cannot determine ethernet address for proxy ARP
Aug 24 23:44:25 MyArchBox pppd[1945]: local IP address 10.17.10.3
Aug 24 23:44:25 MyArchBox pppd[1945]: remote IP address 10.17.10.1
Aug 24 23:44:25 MyArchBox pppd[1945]: primary DNS address 10.17.2.22
Aug 24 23:44:25 MyArchBox pppd[1945]: secondary DNS address 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN Gateway: 192.168.146.114
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Tunnel Device: ppp0
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> IPv4 configuration:
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Address: 10.17.10.3
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Prefix: 32
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Point-to-Point Address: 10.17.10.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Maximum Segment Size (MSS): 0
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Static Route: 10.17.0.0/16 Next Hop: 10.17.1.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Forbid Default Route: yes
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal DNS: 10.17.2.22
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal DNS: 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> DNS Domain: '(none)'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> No IPv6 configuration
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.481618] [platform/nm-linux-platform.c:1716] add_object(): Netlink error adding 10.17.0.0/16 via 10.17.1.1 dev ppp0 metric 1 mss 0 src user: Unspecific failure
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <warn> VPN connection 'MyVPN' did not receive valid IP config information.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Cannot determine ethernet address for proxy ARP
Aug 24 23:44:25 MyArchBox NetworkManager[578]: local IP address 10.17.10.3
Aug 24 23:44:25 MyArchBox NetworkManager[578]: remote IP address 10.17.10.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: primary DNS address 10.17.2.22
Aug 24 23:44:25 MyArchBox NetworkManager[578]: secondary DNS address 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 9 / phase 'running'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): ip-up event
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): sending Ip4Config to NetworkManager-pptp...
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: PPTP service (IP Config Get) reply received.
Aug 24 23:44:25 MyArchBox pppd[1945]: Terminating on signal 15
Aug 24 23:44:25 MyArchBox pppd[1945]: Modem hangup
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Aug 24 23:44:25 MyArchBox pppd[1945]: Connect time 0.0 minutes.
Aug 24 23:44:25 MyArchBox pppd[1945]: Sent 0 bytes, received 0 bytes.
Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE disabled
Aug 24 23:44:25 MyArchBox pppd[1945]: Connection terminated.
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox NetworkManager[578]: inet 10.17.0.0/16 table main
Aug 24 23:44:25 MyArchBox NetworkManager[578]: priority 0x1 protocol static
Aug 24 23:44:25 MyArchBox NetworkManager[578]: nexthop via 10.17.1.1 dev 10
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487073] [platform/nm-linux-platform.c:2252] link_change(): Netlink error changing link 10: <DOWN> mtu 0 (1) driver 'unknown' udi '/sys/devices/virtual/net/ppp0': No such device
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487153] [platform/nm-linux-platform.c:1777] delete_object(): Netlink error deleting 10.17.10.3/32 lft forever pref forever lifetime 1862-0[4294967295,4294967295] dev ppp0 src kernel: No such device (-31)
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: Terminated ppp daemon with PID 1945.
Aug 24 23:44:25 MyArchBox kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev- instead.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Terminating on signal 15
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Modem hangup
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connect time 0.0 minutes.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Sent 0 bytes, received 0 bytes.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE disabled
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 10 / phase 'terminate'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connection terminated.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
Aug 24 23:44:25 MyArchBox pppd[1945]: Exit.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** (nm-pptp-service:1938): WARNING **: pppd exited with error code 16
Aug 24 23:44:45 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' disappeared
If you've gotten this far, thank you for taking the time to read through all this! Any help that you can give would be much appreciated.
Last edited by greyseal96 (2014-08-27 15:20:02)Hmm, not sure about the 3.16 series kernel, but I found that when I upgraded to kernel 3.18 the PPTP VPN also stopped working. This time, though, it was because, for some reason, there was a change in kernel 3.18 where the firewall kernel modules necessary for the VPN don't get loaded so the firewall won't allow some of the PPTP traffic from the remote side back in. Since the firewall is stateful, these modules need to be loaded so that the firewall can know that the incoming PPTP traffic from the remote side is part of an existing connection. Here's what my network manager logs looked like:
NetworkManager[619]: <info> Starting VPN service 'pptp'...
NetworkManager[619]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 31139
NetworkManager[619]: <info> VPN service 'pptp' appeared; activating connections
NetworkManager[619]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
NetworkManager[619]: <info> VPN plugin state changed: starting (3)
NetworkManager[619]: ** Message: pppd started with pid 31148
NetworkManager[619]: <info> VPN connection 'MyVPN' (Connect) reply received.
pppd[31148]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
NetworkManager[619]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
pppd[31148]: pppd 2.4.7 started by root, uid 0
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
pppd[31148]: Using interface ppp0
pppd[31148]: Connect: ppp0 <--> /dev/pts/5
NetworkManager[619]: Using interface ppp0
NetworkManager[619]: Connect: ppp0 <--> /dev/pts/5
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
NetworkManager[619]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 7)
NetworkManager[619]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/6
pptp[31150]: nm-pptp-service-31139 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 25344).
pppd[31148]: LCP: timeout sending Config-Requests <===HERE IS WHERE THE CONNECTION FAILS BECAUSE THE MODULES AREN'T LOADED.
pppd[31148]: Connection terminated.
NetworkManager[619]: LCP: timeout sending Config-Requests
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
NetworkManager[619]: Connection terminated.
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
pppd[31148]: Modem hangup
pppd[31148]: Exit.
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: Modem hangup
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: <info> VPN plugin state changed: stopped (6)
NetworkManager[619]: <info> VPN plugin state change reason: unknown (0)
NetworkManager[619]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
NetworkManager[619]: ** (nm-pptp-service:31139): WARNING **: pppd exited with error code 16
NetworkManager[619]: <info> VPN service 'pptp' disappeared
To fix this, I had to add a file to the /etc/modules-load.d directory to have the modules loaded into the kernel at boot. I just created a file called netfilter.conf and put the following in it:
nf_nat_pptp
nf_conntrack_pptp
nf_conntrack_proto_gre
Not sure if this addresses your problem or not, but maybe it's worth a look. -
Has anyone got PPTP VPN to work on Lion Server?
Has anyone got PPTP VPN to work on Lion Server?
I had a go with the terminal commnds posted by apple support but no joy. Since then Apple has pulled the suport article - is it because it didn't work?
I get PPTP is less secure but PPTP seems to be more reliable don't know whey they can't keep as GUI. I've got them both running on our 10.4 server and L2TP stoped allowing connections for no reason PPTP was still working L2TP started working again on its own. Plus L2TP drops my connection when I connect with a 2nd device e.g connected with my Macbook connect with my iPhone (different username) it drops my Macbook.
Any advice getting PPTP to work on Lion Server would be appreciated
Thanks
BenHi,
I have posted a bugreport on this issue to Apple. Currently (10.7.2) it is not possible to run PPTP on any Mac OS X Server when using a 10.7 Server as Directory Server.
I have tried 'everything', but the MPPE encryption mechanism seems to be broken.
Edit: I see now that the bugreport is filed as a duplicate to an older case, which is now closed. I hope this means they have found the problem and will release a fix in the next update. -
IVPN starts, but "the pptp-vpn server did not respond. Try reconnecting."
Hi. I am new to VPN, and I just got the software iVPN from Macserve, and the server starts successfully, using either PPTP or L2TP:
But the connections from my network do not connect. Every time I click on "connect" for either network connection, I get the error "the pptp-vpn server did not respond. Try reconnecting."
I set up both connections in my Network Preferences according to the support page (http://macserve.org.uk/support/ivpn/):
My Airport Express configurations have never given me any problems with my home network:
And I think that I forwarded the ports properly (even though my firewall is not activated):
What am I doing wrong?The Apple routers can be a problem on vpn passthrough.
Ports that are required for vpn are more complicated ..
See earlier post.. eg How do I set up L2TP VPN?
Ports for PPTP which you have opened manually.. are not valid for L2TP.. so you need several more ports opened.
The problematic ones are GRE and ESP which are protocols not ports.
I think you can pretty well assume the apple router running anything that has BTMM in it won't work.. since it will need the port 500 for itself.
On the old express try going back to 7.6.1 firmware.. I have to say I don't use the express.. lots of extreme and TC.. so their firmware issues are slightly different so firmware versions for the express are somewhat different.
Try not to use both port forwards (mapping if you must).. and DMZ.. they can fight each other.. if DMZ doesn't work it is better to turn it right off and forward all the required ports.
Let me recommend a test.
Plug your cable modem directly into the computer running the VPN.. so you have no NAT router in front of it.
Pay attention to the local firewall that apple runs and what ports you will need to open on it to get vpn to work.. this is your best chance to get remote vpn running. If you fail with the public IP on the computer it will certainly fail through NAT.. and generally local firewall will be an issue.
You should of course test that a client in the local lan can connect by the vpn.. it is always worth testing from the easiest configuration to the most complex.
So local lan just as you have now..
Then direct cable connection to the computer.
Then NAT router.. but you can pretty well assume apple routers are going to be problematic because apple want to dally at BTMM using same ports as IPSEC uses for L2TP.
My email is live.. roll your mouse over it and talk to me direct.. -
Trouble about vpn connecting (PPTP VPN did not respond)
I am new in mac. These days I have searched a lot on line for the solution to this problem but none fixed it. So....
Our lab only have an instruciton for connecting vpn under windows and I succeeded to do this by following this in windwos 7.
There is a host name instead of ip address in the instruciton and I think that should not be the problem.
And in the protocol of TCP/IP property settings, the user was asked to Remove the tick before “Use default gateway on remote network”. Besides, in the instruction, it sets to obtain the IP address and DNS address automatically, so that I do not have such inforamtion about the server of our lab.
In my new macbook pro (Mac ox lion 10.7.3), I did the following things:
1. in system properties->network, Select the + button at the bottom left of the screen to add a new connection.
2. Select the following:
a. Interface: VPN
b. VPN Type: PPTP
c. Service Name: SAS VPN
d. Select Create.
3. Configuration: default
server address: host name “xxx.xx.xxxx.xx”
account name: (I am sure there is no error in this)
encryptiong: none
4. click Authorization settings to input the password.
5. Click the Advanced button. and Select Options. Verify Send all traffic over VPN connection is checked. (and is not checked ) (I tried both, none of them worked). About the other seetings.
6. On the TCP/IP tab, set "Configure IPv4" to "Using PPP." So I can not input the DNS server information.
7. click apply and then try to connect.
However, it returned me an error said " PPTP-VPN server did not respond. Try to reconnect. If that continues....."
I think there are lots of experts in mac os x. Can anyone here help me with this? Thanks a lot in advance!>> encryptiong: none
I found out, that you NEED the encryption in Lion Server VPN.
I understand, that you use Lion Server as you mention the problem here in the Lion Server section.
I do the following: Install the "Admin Tool VPN" from App-Store for some Euros. Than I found section PPTP and there is a check for
a) Active
b) Compression and Encryption
I take the check for b) out and restart (Off / On), took my XP-Notebook and connected via PPTP and all working!
Since Lion Apple hide a lot of things from the official tools and if you have some special tools, you can activate function. There is
Level 1, the userlevel: Something like Dashboard in the new MS-Servers or the Server App in the new Lion Server
Level 2, the administrator level: The difference between Server App and Server Admin! The Server Tools you need download separatly as you know after a while, something is missing. Same with the new Airport Utility: Userlevel tool = AU 6.0 with grafical fun and some basics, AU 5.6 is the tool for the admin what you separtly need download.
Level 3, the special deeper view: Typically it is the command line interface, CLI, but if you need some GUI (grafical user interface), you buy an App like Admin VPN Tool and this tool (App for some Euros) in real does nothing else than comfortably set some inside switches and flags that the offical GUI admin tools not have realized.
Why?
Oh, I think it's because security issues. You want the Mac Server become like a Microsoft Server? So, you shouldn't use not encrypted connections and that's (in my understanding) the reason why the Lion Server EXPECTS YOU to use encryption and the official tools not give you the oportunity to switch the encryption off! -
PPTP VPN doesn't work on iOS 6
I just tried to set up my iPad 2 (on iOS6) for an already working PPTP VPN server on my DD-WRT and found out that it doesn't work anymore (apparently somethings changed after iOS 4.3 according to tons of blogs on the net) There seems to be a few solutions about adding a couple entries to /tmp/pptpd/options.pptpd but none of these worked for me on iOS 6. Is there anyone knows a solution to this problem?
Note: nopcomp, noaccomp, default-asyncmap, mru 1400, mtu 1400 options do not work nor doesn't seem to help a bit at all, by looking at the dd-wrt log output. Most people claim these options make it work for iOS 5, but didn't work for me.Yeah, resurrecting old thread here...
I was having similar problems with iOS6 and my DDWRT running on Buffalo WZR-600DHP. After I changed the mtu & mru to 1400, it worked. It was driving me nuts before. -
PPTP VPN is broken on Yosemite
Does anyone have a fix for PPTP VPN. Works great on another Mac running Mavericks right next to the Mac running Yosemite.
Created a PPTP VPN network setting same as the Mavericks computer, connecting to the same server at work (running Watchguard PPTP) and it never connects.Hi BW,
I do use DHCP on the client and I did try "Send all traffic...", it still never connects... I thought it was an issue with the password/handshake between Yosemite and the Watchguard (remote VPN server) firewall PPTP protocol... But now I see that a previously working (in Mavericks) PPTP VPN between my office computer and my home computer now refuses to connect. There is also a bug in the Yosemite (Show VPN in Apple Menu Bar) when you first try click connect to your selected VPN, it automatically thinks you're connected (but it doesn't do anything) so you need to disconnect then reconnect for anything to actually happen... Unfortunately, it still does not acknowledge the VPN, just says "A connection could not be established...". I going to try and packet sniff to find a solution and also try to use an L2TP, maybe that will work. -
How do I reconnect my PPTP vpn after upgrading to Yosemite
How do I reconnect my PPTP vpn after upgrading to Yosemite on my mac mini
See:
http://kb.mozillazine.org/Locked_or_damaged_places.sqlite
http://kb.mozillazine.org/Lost_bookmarks -
How to configure Multiple PPTP VPN Clients on cisco 3g supported Router
I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
here is the config for the one that works:
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip xxx.xxx.xxx.xxx
interface Dialer0
mtu 1450
ip address negotiated
ip pim dense-mode
ip nat outside
ip virtual-reassembly
zone-member security private
encapsulation ppp
ip igmp query-interval 125
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap-v2 ms-chap eap chap pap callin
ppp eap refuse
ppp chap hostname xxx@xxx
ppp chap password 7 xxxpassword
But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
here is the config for the one that works:
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip xxx.xxx.xxx.xxx
interface Dialer0
mtu 1450
ip address negotiated
ip pim dense-mode
ip nat outside
ip virtual-reassembly
zone-member security private
encapsulation ppp
ip igmp query-interval 125
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap-v2 ms-chap eap chap pap callin
ppp eap refuse
ppp chap hostname xxx@xxx
ppp chap password 7 xxxpassword
But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available. -
I've got a NAS setup with various services running on custom ports to help minimize exposure (especially to script kiddies). I've tested everything both internally and externally to confirm they all work, and even had someone at a remote location confirm accessibility as well. Port forward configurations performed on the Actiontec are working well.
I installed an L2TP/IPSec VPN server, tested internally and it connected successfully. So for all intents & purposes, this validates that the VPN server is correctly configured to accept inbound connections and functioning correctly.
I logged into the Verizon Actiontec MI424WR router, setup port forwarding for UDP ports 500, 1701 & 4500.
Note: I added the AH & ESP protocols based on what I saw on the built-in L2TP/IPSec rules
With the port forwarding in place, I tested VPN externally but it didn't connect.
I've done the following so far to no avail:
Double & triple checked the port forwards, deleted & recreated the rules a few times to be sure
There are no other pre-existing L2RP/IPSec port forward rules or otherwise conflicting port forward rules (e.g.: another rule for ports 500, 1701 or 4500)
There was an L2TP port triggering rule enabled, that I toggled on and off with no change
Verified the firewall on VPN server had an exclusion for L2TP, or that the firewall is off. (Firewall is off to reduce a layer of complexity, but it worked internally to begin with so I doubt that's the issue.)
Since it works internally, and there are no entries in the logs on the device indicating inbound connections, I'm convinced its an issue with the Verizon Actiontec router. But unfortunately, I'm not sure what else to try or where else to look to troubleshoot this. For instance, is there a log on the router that I can view in real time (e.g.: tail) that would show me whether or not the inbound connection attempt is reaching the device, and whether or not the device allowed or blocked it?
My router details:
Verizon Actiontec
MI424WR-GEN2
Revision E
Firmware 20.21.0.2
Verizon Actiontec built-in L2TP/IPSec rule templates. They're not currently in use, but are baked into the firmware for easy configuration/selection from a drop down menu.
Solved!
Go to Solution.normally a vpn on that router, will have a GRE tunneling protocol as well.
two ways to build the PF rules,
Manually
Preconfigured
I know the preconfigured VPN rules will do the GRE protocol as well, but if you do it by hand you can't get it. -
Problem with L2TP IPSEC VPN login...
Hello,
I have a problem with my trying to login on my laptop to my work vpn. I was given from my work, the vpn's ip address, the psk, my username, and password for the vpn. I feel like I am hitting a brick wall and makes me just want to forget it all together... I can get in with my info on this same laptop on the same connection at my apartment from my windows 8.1 partition just fine. I have also verified and triple checked all my vpn information required. I also don't know but I think have it setup to use PAP, MS CHAP, or MS CHAP v2.. Any help I would be greatly appreciated. Pretty much the way my VPN for my work works is you have to VPN on L2TP over IPSEC with a username and password and a psk to allow you to remote desktop to my desktop at work. Really wish this could work as I am tired of supporting windows at home when I pretty much only use it to VPN into work when I have to get work done...
pacman -Q openswan
openswan 2.6.41-1
pacman -Q xl2tpd
xl2tpd 1.3.6-1
uname -a
Linux tux 3.17.1-1-ARCH #1 SMP PREEMPT Wed Oct 15 15:04:35 CEST 2014 x86_64 GNU/Linux
Now I have all the configs setup below following the L2TP/IPsec VPN client setup arch wiki page and I keep getting this:
ipsec auto --up <vpn connection name>
022 "<vpn connection name>": We cannot identify ourselves with either end of this connection.
my process to run the vpn connection:
sudo systemctl start openswan
sudo systemctl start xl2tpd
ipsec auto --up <vpn connection name>
echo "c <vpn connection name>" > /var/run/xl2tpd/l2tp-control
how I added my vpn connection:
sudo ipsec auto --add <vpn connection name>
/etc/xl2tpd/xl2tpd.conf
[global]
; listen-addr = <my ip address>
debug avp = no
debug network = no
debug packet = no
debug state = no
debug tunnel = no
[lac <vpn connection name>]
lns = <vpn ip address>
pppoptfile = /etc/ppp/<vpn connection name>.options.xl2tpd
length bit = no
redial = no
/etc/ppp/<vpn connection name>.options.xl2tpd
plugin passprompt.so
ipcp-accept-local
ipcp-accept-remote
idle 72000
ktune
noproxyarp
asyncmap 0
noauth
crtscts
lock
hide-password
modem
noipx
ipparam L2tpIPsecVpn-<vpn connection name>
promptprog "/usr/bin/L2tpIPsecVpn"
refuse-eap
remotename ""
name "<vpn username>"
password <vpn password>
usepeerdns
/etc/ipsec.secrets
%any @<vpn ip address>: PSK <psk key here>
Last edited by adramalech (2014-10-25 04:53:46)Hello,
I have a problem with my trying to login on my laptop to my work vpn. I was given from my work, the vpn's ip address, the psk, my username, and password for the vpn. I feel like I am hitting a brick wall and makes me just want to forget it all together... I can get in with my info on this same laptop on the same connection at my apartment from my windows 8.1 partition just fine. I have also verified and triple checked all my vpn information required. I also don't know but I think have it setup to use PAP, MS CHAP, or MS CHAP v2.. Any help I would be greatly appreciated. Pretty much the way my VPN for my work works is you have to VPN on L2TP over IPSEC with a username and password and a psk to allow you to remote desktop to my desktop at work. Really wish this could work as I am tired of supporting windows at home when I pretty much only use it to VPN into work when I have to get work done...
pacman -Q openswan
openswan 2.6.41-1
pacman -Q xl2tpd
xl2tpd 1.3.6-1
uname -a
Linux tux 3.17.1-1-ARCH #1 SMP PREEMPT Wed Oct 15 15:04:35 CEST 2014 x86_64 GNU/Linux
Now I have all the configs setup below following the L2TP/IPsec VPN client setup arch wiki page and I keep getting this:
ipsec auto --up <vpn connection name>
022 "<vpn connection name>": We cannot identify ourselves with either end of this connection.
my process to run the vpn connection:
sudo systemctl start openswan
sudo systemctl start xl2tpd
ipsec auto --up <vpn connection name>
echo "c <vpn connection name>" > /var/run/xl2tpd/l2tp-control
how I added my vpn connection:
sudo ipsec auto --add <vpn connection name>
/etc/xl2tpd/xl2tpd.conf
[global]
; listen-addr = <my ip address>
debug avp = no
debug network = no
debug packet = no
debug state = no
debug tunnel = no
[lac <vpn connection name>]
lns = <vpn ip address>
pppoptfile = /etc/ppp/<vpn connection name>.options.xl2tpd
length bit = no
redial = no
/etc/ppp/<vpn connection name>.options.xl2tpd
plugin passprompt.so
ipcp-accept-local
ipcp-accept-remote
idle 72000
ktune
noproxyarp
asyncmap 0
noauth
crtscts
lock
hide-password
modem
noipx
ipparam L2tpIPsecVpn-<vpn connection name>
promptprog "/usr/bin/L2tpIPsecVpn"
refuse-eap
remotename ""
name "<vpn username>"
password <vpn password>
usepeerdns
/etc/ipsec.secrets
%any @<vpn ip address>: PSK <psk key here>
Last edited by adramalech (2014-10-25 04:53:46) -
Help needed to connect to remote PPTP VPN via PIX 515e
Hello,
A user in our office needs to connect to a client's remote PPTP VPN but can't connect. The user is running Windows 7. We have a Cisco PIX 515e firewall that is running PIX Version 6.3(3) - this is what our user is having to go through to try and make the connection to the client's remote VPN.
The client's network guys have come back and said the issue is at our side. They say that they can see some of our traffic but not all of it. The standard error is shown below, and they say it's symptomatic of the client-side firewall not allowing PPTP traffic:
"A connection between the VPN server and the VPN client XXX.XXX.XXX.XXX has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets."
I have very little firewall experience and absolutely no Cisco experience I'm afraid. From looking at the PIX config I can see the following line:
fixup protocol pptp 1723.
Does this mean that the PPTP protcol is enabled on our firewall? Is this for both incoming and outgoing traffic?
I can see no reference to GRE 47 in the PIX config. Can anyone advise me what I should look for to see if this has been enabled or not?
I apologise again for my lack of knowledge. Any help or advice would be very gratefully received.
RosHi Eugene,
Thank you for taking the time to reply to me. Please see our full PIX config below. I've XX'd out names and IP addresses as I'm never comfortable posting those type of details in a public forum. I hope that the information below is still sufficient for you.
Thanks again for your help,
Ros
PIX(config)# en
Not enough arguments.
Usage: enable password [] [level ] [encrypted]
no enable password level
show enable
PIX(config)# show config
: Saved
: Written by enable_15 at 10:30:31.976 GMT/BDT Mon Apr 4 2011
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security10
enable password XXX encrypted
passwd XXX encrypted
hostname PIX
domain-name XXX.com
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name XX.XX.XX.XX Secondary
access-list outside_access_in permit tcp XX.XX.XX.XX 255.255.255.240 host XX.XX.XX.XX eq smtp
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq https
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 993
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 587
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 82
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 8082
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.0.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl deny udp any any eq 135
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_40 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_60 permit ip any XX.XX.XX.XX 255.255.255.0
access-list USER1 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_10 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_20 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_30 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_50 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_70 permit ip any XX.XX.XX.XX 255.255.0.0
access-list USER2 permit ip any XX.XX.XX.XX 255.255.255.0
access-list USER3 permit ip any XX.XX.XX.XX 255.255.255.0
access-list USER4 permit ip any XX.XX.XX.XX 255.255.0.0
pager lines 24
logging on
logging host inside XX.XX.XX.XX
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip address outside XX.XX.XX.XX 255.255.255.248
ip address inside XX.XX.XX.XX 255.255.255.0
no ip address DMZ
ip audit info action alarm
ip audit attack action alarm
pdm location XX.XX.XX.XX 255.255.255.255 inside
pdm location XX.XX.XX.XX 255.255.0.0 outside
pdm location XX.XX.XX.XX 255.255.255.0 outside
pdm logging debugging 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX 1
route inside XX.XX.XX.XX 255.255.0.0 XX.XX.XX.XX 1
timeout xlate 3:00:00
timeout conn 2:00:00 half-closed 0:30:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
ntp authenticate
ntp server XX.XX.XX.XX source outside prefer
http server enable
http XX.XX.XX.XX 255.255.0.0 outside
http XX.XX.XX.XX 255.255.255.0 outside
http XX.XX.XX.XX 255.255.255.255 inside
snmp-server host inside XX.XX.XX.XX
no snmp-server location
no snmp-server contact
snmp-server community XXX
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map cola 20 set transform-set ESP-3DES-MD5
crypto dynamic-map dod 10 set transform-set ESP-3DES-MD5
crypto map outside_map 10 ipsec-isakmp dynamic cola
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer XX.XX.XX.XX
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 25 ipsec-isakmp
crypto map outside_map 25 match address USER1
crypto map outside_map 25 set peer XX.XX.XX.XX
crypto map outside_map 25 set transform-set ESP-3DES-MD5
crypto map outside_map 30 ipsec-isakmp
crypto map outside_map 30 match address outside_cryptomap_30
crypto map outside_map 30 set peer XX.XX.XX.XX
crypto map outside_map 30 set transform-set ESP-3DES-MD5
crypto map outside_map 40 ipsec-isakmp
crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set peer XX.XX.XX.XX
crypto map outside_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 50 ipsec-isakmp
crypto map outside_map 50 match address outside_cryptomap_50
crypto map outside_map 50 set peer XX.XX.XX.XX
crypto map outside_map 50 set transform-set ESP-3DES-MD5
crypto map outside_map 60 ipsec-isakmp
crypto map outside_map 60 match address outside_cryptomap_60
crypto map outside_map 60 set peer XX.XX.XX.XX
crypto map outside_map 60 set transform-set ESP-3DES-MD5
crypto map outside_map 70 ipsec-isakmp
crypto map outside_map 70 match address outside_cryptomap_70
crypto map outside_map 70 set peer XX.XX.XX.XX
crypto map outside_map 70 set transform-set ESP-3DES-MD5
crypto map outside_map 75 ipsec-isakmp
crypto map outside_map 75 match address USER4
crypto map outside_map 75 set peer XX.XX.XX.XX
crypto map outside_map 75 set transform-set ESP-3DES-MD5
crypto map outside_map 80 ipsec-isakmp
crypto map outside_map 80 match address USER2
crypto map outside_map 80 set peer XX.XX.XX.XX
crypto map outside_map 80 set transform-set ESP-3DES-MD5
crypto map outside_map 90 ipsec-isakmp
crypto map outside_map 90 match address USER3
crypto map outside_map 90 set peer XX.XX.XX.XX
crypto map outside_map 90 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet XX.XX.XX.XX 255.255.0.0 outside
telnet XX.XX.XX.XX 255.255.255.255 inside
telnet XX.XX.XX.XX 255.255.255.255 inside
telnet XX.XX.XX.XX 255.255.255.255 inside
telnet timeout 30
ssh XX.XX.XX.XX 255.255.255.248 outside
ssh XX.XX.XX.XX 255.255.255.248 outside
ssh timeout 30
management-access inside
console timeout 0
terminal width 80
Cryptochecksum:XXX
PIX(config)# -
[SOLVED] l2tp-ipsec-vpn-daemon from AUR fails to build
Please let me know if there are other details that require posting:-
==> Starting build()...
/usr/bin/qmake -o qttmp-Release.mk -after "OBJECTS_DIR=build/Release" "DESTDIR=dist/Release" nbproject/qt-Release.pro
mv -f qttmp-Release.mk nbproject/qt-Release.mk
make -f nbproject/qt-Release.mk dist/Release/L2tpIPsecVpnControlDaemon
make[1]: Entering directory '/tmp/yaourt-tmp-nimda/aur-l2tp-ipsec-vpn-daemon/src/l2tp-ipsec-vpn-daemon'
g++ -c -pipe -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -Wall -W -D_REENTRANT -fPIE -DQT_NO_DEBUG -DQT_NETWORK_LIB -DQT_CORE_LIB -I/usr/lib/qt/mkspecs/linux-g++ -Inbproject -isystem /usr/include/qt -isystem /usr/include/qt/QtNetwork -isystem /usr/include/qt/QtCore -Isrc/generated -I. -o build/Release/main.o src/main.cpp
g++ -c -pipe -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -Wall -W -D_REENTRANT -fPIE -DQT_NO_DEBUG -DQT_NETWORK_LIB -DQT_CORE_LIB -I/usr/lib/qt/mkspecs/linux-g++ -Inbproject -isystem /usr/include/qt -isystem /usr/include/qt/QtNetwork -isystem /usr/include/qt/QtCore -Isrc/generated -I. -o build/Release/VpnClientConnection.o src/VpnClientConnection.cpp
src/VpnClientConnection.cpp: In member function 'void VpnClientConnection::readyRead()':
src/VpnClientConnection.cpp:133:99: error: 'class QString' has no member named 'toAscii'
::syslog(LOG_DEBUG|LOG_DAEMON, "Executing command %s", m_strActiveCommand.toAscii().constData());
^
src/VpnClientConnection.cpp:140:75: error: 'class QString' has no member named 'toAscii'
if (COMMANDS[iCommand].pPipe->write(strCommand.toAscii().constData()) == strCommand.length())
^
src/VpnClientConnection.cpp:159:63: error: 'class QString' has no member named 'toAscii'
if (::mkfifo(strCommandParts[1].toAscii().constData(), DEFFILEMODE) == 0)
^
src/VpnClientConnection.cpp:161:84: error: 'class QString' has no member named 'toAscii'
const int iChmodResult(::chmod(strCommandParts[1].toAscii().constData(), DEFFILEMODE));
^
src/VpnClientConnection.cpp:168:87: error: 'class QString' has no member named 'toAscii'
const int iChownResult(::chown(strCommandParts[1].toAscii().constData(), pPwdInfo->pw_uid, pPwdInfo->pw_gid));
^
src/VpnClientConnection.cpp:193:77: error: 'const class QString' has no member named 'toAscii'
if (COMMANDS[iCommand].pPipe->write(str.toAscii().constData()) != str.length())
^
src/VpnClientConnection.cpp: In member function 'void VpnClientConnection::onCommandError(QProcess::ProcessError)':
src/VpnClientConnection.cpp:250:96: error: 'class QString' has no member named 'toAscii'
::syslog(LOG_DEBUG|LOG_DAEMON, "Command %s finished with error code %d", m_strActiveCommand.toAscii().constData(), ERR_COMMAND_FAILED_TO_START + iError);
^
src/VpnClientConnection.cpp: In member function 'void VpnClientConnection::onCommandFinished(int)':
src/VpnClientConnection.cpp:257:95: error: 'class QString' has no member named 'toAscii'
::syslog(LOG_DEBUG|LOG_DAEMON, "Command %s finished with exit code %d", m_strActiveCommand.toAscii().constData(), iExitCode);
^
src/VpnClientConnection.cpp: In member function 'bool VpnClientConnection::send(VpnClientConnection::ResponseType, VpnClientConnection::ResponseResult, const QString&)':
src/VpnClientConnection.cpp:268:118: error: 'const class QString' has no member named 'toAscii'
m_pSocket->write((QString::number(responseType) + " " + QString::number(resultCode) + " " + strCommand + '\n').toAscii().constData());
^
src/VpnClientConnection.cpp: In member function 'bool VpnClientConnection::send(VpnClientConnection::ResponseType, VpnClientConnection::ResponseInformation)':
src/VpnClientConnection.cpp:281:108: error: 'const class QString' has no member named 'toAscii'
m_pSocket->write((QString::number(responseType) + " " + QString::number(responseInformation) + '\n').toAscii().constData());
^
src/VpnClientConnection.cpp: In member function 'bool VpnClientConnection::send(VpnClientConnection::ResponseType, const QString&)':
src/VpnClientConnection.cpp:294:78: error: 'const class QString' has no member named 'toAscii'
m_pSocket->write((QString::number(responseType) + " " + strOutputline).toAscii().constData());
^
nbproject/qt-Release.mk:319: recipe for target 'build/Release/VpnClientConnection.o' failed
make[1]: *** [build/Release/VpnClientConnection.o] Error 1
make[1]: Leaving directory '/tmp/yaourt-tmp-nimda/aur-l2tp-ipsec-vpn-daemon/src/l2tp-ipsec-vpn-daemon'
Makefile:62: recipe for target 'build' failed
make: *** [build] Error 2
==> ERROR: A failure occurred in build().
Aborting...
==> ERROR: Makepkg was unable to build l2tp-ipsec-vpn-daemon.
Last edited by n1md4 (2014-06-06 09:47:25)Have you tried 0.9.9-2 from the comments: https://aur.archlinux.org/packages/l2tp … pn-daemon/ ?
Maybe you are looking for
-
HT2204 changing apple id on my ipad
I have changed my apple id but don't know how to change it on my IPAD. It still shows the old id. Can you help me.
-
For transport different quatation from differnt agent in SAP
Is it possible in standard SAP,For transport different quatation from differnt agent ? If it possible,how?
-
Accessing Windows dial-up connections from java
Hello, Anyone has any idea how to go about accessing Windows existing dialup connections and instruct windows to dial-up to internet using the selected connection profile?
-
Hi friend, This is my first time doing IDOC. I have IDOC with legacy system to exchange CRM Service Ticket of a particular transaction type. Outbound process make sense because I will code in ORDER_SAVE BAdi to generate outbound message. Inbound proc
-
Pavilion Slimline s5257c-b Win 7 64bit - Locks up after windows update
I bought this computer for my kids a few years ago at Sam's Club and i cant find any support for it on the HP Support page. I found that this was not intended for the US, does that sound right? It had been working fine until about 6 months ago. I h