Vpn l2tp
so how exactly shoul di setup osx 10.8.3 vpn l2tp ?! i have been trying to setup the vpn which i can use on my iphone while i m in china.
why not try cisco ipsec function. if you located in china check startvpn.com
Edit the new interface details as follows:
Server Address: cisco.vpntraffic.com or other country vpn such as japan vpn
Account Name: Your vpn account
Password: Your vpn password
How to setup Mac OS X Built-In Cisco VPN
Similar Messages
-
Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server
Summary:
After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
Configuration:
Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
-> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
en0: fixed public IP address -> controller.example.com
en1: 192.168.1.254 -> controller.cluster
-> 18 agents with AFP and Xgrid agent activated:
en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
_*Detailed problem description:*_
After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
Configure IPv4: Using PPP
IPv4 address: 192.168.1.201
Subnet Mask:
Router: 192.168.1.254
DNS: 192.168.1.254
Search domain: cluster
From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
Configure IPv4: Using PPP
IPv4 address: 192.168.1.202
Subnet Mask:
Router: (Public IP address of my VPN server)
DNS: 192.168.1.254
Search domain: cluster
From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
Any help is welcome!!!I would suggest taking a look at:
server admin:vpn:settings:client information:network route definitions.
as I understand your setup it should be something like
192.168.1.0 255.255.255.0 private.
at least as a start. I just got done troubleshooting a similar issue but via two subnets:
http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0 -
Hi,
I'm trying to use the native VPN L2TP in Leopard to connect to a small, cheap CISCO 837 adsl router, to test IOS as a VPN appliance.
So I'm just trying to connect from the leopard in 192.168.1.10 to the cisco in 192.168.1.70 with this conf:
Current configuration : 9751 bytes
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname door
memory-size iomem 15
security authentication failure rate 10 log
security passwords min-length 6
logging console critical
enable secret 5 $1$kI1f$BuT4.zkAIwccDS93oszF//
enable password 7 0459580A032A435C0C4B51
username dooruser password 7 15140E5D557A3C37203A257040
username dooradmin privilege 15 secret 5 $1$qo91$ZzsCF7Loo6BLqV7.YrGQQ1
username doortest password 7 03005404141B245F5A491416141A0A1C
aaa new-model
aaa authentication login local_auth local
aaa authentication login LOGIN local
aaa authorization network AUTORIZ local
aaa session-id common
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip domain name domain.com
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh authentication-retries 5
no ftp-server write-enable
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group PRUEBA
key 0 cisco123
domain domain.com
pool VPNPOOL
acl 150
crypto ipsec transform-set MISET esp-3des esp-sha-hmac
mode transport
crypto dynamic-map DINAMICO 10
set transform-set MISET
reverse-route
crypto map CLIENTMAP local-address Ethernet0
crypto map CLIENTMAP client authentication list LOGIN
crypto map CLIENTMAP isakmp authorization list AUTORIZ
crypto map CLIENTMAP client configuration address initiate
crypto map CLIENTMAP client configuration address respond
crypto map CLIENTMAP 10 ipsec-isakmp dynamic DINAMICO
interface Ethernet0
ip address 192.168.1.70 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
pppoe enable group PRUEBA
no cdp enable
crypto map CLIENTMAP
hold-queue 100 out
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet1
no ip address
speed auto
full-duplex
crypto map CLIENTMAP
interface FastEthernet2
no ip address
speed auto
half-duplex
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
ip local pool VPNPOOL 192.168.1.120 192.168.1.125
ip default-gateway 192.168.1.100
ip classless
ip default-network 198.168.1.0
ip route 0.0.0.0 0.0.0.0 192.168.1.100
ip route 192.168.1.0 255.255.255.0 192.168.1.100
ip http server
ip http authentication local
ip http secure-server
ip access-list extended autoseccompletebogon
deny ip 1.0.0.0 0.255.255.255 any
deny ip 2.0.0.0 0.255.255.255 any
deny ip 5.0.0.0 0.255.255.255 any
deny ip 7.0.0.0 0.255.255.255 any
deny ip 23.0.0.0 0.255.255.255 any
deny ip 27.0.0.0 0.255.255.255 any
deny ip 31.0.0.0 0.255.255.255 any
deny ip 36.0.0.0 0.255.255.255 any
deny ip 37.0.0.0 0.255.255.255 any
deny ip 39.0.0.0 0.255.255.255 any
deny ip 41.0.0.0 0.255.255.255 any
deny ip 42.0.0.0 0.255.255.255 any
deny ip 49.0.0.0 0.255.255.255 any
deny ip 50.0.0.0 0.255.255.255 any
deny ip 58.0.0.0 0.255.255.255 any
deny ip 59.0.0.0 0.255.255.255 any
deny ip 60.0.0.0 0.255.255.255 any
deny ip 70.0.0.0 0.255.255.255 any
deny ip 71.0.0.0 0.255.255.255 any
deny ip 72.0.0.0 0.255.255.255 any
deny ip 73.0.0.0 0.255.255.255 any
deny ip 74.0.0.0 0.255.255.255 any
deny ip 75.0.0.0 0.255.255.255 any
deny ip 76.0.0.0 0.255.255.255 any
deny ip 77.0.0.0 0.255.255.255 any
deny ip 78.0.0.0 0.255.255.255 any
deny ip 79.0.0.0 0.255.255.255 any
deny ip 83.0.0.0 0.255.255.255 any
deny ip 84.0.0.0 0.255.255.255 any
deny ip 85.0.0.0 0.255.255.255 any
deny ip 86.0.0.0 0.255.255.255 any
deny ip 87.0.0.0 0.255.255.255 any
deny ip 89.0.0.0 0.255.255.255 any
deny ip 90.0.0.0 0.255.255.255 any
deny ip 91.0.0.0 0.255.255.255 any
deny ip 92.0.0.0 0.255.255.255 any
deny ip 93.0.0.0 0.255.255.255 any
deny ip 94.0.0.0 0.255.255.255 any
deny ip 95.0.0.0 0.255.255.255 any
deny ip 96.0.0.0 0.255.255.255 any
deny ip 97.0.0.0 0.255.255.255 any
deny ip 98.0.0.0 0.255.255.255 any
deny ip 99.0.0.0 0.255.255.255 any
deny ip 100.0.0.0 0.255.255.255 any
deny ip 101.0.0.0 0.255.255.255 any
deny ip 102.0.0.0 0.255.255.255 any
deny ip 103.0.0.0 0.255.255.255 any
deny ip 104.0.0.0 0.255.255.255 any
deny ip 105.0.0.0 0.255.255.255 any
deny ip 106.0.0.0 0.255.255.255 any
deny ip 107.0.0.0 0.255.255.255 any
deny ip 108.0.0.0 0.255.255.255 any
deny ip 109.0.0.0 0.255.255.255 any
deny ip 110.0.0.0 0.255.255.255 any
deny ip 111.0.0.0 0.255.255.255 any
deny ip 112.0.0.0 0.255.255.255 any
deny ip 113.0.0.0 0.255.255.255 any
deny ip 114.0.0.0 0.255.255.255 any
deny ip 115.0.0.0 0.255.255.255 any
deny ip 116.0.0.0 0.255.255.255 any
deny ip 117.0.0.0 0.255.255.255 any
deny ip 118.0.0.0 0.255.255.255 any
deny ip 119.0.0.0 0.255.255.255 any
deny ip 120.0.0.0 0.255.255.255 any
deny ip 121.0.0.0 0.255.255.255 any
deny ip 122.0.0.0 0.255.255.255 any
deny ip 123.0.0.0 0.255.255.255 any
deny ip 124.0.0.0 0.255.255.255 any
deny ip 125.0.0.0 0.255.255.255 any
deny ip 126.0.0.0 0.255.255.255 any
deny ip 197.0.0.0 0.255.255.255 any
deny ip 201.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 224.0.0.0 15.255.255.255 any
deny ip 240.0.0.0 15.255.255.255 any
deny ip 0.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 127.0.0.0 0.255.255.255 any
permit ip any any
remark This acl might not be up to date. Visit www.iana.org/assignments/ipv4-address-space for update list
ip access-list extended autoseciana_reservedblock
deny ip 1.0.0.0 0.255.255.255 any
deny ip 2.0.0.0 0.255.255.255 any
deny ip 5.0.0.0 0.255.255.255 any
deny ip 7.0.0.0 0.255.255.255 any
deny ip 23.0.0.0 0.255.255.255 any
deny ip 27.0.0.0 0.255.255.255 any
deny ip 31.0.0.0 0.255.255.255 any
deny ip 36.0.0.0 0.255.255.255 any
deny ip 37.0.0.0 0.255.255.255 any
deny ip 39.0.0.0 0.255.255.255 any
deny ip 41.0.0.0 0.255.255.255 any
deny ip 42.0.0.0 0.255.255.255 any
deny ip 49.0.0.0 0.255.255.255 any
deny ip 50.0.0.0 0.255.255.255 any
deny ip 58.0.0.0 0.255.255.255 any
deny ip 59.0.0.0 0.255.255.255 any
deny ip 60.0.0.0 0.255.255.255 any
deny ip 70.0.0.0 0.255.255.255 any
deny ip 71.0.0.0 0.255.255.255 any
deny ip 72.0.0.0 0.255.255.255 any
deny ip 73.0.0.0 0.255.255.255 any
deny ip 74.0.0.0 0.255.255.255 any
deny ip 75.0.0.0 0.255.255.255 any
deny ip 76.0.0.0 0.255.255.255 any
deny ip 77.0.0.0 0.255.255.255 any
deny ip 78.0.0.0 0.255.255.255 any
deny ip 79.0.0.0 0.255.255.255 any
deny ip 83.0.0.0 0.255.255.255 any
deny ip 84.0.0.0 0.255.255.255 any
deny ip 85.0.0.0 0.255.255.255 any
deny ip 86.0.0.0 0.255.255.255 any
deny ip 87.0.0.0 0.255.255.255 any
deny ip 88.0.0.0 0.255.255.255 any
deny ip 89.0.0.0 0.255.255.255 any
deny ip 90.0.0.0 0.255.255.255 any
deny ip 91.0.0.0 0.255.255.255 any
deny ip 92.0.0.0 0.255.255.255 any
deny ip 93.0.0.0 0.255.255.255 any
deny ip 94.0.0.0 0.255.255.255 any
deny ip 95.0.0.0 0.255.255.255 any
deny ip 96.0.0.0 0.255.255.255 any
deny ip 97.0.0.0 0.255.255.255 any
deny ip 98.0.0.0 0.255.255.255 any
deny ip 99.0.0.0 0.255.255.255 any
deny ip 100.0.0.0 0.255.255.255 any
deny ip 101.0.0.0 0.255.255.255 any
deny ip 102.0.0.0 0.255.255.255 any
deny ip 103.0.0.0 0.255.255.255 any
deny ip 104.0.0.0 0.255.255.255 any
deny ip 105.0.0.0 0.255.255.255 any
deny ip 106.0.0.0 0.255.255.255 any
deny ip 107.0.0.0 0.255.255.255 any
deny ip 108.0.0.0 0.255.255.255 any
deny ip 109.0.0.0 0.255.255.255 any
deny ip 110.0.0.0 0.255.255.255 any
deny ip 111.0.0.0 0.255.255.255 any
deny ip 112.0.0.0 0.255.255.255 any
deny ip 113.0.0.0 0.255.255.255 any
deny ip 114.0.0.0 0.255.255.255 any
deny ip 115.0.0.0 0.255.255.255 any
deny ip 116.0.0.0 0.255.255.255 any
deny ip 117.0.0.0 0.255.255.255 any
deny ip 118.0.0.0 0.255.255.255 any
deny ip 119.0.0.0 0.255.255.255 any
deny ip 120.0.0.0 0.255.255.255 any
deny ip 121.0.0.0 0.255.255.255 any
deny ip 122.0.0.0 0.255.255.255 any
deny ip 123.0.0.0 0.255.255.255 any
deny ip 124.0.0.0 0.255.255.255 any
deny ip 125.0.0.0 0.255.255.255 any
deny ip 126.0.0.0 0.255.255.255 any
deny ip 197.0.0.0 0.255.255.255 any
deny ip 201.0.0.0 0.255.255.255 any
permit ip any any
remark This acl might not be up to date. Visit www.iana.org/assignments/ipv4-address-space for update list
ip access-list extended autosecprivateblock
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit ip any any
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
access-list 150 permit ip host 0.0.0.0 any
dialer-list 1 protocol ip permit
no cdp run
line con 0
exec-timeout 5 0
login authentication local_auth
no modem enable
transport output telnet
deny ip 121.0.0.0 0.255.255.255 any
deny ip 122.0.0.0 0.255.255.255 any
deny ip 123.0.0.0 0.255.255.255 any
deny ip 124.0.0.0 0.255.255.255 any
deny ip 125.0.0.0 0.255.255.255 any
deny ip 126.0.0.0 0.255.255.255 any
deny ip 197.0.0.0 0.255.255.255 any
deny ip 201.0.0.0 0.255.255.255 any
permit ip any any
remark This acl might not be up to date. Visit www.iana.org/assignments/ipv4-address-space for update list
ip access-list extended autosecprivateblock
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit ip any any
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
access-list 150 permit ip host 0.0.0.0 any
dialer-list 1 protocol ip permit
no cdp run
line con 0
exec-timeout 5 0
login authentication local_auth
no modem enable
transport output telnet
line aux 0
login authentication local_auth
transport output telnet
line vty 0 4
password 7 15045A081325242F7B626C74
login authentication local_auth
transport input telnet ssh
scheduler max-task-time 5000
end
and the DEBUG in the cisco is:
015933: *Mar 2 05:13:34.748 UTC: %SYS-5-CONFIG_I: Configured from console by dooruser on vty0 (192.168.1.10)
door#
door#
015934: *Mar 2 05:14:18.096 UTC: ISAKMP (0:0): received packet from 192.168.1.10 dport 500 sport 500 Global (N) NEW SA
015935: *Mar 2 05:14:18.096 UTC: ISAKMP: Created a peer struct for 192.168.1.10, peer port 500
015936: *Mar 2 05:14:18.096 UTC: ISAKMP: Locking peer struct 0x816C55CC, IKE refcount 1 for cryptoikmp_config_initializesa
015937: *Mar 2 05:14:18.096 UTC: ISAKMP (0:0): Setting client config settings 813B63E8
015938: *Mar 2 05:14:18.096 UTC: ISAKMP (0:0): (Re)Setting client xauth list and state
015939: *Mar 2 05:14:18.096 UTC: ISAKMP: local port 500, remote port 500
015940: *Mar 2 05:14:18.100 UTC: ISAKMP: insert sa successfully sa = 815825EC
015941: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): processing SA payload. message ID = 0
015942: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): processing ID payload. message ID = 0
015943: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): peer matches none of the profiles
015944: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): processing vendor id payload
015945: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 69 mismatch
015946: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): processing vendor id payload
015947: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 198 mismatch
015948: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): processing vendor id payload
015949: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 29 mismatch
015950: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): processing vendor id payload
015951: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 245 mismatch
015952: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): processing vendor id payload
015953: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 114 mismatch
015954: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): processing vendor id payload
015955: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 227 mismatch
015956: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): processing vendor id payload
015957: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 250 mismatch
015958: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): processing vendor id payload
015959: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 157 mismatch
015960: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): vendor ID is NAT-T v3
015961: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): processing vendor id payload
015962: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 164 mismatch
015963: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): processing vendor id payload
015964: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 123 mismatch
015965: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): vendor ID is NAT-T v2
015966: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): processing vendor id payload
015967: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): vendor ID is DPD
015968: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1) Authentication by xauth preshared
015969: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 10 policy
015970: *Mar 2 05:14:18.112 UTC: ISAKMP: life type in seconds
015971: *Mar 2 05:14:18.116 UTC: ISAKMP: life duration (basic) of 3600
015972: *Mar 2 05:14:18.116 UTC: ISAKMP: encryption 3DES-CBC
015973: *Mar 2 05:14:18.116 UTC: ISAKMP: auth pre-share
015974: *Mar 2 05:14:18.116 UTC: ISAKMP: hash SHA
015975: *Mar 2 05:14:18.116 UTC: ISAKMP: default group 2
015976: *Mar 2 05:14:18.116 UTC: ISAKMP (0:1): atts are acceptable. Next payload is 0
015977: *Mar 2 05:14:18.328 UTC: ISAKMP (0:1): processing KE payload. message ID = 0
015978: *Mar 2 05:14:18.596 UTC: ISAKMP (0:1): processing NONCE payload. message ID = 0
015979: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): processing vendor id payload
015980: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 69 mismatch
015981: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): processing vendor id payload
015982: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 198 mismatch
015983: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): processing vendor id payload
015984: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 29 mismatch
015985: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): processing vendor id payload
015986: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 245 mismatch
015987: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): processing vendor id payload
015988: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 114 mismatch
015989: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): processing vendor id payload
015990: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 227 mismatch
015991: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
015992: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 250 mismatch
015993: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
015994: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 157 mismatch
015995: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID is NAT-T v3
015996: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
015997: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 164 mismatch
015998: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
015999: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 123 mismatch
016000: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID is NAT-T v2
016001: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
016002: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID is DPD
016003: *Mar 2 05:14:18.608 UTC: AAA: parse name=ISAKMP500 idb type=-1 tty=-1
016004: *Mar 2 05:14:18.612 UTC: AAA: name=ISAKMP500 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=500 channel=0
016005: *Mar 2 05:14:18.612 UTC: AAA: parse name=<no string> idb type=-1 tty=-1
016006: *Mar 2 05:14:18.612 UTC: AAA/MEMORY: create_user (0x81582C78) user='PRUEBA' ruser='NULL' ds0=0 port='ISAKMP500' rem_addr='192.168.1.10' authen_type=NONE service=LOGIN priv=0 initialtaskid='0', vrf= (id=0)
016007: *Mar 2 05:14:18.612 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKEAMEXCH
016008: *Mar 2 05:14:18.612 UTC: ISAKMP (0:1): Old State = IKE_READY New State = IKER_AM_AAAAWAIT
016009: *Mar 2 05:14:18.612 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): Port='ISAKMP500' list='AUTORIZ' service=NET
016010: *Mar 2 05:14:18.616 UTC: AAA/AUTHOR/CRYPTO AAA: ISAKMP500(1432144417) user='PRUEBA'
016011: *Mar 2 05:14:18.616 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): send AV service=ike
016012: *Mar 2 05:14:18.616 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): send AV protocol=ipsec
016013: *Mar 2 05:14:18.616 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): found list "AUTORIZ"
016014: *Mar 2 05:14:18.616 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): Method=LOCAL
016015: *Mar 2 05:14:18.620 UTC: AAA/AUTHOR (1432144417): Post authorization status = PASS_ADD
016016: *Mar 2 05:14:18.620 UTC: ISAKMP: got callback 1
016017: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV service=ike
016018: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV protocol=ipsec
016019: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV tunnel-password=cisco123
016020: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV default-domain*domain.com
016021: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV addr-pool*VPNPOOL
016022: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV key-exchange=ike
016023: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV firewall*0
016024: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV group-lock*0
016025: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV include-local-lan*0
016026: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV timeout*0
016027: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV idletime*0
016028: *Mar 2 05:14:18.628 UTC:
AAA/AUTHOR/IKE: Processing AV inacl*150
016029: *Mar 2 05:14:18.628 UTC:
AAA/AUTHOR/IKE: Processing AV dns-servers*0.0.0.0 0.0.0.0
016030: *Mar 2 05:14:18.628 UTC:
AAA/AUTHOR/IKE: Processing AV wins-servers*0.0.0.0 0.0.0.0
016031: *Mar 2 05:14:18.628 UTC:
AAA/AUTHOR/IKE: Processing AV save-password*0
016032: *Mar 2 05:14:18.632 UTC: ISAKMP (0:1): SKEYID state generated
016033: *Mar 2 05:14:18.636 UTC: ISAKMP (0:1): constructed NAT-T vendor-03 ID
016034: *Mar 2 05:14:18.636 UTC: ISAKMP (0:1): SA is doing pre-shared key authentication using id type IDIPV4ADDR
016035: *Mar 2 05:14:18.636 UTC: ISAKMP (1): ID payload
next-payload : 10
type : 1
addr : 192.168.1.70
protocol : 17
port : 0
length : 8
016036: *Mar 2 05:14:18.636 UTC: ISAKMP (1): Total payload length: 12
016037: *Mar 2 05:14:18.636 UTC: ISAKMP (0:1): constructed HIS NAT-D
016038: *Mar 2 05:14:18.636 UTC: ISAKMP (0:1): constructed MINE NAT-D
016039: *Mar 2 05:14:18.640 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) AGINITEXCH
016040: *Mar 2 05:14:18.640 UTC: ISAKMP (0:1): Input = IKEMESG_FROMAAA, PRESHAREDKEYREPLY
016041: *Mar 2 05:14:18.640 UTC: ISAKMP (0:1): Old State = IKER_AM_AAAAWAIT New State = IKERAM2
016042: *Mar 2 05:14:18.640 UTC: AAA/MEMORY: free_user (0x81582C78) user='PRUEBA' ruser='NULL' port='ISAKMP500' rem_addr='192.168.1.10' authen_type=NONE service=LOGIN priv=0 vrf= (id=0)
016043: *Mar 2 05:14:18.792 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) AGINITEXCH
016044: *Mar 2 05:14:18.792 UTC: ISAKMP (0:1): processing HASH payload. message ID = 0
016045: *Mar 2 05:14:18.792 UTC: ISAKMP:received payload type 17
016046: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): Detected NAT-D payload
016047: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): recalc my hash for NAT-D
016048: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): NAT match MINE hash
016049: *Mar 2 05:14:18.796 UTC: ISAKMP:received payload type 17
016050: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): Detected NAT-D payload
016051: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): recalc his hash for NAT-D
016052: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): NAT match HIS hash
016053: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): SA has been authenticated with 192.168.1.10
016054: *Mar 2 05:14:18.796 UTC: ISAKMP: Trying to insert a peer 192.168.1.70/192.168.1.10/500/, and inserted successfully.
016055: *Mar 2 05:14:18.800 UTC: ISAKMP (0:1): peer matches none of the profiles
016056: *Mar 2 05:14:18.800 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKEAMEXCH
016057: *Mar 2 05:14:18.800 UTC: ISAKMP (0:1): Old State = IKERAM2 New State = IKEP1COMPLETE
016058: *Mar 2 05:14:18.800 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) QM_IDLE
016059: *Mar 2 05:14:18.800 UTC: ISAKMP: set new node -499921571 to CONF_XAUTH
016060: *Mar 2 05:14:18.804 UTC: ISAKMP (0:1): processing HASH payload. message ID = -499921571
016061: *Mar 2 05:14:18.804 UTC: ISAKMP (0:1): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = -499921571, sa = 815825EC
016062: *Mar 2 05:14:18.804 UTC: ISAKMP (0:1): Process initial contact,
bring down existing phase 1 and 2 SA's with local 192.168.1.70 remote 192.168.1.10 remote port 500
016063: *Mar 2 05:14:18.804 UTC: ISAKMP (0:1): returning IP addr to the address pool
016064: *Mar 2 05:14:18.808 UTC: IPSEC(key_engine): got a queue event with 1 kei messages
016065: *Mar 2 05:14:18.808 UTC: ISAKMP (0:1): deleting node -499921571 error FALSE reason "informational (in) state 1"
016066: *Mar 2 05:14:18.808 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKEINFONOTIFY
016067: *Mar 2 05:14:18.808 UTC: ISAKMP (0:1): Old State = IKEP1COMPLETE New State = IKEP1COMPLETE
016068: *Mar 2 05:14:18.808 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) QM_IDLE
016069: *Mar 2 05:14:18.812 UTC: ISAKMP: set new node -326994436 to CONF_XAUTH
016070: *Mar 2 05:14:18.812 UTC: ISAKMP (0:1): Need XAUTH
016071: *Mar 2 05:14:18.816 UTC: AAA: parse name=ISAKMP500 idb type=-1 tty=-1
016072: *Mar 2 05:14:18.816 UTC: AAA: name=ISAKMP500 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=500 channel=0
016073: *Mar 2 05:14:18.816 UTC: AAA: parse name=<no string> idb type=-1 tty=-1
016074: *Mar 2 05:14:18.816 UTC: AAA/MEMORY: create_user (0x816C2654) user='NULL' ruser='NULL' ds0=0 port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 initialtaskid='0', vrf= (id=0)
016075: *Mar 2 05:14:18.816 UTC: ISAKMP (0:1): Input = IKEMESGINTERNAL, IKEPHASE1COMPLETE
016076: *Mar 2 05:14:18.816 UTC: ISAKMP (0:1): Old State = IKEP1COMPLETE New State = IKEXAUTH_AAA_START_LOGINAWAIT
016077: *Mar 2 05:14:18.820 UTC: AAA/AUTHEN/START (687144130): port='ISAKMP500' list='LOGIN' action=LOGIN service=LOGIN
016078: *Mar 2 05:14:18.820 UTC: AAA/AUTHEN/START (687144130): found list LOGIN
016079: *Mar 2 05:14:18.820 UTC: AAA/AUTHEN/START (687144130): Method=LOCAL
016080: *Mar 2 05:14:18.820 UTC: AAA/AUTHEN(687144130): Status=GETUSER
016081: *Mar 2 05:14:18.820 UTC: ISAKMP (0:1): Unknown Input: state = IKEXAUTH_AAA_START_LOGINAWAIT, major, minor = IKEMESGINTERNAL, IKEPHASE1COMPLETE
016082: *Mar 2 05:14:18.820 UTC: ISAKMP: got callback 1
016083: *Mar 2 05:14:18.820 UTC: ISAKMP: set new node 1267078368 to CONF_XAUTH
016084: *Mar 2 05:14:18.824 UTC: ISAKMP/xauth: request attribute XAUTH_TYPE
016085: *Mar 2 05:14:18.824 UTC: ISAKMP/xauth: request attribute XAUTH_MESSAGE
016086: *Mar 2 05:14:18.824 UTC: ISAKMP/xauth: request attribute XAUTHUSERNAME
016087: *Mar 2 05:14:18.824 UTC: ISAKMP/xauth: request attribute XAUTHUSERPASSWORD
016088: *Mar 2 05:14:18.824 UTC: ISAKMP (0:1): initiating peer config to 192.168.1.10. ID = 1267078368
016089: *Mar 2 05:14:18.828 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) CONF_XAUTH
016090: *Mar 2 05:14:18.828 UTC: ISAKMP (0:1): Input = IKEMESG_FROMAAA, IKEAAA_STARTLOGIN
016091: *Mar 2 05:14:18.828 UTC: ISAKMP (0:1): Old State = IKEXAUTH_AAA_START_LOGINAWAIT New State = IKEXAUTH_REQSENT
016092: *Mar 2 05:14:18.836 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) CONF_XAUTH
016093: *Mar 2 05:14:18.836 UTC: ISAKMP (0:1): processing transaction payload from 192.168.1.10. message ID = 1267078368
016094: *Mar 2 05:14:18.840 UTC: ISAKMP: Config payload REPLY
016095: *Mar 2 05:14:18.840 UTC: ISAKMP/xauth: Expected attribute XAUTH_TYPE not received
016096: *Mar 2 05:14:18.840 UTC: AAA/MEMORY: free_user (0x816C2654) user='NULL' ruser='NULL' port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 vrf= (id=0)
016097: *Mar 2 05:14:18.840 UTC: AAA: parse name=ISAKMP500 idb type=-1 tty=-1
016098: *Mar 2 05:14:18.840 UTC: AAA: name=ISAKMP500 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=500 channel=0
016099: *Mar 2 05:14:18.840 UTC: AAA: parse name=<no string> idb type=-1 tty=-1
016100: *Mar 2 05:14:18.840 UTC: AAA/MEMORY: create_user (0x816C2654) user='NULL' ruser='NULL' ds0=0 port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 initialtaskid='0', vrf= (id=0)
016101: *Mar 2 05:14:18.844 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKECFGREPLY
016102: *Mar 2 05:14:18.844 UTC: ISAKMP (0:1): Old State = IKEXAUTH_REQSENT New State = IKEXAUTH_AAA_START_LOGINAWAIT
016103: *Mar 2 05:14:18.844 UTC: AAA/AUTHEN/START (741762202): port='ISAKMP500' list='LOGIN' action=LOGIN service=LOGIN
016104: *Mar 2 05:14:18.844 UTC: AAA/AUTHEN/START (741762202): found list LOGIN
016105: *Mar 2 05:14:18.844 UTC: AAA/AUTHEN/START (741762202): Method=LOCAL
016106: *Mar 2 05:14:18.844 UTC: AAA/AUTHEN(741762202): Status=GETUSER
016107: *Mar 2 05:14:18.848 UTC: ISAKMP: got callback 1
016108: *Mar 2 05:14:18.848 UTC: ISAKMP: set new node -623612407 to CONF_XAUTH
016109: *Mar 2 05:14:18.848 UTC: ISAKMP/xauth: request attribute XAUTH_TYPE
016110: *Mar 2 05:14:18.848 UTC: ISAKMP/xauth: request attribute XAUTH_MESSAGE
016111: *Mar 2 05:14:18.848 UTC: ISAKMP/xauth: request attribute XAUTHUSERNAME
016112: *Mar 2 05:14:18.848 UTC: ISAKMP/xauth: request attribute XAUTHUSERPASSWORD
016113: *Mar 2 05:14:18.852 UTC: ISAKMP (0:1): initiating peer config to 192.168.1.10. ID = -623612407
016114: *Mar 2 05:14:18.852 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) CONF_XAUTH
016115: *Mar 2 05:14:18.852 UTC: ISAKMP (0:1): Input = IKEMESG_FROMAAA, IKEAAA_STARTLOGIN
016116: *Mar 2 05:14:18.852 UTC: ISAKMP (0:1): Old State = IKEXAUTH_AAA_START_LOGINAWAIT New State = IKEXAUTH_REQSENT
016117: *Mar 2 05:14:19.036 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) CONF_XAUTH
016118: *Mar 2 05:14:19.040 UTC: ISAKMP (0:1): processing transaction payload from 192.168.1.10. message ID = -623612407
016119: *Mar 2 05:14:19.040 UTC: ISAKMP: Config payload REPLY
016120: *Mar 2 05:14:19.040 UTC: ISAKMP/xauth: Expected attribute XAUTH_TYPE not received
016121: *Mar 2 05:14:19.040 UTC: AAA/MEMORY: free_user (0x816C2654) user='NULL' ruser='NULL' port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 vrf= (id=0)
016122: *Mar 2 05:14:19.040 UTC: AAA: parse name=ISAKMP500 idb type=-1 tty=-1
016123: *Mar 2 05:14:19.044 UTC: AAA: name=ISAKMP500 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=500 channel=0
016124: *Mar 2 05:14:19.044 UTC: AAA: parse name=<no string> idb type=-1 tty=-1
016125: *Mar 2 05:14:19.044 UTC: AAA/MEMORY: create_user (0x8156DB1C) user='NULL' ruser='NULL' ds0=0 port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 initialtaskid='0', vrf= (id=0)
016126: *Mar 2 05:14:19.044 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKECFGREPLY
016127: *Mar 2 05:14:19.044 UTC: ISAKMP (0:1): Old State = IKEXAUTH_REQSENT New State = IKEXAUTH_AAA_START_LOGINAWAIT
016128: *Mar 2 05:14:19.044 UTC: AAA/AUTHEN/START (3918303509): port='ISAKMP500' list='LOGIN' action=LOGIN service=LOGIN
016129: *Mar 2 05:14:19.044 UTC: AAA/AUTHEN/START (3918303509): found list LOGIN
016130: *Mar 2 05:14:19.048 UTC: AAA/AUTHEN/START (3918303509): Method=LOCAL
016131: *Mar 2 05:14:19.048 UTC: AAA/AUTHEN(3918303509): Status=GETUSER
016132: *Mar 2 05:14:19.048 UTC: ISAKMP: got callback 1
016133: *Mar 2 05:14:19.048 UTC: ISAKMP: set new node 1898470555 to CONF_XAUTH
016134: *Mar 2 05:14:19.048 UTC: ISAKMP/xauth: request attribute XAUTH_TYPE
016135: *Mar 2 05:14:19.048 UTC: ISAKMP/xauth: request attribute XAUTH_MESSAGE
016136: *Mar 2 05:14:19.048 UTC: ISAKMP/xauth: request attribute XAUTHUSERNAME
016137: *Mar 2 05:14:19.052 UTC: ISAKMP/xauth: request attribute XAUTHUSERPASSWORD
016138: *Mar 2 05:14:19.052 UTC: ISAKMP (0:1): initiating peer config to 192.168.1.10. ID = 1898470555
016139: *Mar 2 05:14:19.052 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) CONF_XAUTH
016140: *Mar 2 05:14:19.056 UTC: ISAKMP (0:1): Input = IKEMESG_FROMAAA, IKEAAA_STARTLOGIN
016141: *Mar 2 05:14:19.056 UTC: ISAKMP (0:1): Old State = IKEXAUTH_AAA_START_LOGINAWAIT New State = IKEXAUTH_REQSENT
016142: *Mar 2 05:14:19.056 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) CONF_XAUTH
016143: *Mar 2 05:14:19.064 UTC: ISAKMP (0:1): processing transaction payload from 192.168.1.10. message ID = 1898470555
016144: *Mar 2 05:14:19.064 UTC: ISAKMP: Config payload REPLY
016145: *Mar 2 05:14:19.064 UTC: ISAKMP/xauth: Expected attribute XAUTH_TYPE not received
016146: *Mar 2 05:14:19.064 UTC: AAA/MEMORY: free_user (0x8156DB1C) user='NULL' ruser='NULL' port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 vrf= (id=0)
016147: *Mar 2 05:14:19.068 UTC: ISAKMP (0:1): peer does not do paranoid keepalives.
016148: *Mar 2 05:14:19.068 UTC: ISAKMP (0:1): deleting SA reason "XAuthenticate fail" state (R) CONF_XAUTH (peer 192.168.1.10) input queue 0
016149: *Mar 2 05:14:19.068 UTC: ISAKMP: Unlocking IKE struct 0x816C55CC for isadbmark_sadeleted(), count 0
016150: *Mar 2 05:14:19.068 UTC: ISAKMP: Deleting peer node by peer_reap for 192.168.1.10: 816C55CC
016151: *Mar 2 05:14:19.068 UTC: ISAKMP: set new node -1893737389 to QM_IDLE
016152: *Mar 2 05:14:19.072 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) MMNOSTATE
016153: *Mar 2 05:14:19.072 UTC: ISAKMP (0:1): purging node -1893737389
016154: *Mar 2 05:14:19.072 UTC: ISAKMP (0:1): deleting node -326994436 error FALSE reason "XAuthenticate fail"
016155: *Mar 2 05:14:19.072 UTC: ISAKMP (0:1): deleting node 1267078368 error FALSE reason "XAuthenticate fail"
016156: *Mar 2 05:14:19.076 UTC: ISAKMP (0:1): deleting node -623612407 error FALSE reason "XAuthenticate fail"
016157: *Mar 2 05:14:19.076 UTC: ISAKMP (0:1): deleting node 1898470555 error FALSE reason "XAuthenticate fail"
016158: *Mar 2 05:14:19.076 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKECFGREPLY
016159: *Mar 2 05:14:19.076 UTC: ISAKMP (0:1): Old State = IKEXAUTH_REQSENT New State = IKEDESTSA
016160: *Mar 2 05:14:19.076 UTC: IPSEC(key_engine): got a queue event with 1 kei messages
016161: *Mar 2 05:14:19.076 UTC: IPSEC(keyengine_deletesas): rec'd delete notify from ISAKMP
016162: *Mar 2 05:14:19.076 UTC: IPSEC(keyengine_deletesas): delete all SAs shared with peer 192.168.1.10
016163: *Mar 2 05:14:28.368 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) MMNOSTATE
016164: *Mar 2 05:14:38.368 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) MMNOSTATE
016165: *Mar 2 05:15:08.808 UTC: ISAKMP (0:1): purging node -499921571
016166: *Mar 2 05:15:09.072 UTC: ISAKMP (0:1): purging node -326994436
016167: *Mar 2 05:15:09.076 UTC: ISAKMP (0:1): purging node 1267078368
016168: *Mar 2 05:15:09.076 UTC: ISAKMP (0:1): purging node -623612407
016169: *Mar 2 05:15:09.076 UTC: ISAKMP (0:1): purging node 1898470555
016170: *Mar 2 05:15:19.076 UTC: ISAKMP (0:1): purging SA., sa=815825EC, delme=815825EC
In leopard I used the doortest user (created with mschap), shared sectret cisco123, group PRUEBA.
Any CISCO CCNA out there, please?
It should work following this: http://www.macosxhints.com/article.php?story=20070827135109248
Thanks, guys.
PD: the cisco...
Cisco Internetwork Operating System Software
IOS (tm) C837 Software (C837-K9O3Y6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Synched to technology version 12.3(1.6)T
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Thu 04-Mar-04 01:13 by ealyon
Image text-base: 0x800131E8, data-base: 0x80B93040
ROM: System Bootstrap, Version 12.2(11r)YV1, RELEASE SOFTWARE (fc1)
ROM: C837 Software (C837-K9O3Y6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
door uptime is 1 day, 5 hours, 27 minutes
System returned to ROM by power-on
System image file is "flash:c837-k9o3y6-mz.123-2.XC2.bin"Nobody using VPNs out there?
Are CISCO VPN concentrators old fashioned?
C'mon! -
Ports required for VPN (L2TP)?
I am having problems getting my VPN (L2TP) working. I have opened up port 1701, do any other ports have to be opened up for the VPN to work?
Thanks
Tony4500/udp (ipsec) and 500/udp (isakmp) as well. You also need to open Protocol ESP on your firewall. If you travel past a NAT router that one needs to be capable of IPsec as well.
MacLemon -
I have what I believe to be a unique need;
I have a MacPro (1,1) running Lion with Server app.
I require that this particular machine be connected as a client to a VPN server, while at the same time acting as a VPN server for my network.
The PPTP connection configuration is such that "Send all traffic over VPN connection" is checked.
If PPTP client is NOT connected, I can connect to Lion as VPN server. As soon as I make the connection from Lion as a client, I can no longer
connect to Lion VPN server.
I understand this is because I am forcing all traffic out the virtual interface (tun0) and eth0 is no longer listening on the local network.
1. Is it possible to bind the VPN client (on Lion Server) to a particular interface? If I could tell the PPTP client to only use eth1 as the interface of choice, my assumption would be that eth0 would then be free to accept incoming connections.
2. Is it possible to bind the VPN service (on Lion Server) to a particular interface? if I could tell the vpn serviec to only listen on eth1, and in turn tell the PPTP client to NOT communicate on eth1 but only eth0 then perhaps I could separate the communications?
In my head, it seems as though both of the above options would be required in order to use Lion as both a VPN server and VPN client
Any and all help appreciated.This is a standard facet of most VPNs - the problem lies in your NAT router since both clients appear to come from the same IP address as far as the VPN server is concerned, and the router can't separate out the traffic.
There are a couple of solutions.
First, the built-in VPN server supports L2TP and PPTP protocols. You should be able to connect one system under each protocol, so that gets your two machines connected.
Second, you can replace your NAT router with one that supports multiple VPN clients (often termed 'VPN passthrough').
Third, setup a site-to-site tunnel so that your entire LAN is connected to the VPN (this saves you from having to run a separate VPN client on each machine, but is typically only worth it when you have more machines). -
VPN L2TP fails to establish connection
I have been working on this issue for about 7 hours now, and getting pretty tired of it. I went to enable L2TP on a server, and nothing i do gets past this:
Wed Jun 30 21:21:14 2010 : Directory Services Authentication plugin initialized
Wed Jun 30 21:21:14 2010 : Directory Services Authorization plugin initialized
Wed Jun 30 21:21:14 2010 : L2TP incoming call in progress from '76.120.xx.xx'...
Wed Jun 30 21:21:14 2010 : L2TP received SCCRQ
Wed Jun 30 21:21:14 2010 : L2TP sent SCCRP
2010-06-30 21:21:19 MDT --> Client with address = 10.1.10.194 has hungup
PPTP works fine, no problems. But i want to enable L2TP for the increased security. I have tried disabling firewall, rebooting server, changing IP schemes...basically everything i could find in these forums and else where. The **** server just will not complete the handshaking and i cannot figure out why.
The unit is an Xserve. One NIC is private, the other public.
Does anyone have some sound advice here, or can i provide you with more info? My client machine logs the following:
Jun 30 21:20:58 the-chaoss-imac pppd[1688]: pppd 2.4.2 (Apple version 412.3) started by chaos, uid 501
Jun 30 21:20:58 the-chaoss-imac pppd[1688]: L2TP connecting to server '173.14.xx.xx' (173.14.5.89)...
Jun 30 21:20:58 the-chaoss-imac pppd[1688]: IPSec connection started
Jun 30 21:20:58 the-chaoss-imac racoon[132]: Connecting.
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKEv1 Phase1 AUTH: success. (Initiator, Main-Mode Message 6).
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKE Packet: receive success. (Initiator, Main-Mode message 6).
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKEv1 Phase1 Initiator: success. (Initiator, Main-Mode).
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKE Packet: transmit success. (Information message).
Jun 30 21:20:58 the-chaoss-imac racoon[132]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
Jun 30 21:20:59 the-chaoss-imac racoon[132]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
Jun 30 21:20:59 the-chaoss-imac racoon[132]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
Jun 30 21:20:59 the-chaoss-imac racoon[132]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
Jun 30 21:20:59 the-chaoss-imac racoon[132]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).
Jun 30 21:20:59 the-chaoss-imac racoon[132]: Connected.
Jun 30 21:20:59 the-chaoss-imac pppd[1688]: IPSec connection established
Jun 30 21:21:19 the-chaoss-imac pppd[1688]: L2TP cannot connect to the server
Jun 30 21:21:19 the-chaoss-imac racoon[132]: IKE Packet: transmit success. (Information message).
Jun 30 21:21:19 the-chaoss-imac racoon[132]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
Jun 30 21:21:19 the-chaoss-imac racoon[132]: IKE Packet: transmit success. (Information message).
Jun 30 21:21:19 the-chaoss-imac racoon[132]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
Jun 30 21:21:19 the-chaoss-imac configd[14]: SCNCController: Disconnecting. (Connection tried to negotiate for, 21 seconds).
Jun 30 21:21:20 the-chaoss-imac racoon[132]: Disconnecting. (Connection was up for, 21.029843 seconds).Do you have Back to my Mac enabled on the connecting client, server or an Airport Extreme hosting the server network? If so, turn it off. Back to my Mac uses an L2TP implementation for IPv6 that conflicts with the VPN server.
-
AC100 - No VPN L2TP/IPSec PSK available
Android 2.2 (Froyo) devices show for VPN connections the following possibilities: PPTP, L2TP, L2TP/IPSec PSK and L2TP/IPSec CRT (checked on serveral brands smartphones).
The AC100 is only showing PPTP and L2TP, so no L2TP/IPSec at all.
Any idea why they are missing and how to resolve this?
Need L2TP/IPSec for a VPN connection with a Sonicwall 3060/Pro.
Here's a description how to connect:[https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8658]Hi
As far as I know the L2TP/IPSec is available only for routed android devices.
So possibly this is the reason why the L2TP/IPSec in not available for AC100.
I found here a nice Android L2TP/IPSec VPN HowTo
http://blogs.nopcode.org/brainstorm/2010/08/22/android-l2tpipsec-vpn-mini-howto/
Maybe this could be helpful a little bit! -
10.5 Server VPN L2TP racoon cannot connect to socket
So there is another thread that didn't specify a fix and I'm hoping we can get this thing resolved.
OS X 10.5.8 Server with ports forwarded through firewall and landing on this box was working perfectly. It randomly has stopped and the vpnd.log is reporting...
Unable to connect racoon control socket (errno = 61)
This error happens about every second or so if VPN is enabled.
I have tried changing the subnet, disabling and re-enabling of L2TP, but nothing it working. I believe there is a stuck process that cannot die.
I'm assuming a reboot would resolve this, but this is a product system hosting other critical services and rebooting is not an easy process.
Thoughts?This is also happening to me, but on 10.6.2. I have restarted, changed subnet range, changed the shared secret, but I continue to get the EDT Unable to connect racoon control socket (errno = 61). I have had the same experience as Grant, but everything I try does not work. Has anyone resolve their issues with this error?
-
i am using osx server v2.21 (169) and using the L2TP with shared key VPN to connect my iphone to my home server, and browse through my home internet connection...
i have read numerous articles on the internet, and some here on the apple support communities that say L2TP VPN on OSX Server is not secure....
is that really the case?
thanksThere is no perfect security. Ever. A sufficiently determined attacker can and will succeed against anything you can do, given that sooner or later somebody involved will make an opsec mistake somewhere. Or the existing attacks against MD5, RC4 and SSL/TLS security — attacks including BEAST, CRIME Lucky 13, etc — will continue to be "weaponized".
Firewalls and VPNs only get you so far, and it's common for attackers to use a variety of attacks to try to breach those; to bypass the network security. So-called "spearphishing" tries to get somebody on the network to breach security for the attacker. The best VPN and the best firewall are worth nothing if you have Java lit in your web browser and the Java JVM sandbox gets breached (again), or if you receive and open a document that contains malware, for instance.
Facebook and other entities were recently breached using what was known as a watering hole attack, and that was only spotted based on detecting "odd" out-bound network traffic. The attack got around the firewalls and the VPNs and the rest of the security, and was active on the organizations' internal networks.
If you're securing nuclear secrets or large sums of money or exceedingly embarassing or sensitive data, then you definitely and certainly do need to focus on this stuff, and you're going to be spending time and effort and money on making your organization harder (emphasis on harder) to attack. But attacks will continue.
If you're dealing with a home network or a typical a small business network, then you just don't want to be the lowest of the low-hanging fruit around, and you want to avoid opsec mistakes such as open ports or weak passwords, and you don't want to give the good folks of the Internet reasons to attack you. You want to be not worth attacking, or not as "fun" and not as valuable to attack.
Even if your security is not attacked, a DDoS can still ruin your day.
As I've mentioned elsewhere, I much prefer using a VPN server in a gateway-firewall-router device — as VPNs and NAT don't mix very well — and I do use private certificate authority chains. But in terms of attacks? Keep your software and your security current, review your logs and your rules, DMZ any services you provide to "outside", maintain and verify backups — those backups can be your recovery path from a breach — and start looking at "odd" or "unexpected" outbound traffic, too. VPNs are just part of avoiding the mess of a cleanup. -
Leopard Server VPN L2TP Not receiving connections, PPTP works fine??
All,
Setting up a new OSX Snow Leopard server. The server is NOT running the firewall service. I created an L2TP VPN, with PPTP. PPTP works fine... however I am unable to connect to the L2TP.
I receive the error: The L2TP-VPN server did not respond. Try reconnecting, if the problem continues, verify your settings.
The server is behind an apple airport N router. I've tried connecting from both inside and outside (outside I mapped ports UDP 1701, 4500, and 500) with no luck. I even tried creating a VPN connection from the actual server to itself, and get the same error.
The logs show nothing - The extension is loaded, listening for connections, and nothing at all after that even after a connection try is made. PPTP works fine, and lots of logs there.
Appreciate any help!!I too since yesterday am having the same issue. It's as if the L2TP tunnel is not making it thru the Airport N DualWireless to the MacMini server. It was running just fine up until yesterday when I installed Security Update 2010-001 v1.0. I can use PPTP outside my network all day long and I can even use L2TP from inside my network just fine so I know the server is responding to local requests. I have tried from cell modem, client T1, client cable internet with no joy. I have rebooted AEBS & Server with no results. When trying L2TP from outside LAN and watching log in realtime it does not even show it's trying. I had this issue once before when I had mobileme "back to my mac" turned on and it was causing an issue but it's off and hasn't been on in some time. I suspect the update. Did you install that update?
-
VPN L2TP/IPsec can't start Openswan
Hi!
I am following the wiki-guide on how to setup the L2TP/IPsec:
https://wiki.archlinux.org/index.php/L2 … figuration
All I get in return for running
/etc/rc.d/openswan start
[buser@badmin etc]$ sudo /etc/rc.d/openswan start
/etc/rc.d/openswan: line 3: /etc/rc.conf: No such file or directory
/etc/rc.d/openswan: line 4: /etc/rc.d/functions: No such file or directory
/etc/rc.d/openswan: line 8: stat_busy: command not found
failed to start openswan IKE daemon - the following error occured:
can not load config '/etc/ipsec.conf': /etc/ipsec.conf:10: syntax error, unexpected CONFIG, expecting EOL [config]
/etc/rc.d/openswan: line 11: stat_fail: command not found
I presume there is something wrong with my command or the package. My config looks exactly as build in the wiki.
Does the pacakge lack systemd-support? Is there something I can do? I really need this protocol in my Arch, or SSTP if someone has a good tip - because I'm unable to get that running aswell.Openswan in aur has been updated to systemd support only. Please use systemctl start openswan.
-
Reset local client VPN L2TP settings
I can VPN in to my Mac OS X 10.7.3 Server from any Mac, but one.
All the tested Macs are on the same network, connecting to the same Server.
Is there a way to totally wipe the VPN settings from System Preferences (in the OS X System or Library) to give me a totally fresh start on this one troublsome Mac?
Thank you,Connect (locally) to Profile Manager on the server and download a profile for the VPN settings. Double-click to install. Remove the existing connection.
-
Cisco 2811 VPN L2TP over IPSEC
Hi,
Does the cisco 2811 support L2TP over IPSEC?Check these links:
http://www.cisco.com/en/US/products/ps5854/products_data_sheets_list.html
http://www.cisco.com/en/US/products/ps5854/products_qanda_item0900aecd80169bd6.shtml
http://www.cisco.com/en/US/products/ps5854/products_qanda_item0900aecd80169bba.shtml -
10.6.4 Server L2TP VPN using external RADIUS - Authorization Failed
I'm using 10.6.4 with VPN L2TP configured successfully using local user database for authentication. Now i want to configure the VPN to use Steel Belted Radius server for authentication (that hooked up to another LDAP server) for authentication.
I've configured the VPN service to use the radius server, authentication to radius is occurring but i'm getting errors that the user is not authorized to use the VPN service.
Is there a way to configure 10.6's VPN service to authorize any user that successfully authenticates against Radius?
NOTE: I've played around with Server Admin's access for VPN, with it set to all users, everyone ect, this did not make any difference to the error i'm getting from the vpn service.
Here's the log out put when the connection fails.
2010-08-27 12:52:34 PDT Loading plugin /System/Library/Extensions/L2TP.ppp
2010-08-27 12:52:34 PDT Listening for connections...
2010-08-27 12:52:39 PDT Incoming call... Address given to client = 192.168.105.1
Fri Aug 27 12:52:39 2010 : Directory Services Authorization plugin initialized
Fri Aug 27 12:52:39 2010 : L2TP incoming call in progress from '[ip address redacted]'…
Fri Aug 27 12:52:39 2010 : L2TP received SCCRQ
Fri Aug 27 12:52:39 2010 : L2TP sent SCCRP
Fri Aug 27 12:52:39 2010 : L2TP received SCCCN
Fri Aug 27 12:52:39 2010 : L2TP received ICRQ
Fri Aug 27 12:52:39 2010 : L2TP sent ICRP
Fri Aug 27 12:52:39 2010 : L2TP received ICCN
Fri Aug 27 12:52:39 2010 : L2TP connection established.
Fri Aug 27 12:52:39 2010 : using link 0
Fri Aug 27 12:52:39 2010 : Using interface ppp0
Fri Aug 27 12:52:39 2010 : Connect: ppp0 <--> socket[34:18]
Fri Aug 27 12:52:39 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : lcp_reqci: returning CONFACK.
Fri Aug 27 12:52:39 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoReq id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : sent [CHAP Challenge id=0xc8 <086a03234947113037497f4326585a1f>, name = "OSX SERVER"]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoReq id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoRep id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoRep id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : rcvd [CHAP Response id=0xc8 <5ad3c0cb063694e473f51c9252e007f400000000000000003701b4fa8e7b844e072cddeceefa73 173d7415c85cae976700>, name = "USERNAME"]
Fri Aug 27 12:52:40 2010 : sent [CHAP Success id=0xc8 "S=934D6E79F45791A61C378789A4D719BC6F249574"]
*Fri Aug 27 12:52:40 2010 : CHAP peer authentication succeeded for USERNAME*
*Fri Aug 27 12:52:40 2010 : DSAccessControl plugin: User 'USERNAME' not authorized for access*
*Fri Aug 27 12:52:40 2010 : sent [LCP TermReq id=0x2 "Authorization failed"]*
Fri Aug 27 12:52:40 2010 : Connection terminated.
Fri Aug 27 12:52:40 2010 : L2TP disconnecting...
Fri Aug 27 12:52:40 2010 : L2TP sent CDN
Fri Aug 27 12:52:40 2010 : L2TP sent StopCCN
Fri Aug 27 12:52:40 2010 : L2TP disconnected
2010-08-27 12:52:40 PDT --> Client with address = 192.168.105.1 has hungup
Message was edited by: sarah maysI'm using 10.6.4 with VPN L2TP configured successfully using local user database for authentication. Now i want to configure the VPN to use Steel Belted Radius server for authentication (that hooked up to another LDAP server) for authentication.
I've configured the VPN service to use the radius server, authentication to radius is occurring but i'm getting errors that the user is not authorized to use the VPN service.
Is there a way to configure 10.6's VPN service to authorize any user that successfully authenticates against Radius?
NOTE: I've played around with Server Admin's access for VPN, with it set to all users, everyone ect, this did not make any difference to the error i'm getting from the vpn service.
Here's the log out put when the connection fails.
2010-08-27 12:52:34 PDT Loading plugin /System/Library/Extensions/L2TP.ppp
2010-08-27 12:52:34 PDT Listening for connections...
2010-08-27 12:52:39 PDT Incoming call... Address given to client = 192.168.105.1
Fri Aug 27 12:52:39 2010 : Directory Services Authorization plugin initialized
Fri Aug 27 12:52:39 2010 : L2TP incoming call in progress from '[ip address redacted]'…
Fri Aug 27 12:52:39 2010 : L2TP received SCCRQ
Fri Aug 27 12:52:39 2010 : L2TP sent SCCRP
Fri Aug 27 12:52:39 2010 : L2TP received SCCCN
Fri Aug 27 12:52:39 2010 : L2TP received ICRQ
Fri Aug 27 12:52:39 2010 : L2TP sent ICRP
Fri Aug 27 12:52:39 2010 : L2TP received ICCN
Fri Aug 27 12:52:39 2010 : L2TP connection established.
Fri Aug 27 12:52:39 2010 : using link 0
Fri Aug 27 12:52:39 2010 : Using interface ppp0
Fri Aug 27 12:52:39 2010 : Connect: ppp0 <--> socket[34:18]
Fri Aug 27 12:52:39 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : lcp_reqci: returning CONFACK.
Fri Aug 27 12:52:39 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x7e9db3cb> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x55fc9b88> <pcomp> <accomp>]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoReq id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : sent [CHAP Challenge id=0xc8 <086a03234947113037497f4326585a1f>, name = "OSX SERVER"]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoReq id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : sent [LCP EchoRep id=0x0 magic=0x55fc9b88]
Fri Aug 27 12:52:39 2010 : rcvd [LCP EchoRep id=0x0 magic=0x7e9db3cb]
Fri Aug 27 12:52:39 2010 : rcvd [CHAP Response id=0xc8 <5ad3c0cb063694e473f51c9252e007f400000000000000003701b4fa8e7b844e072cddeceefa73 173d7415c85cae976700>, name = "USERNAME"]
Fri Aug 27 12:52:40 2010 : sent [CHAP Success id=0xc8 "S=934D6E79F45791A61C378789A4D719BC6F249574"]
*Fri Aug 27 12:52:40 2010 : CHAP peer authentication succeeded for USERNAME*
*Fri Aug 27 12:52:40 2010 : DSAccessControl plugin: User 'USERNAME' not authorized for access*
*Fri Aug 27 12:52:40 2010 : sent [LCP TermReq id=0x2 "Authorization failed"]*
Fri Aug 27 12:52:40 2010 : Connection terminated.
Fri Aug 27 12:52:40 2010 : L2TP disconnecting...
Fri Aug 27 12:52:40 2010 : L2TP sent CDN
Fri Aug 27 12:52:40 2010 : L2TP sent StopCCN
Fri Aug 27 12:52:40 2010 : L2TP disconnected
2010-08-27 12:52:40 PDT --> Client with address = 192.168.105.1 has hungup
Message was edited by: sarah mays -
OS X Server / VPN /The L2TP-VPN server did not respond...HELP!
I am very new to OS X Server and my goal is to setup DNS & VPN! I would like to have this setup to be able to connect into my apple computer from work or friends house. I am using an Apple Airport Extreme router and im also using the latest version OS X Mountain Lion with OS X Server installed. I have started an account with dyndns website for user host name (using a [email protected] address). I assume this would be used as an alternate way of being able to connect without starting a personal website. I also signed up for another site (no-ip) and I now have a different IP address (not sure if that was necessary). I then followed instructions on youtube (instructional videos by todd for OS X Server Mountain Lion) which seemed to be very easy to understand. But after setting up my VPN on the client side (network setting in system preferences), i tried to connect VPN (L2TP) and i receive this error message "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.". When I open Consol in the utilities folder, I am seeing part of the following message below;
racoon[117]: IKE Packet: transmit success. (Phase1 Retransmit).
racoon[117]: IKE Packet: receive failed. (malformed or unexpected cookie).
pppd[490]: IPSec connection failed
Does anyone know what's happening or what I need to do to fix this? Or can someone tell me the basic requirements to setting things up correctly?Im using Comcast for my ISP and from the wall I have a Motorola Surfboard 6120 cable modem (not sure how to access my setting on the modem). So basically I have my 6120 cable modem connected to the Apple AirportExtreme router and is then wirelessly connected to my macbook pro. im providing screen shots of my apple router settings, OS X Server settings and firewall (which is turned off) settings. Any suggestion on how i should set things up or if you can tell me step by step would be greatly appreciated.
Maybe you are looking for
-
CCA 3.2.2 Software Pack 8.6.1 and Windows 8
Hi there, Anyone done this upgrade with Windows 8? We completed the upgrade successfully and everything updated (it seems), except we cannot connect to the phone system on any vlan at this point. Cisco told me it was because my laptop i performed t
-
HT201317 The photo stream flower icon is not showing up on my icloud account?! Why?
The photo stream flower icon is not showing up on my icloud account. The only icons are Mail, contacts, calendar and iwrok. What can I do??
-
Preflight InDesign function/panel not work
I have updated Indesign to the last update of CC 2014 ITALIAN language, and the preflight (verifica preliminare) function, has stopped working from one day to another! Both new documents and on documents from older versions of Creative Suite, Preflig
-
Reader 9 for Mac "Enable Reader Usage Rights"
how is this done for mac's in 9? all of the forums say go to the advanced tab and then just enable them there... there is no advanced drop down menu? I need to add in comments and such but can't do that until i have Enabled Reader Usage Rights, pleas
-
Method to restart Oracle Apps 11i OPP via Unix command line
Hi All, Does any one knows if there any way to restart Oracle Apps 11i Output Post Processor (OPP) via the UNIX command line? Thanks