VPN Not working due to College Proxy Settings

2014-04-27 11:11:05 *Tunnelblick: OS X 10.9.1; Tunnelblick 3.3.0 (build 3518)
2014-04-27 11:11:05 *Tunnelblick: Attempting connection with EarthVPN-India, Pune; Set nameserver = 1; monitoring connection
2014-04-27 11:11:05 *Tunnelblick: openvpnstart start EarthVPN-India,\ Pune.tblk 1338 1 0 3 0 305 -atADGNWradsgnw -
2014-04-27 11:11:05 *Tunnelblick: openvpnstart starting OpenVPN:
2014-04-27 11:11:06 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-27 11:11:06 Socket Buffers: R=[131072->65536] S=[131072->65536]
2014-04-27 11:11:06 MANAGEMENT: >STATE:1398577266,RESOLVE,,,
2014-04-27 11:11:36 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:11:36 MANAGEMENT: >STATE:1398577296,RESOLVE,,,
2014-04-27 11:12:06 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:12:41 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:13:16 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:13:51 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:14:26 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:15:01 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:15:37 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:16:12 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:16:47 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:17:22 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:17:57 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:18:08 *Tunnelblick: Disconnecting; 'disconnect' button pressed
2014-04-27 11:18:08 *Tunnelblick: Disconnecting using 'killall'
2014-04-27 11:18:32 RESOLVE: signal received during DNS resolution attempt
2014-04-27 11:18:32 SIGTERM[hard,init_instance] received, process exiting
2014-04-27 11:18:32 MANAGEMENT: >STATE:1398577712,EXITING,init_instance,,
2014-04-27 11:18:33 *Tunnelblick: No 'post-disconnect.sh' script to execute

Thanks for the reply Jkbull .
My issue was solved by using "Viscosity" a vpn client for Mac which even works with OSX Yosemite.
but i cannot find any solution for tunnelblick.
I am not sure but think the problem was with tun-tap settings or 443 port.
I have tried changing the reference to "pun-in.earthvpn.com" in the OpenVPN configuration file to its current IP address of "103.250.184.251".
I have an option in mac network settings to use one or more DNS Servers so i have added Google Public DNS and my college DNS server- "202.141.81.2".
I Cannot connect to Internet by not using proxy because our connections go through our proxy server "202.141.80.19:3128" and we have user-password login for this server to establish a internet connection.
The Problem still persists.
When i connect with viscosity,
Initially i use my college proxy settings.
Connect to EarthVpn by using Viscosity
It asks me with the username, password of the earthvpn account and when provided it establishes connection.
I use no proxy(that is remove my proxy settings) after the connection is established.
Now it is connected to VPN.
I wish tunnelblick guys come up a solution for this problem.

Similar Messages

Fring not working on 5800 with proxy settings

I have already set my internet proxy settings and so internet works perfectly fine. What I dont understand is why my fring won't work. Any help? Thanks.

Hi. I m Rai Singh using Nokia 5800 XM. I sucessfully installed fringSymbian94.sis , no probs But i m unable to connect via gprs. I m using idea gors service (NOP99).
My gprs settings are
Apn SpiceExcite
Usr name Blank
Passwrd Blank
Authentication Normal
Advanc setings-
Proxy 10.11.12.13
Port 9401
I had also tried without proxy and with secured authenticatn bt same result NO. I think fring developers hav to solve this prob in the nxt upcoming version to meet the challenges of other IM providers as it is major drawback of fring. Otherwise it is awesom software. Hoping for quick action from ur side..
Moderator note: Personal contact details removed
Message Edited by dazz19 on 10-May-2009 06:11 PM

Application is not working due to memory issue

Hi Friesnds,
Kindly help me regarding settings in java. Scenario is like that. I have one server having two jboss versions (jboss-4.2.3 GA and jboss- 3.2.6). Each having java memory (JVM settings) 1 GB. The total memory of that server is 3 GB.
Problem is that every two days my application is not working due to memory issue. Once i freed the memory (through run the commands - (1). sync
(2). echo 3 > /proc/sys/vm/drop_caches
Application works fine.
I heared that the above command (echo 3 > /proc/sys/vm/drop_caches) can't run frequently because of server crash.
Kindly help me regarding this issue and provide the resolution.
Let me know if you need more information from my side.
Thanks
Ashish Shukla

All of the above. I tested on 4 different networks and had no luck, I also had friends test my network and the other networks with their iPhones and all had no issues using FaceTime.
Also after I wiped my phone (erased all content and settings) I was able to successfully initiate a FaceTime call with no changes to my network and was also able to initiate another call when connected to another previously tested network that didn't work before. Once I restored from backup though, FaceTime stopped working again.
I did find this discussion: https://discussions.apple.com/thread/5163024?start=0&tstart=0
and tried the suggestions found there too. That discussion describes my issue I am having as well.

VPN not working after upgrading to Mavericks

After upgrading to OS X 10.9 Mavericks - VPN not working. I am able to connect to VPN server fron inside local network, but can't do the same from outside through the router (1. I have statis external IP 2. NAT port forwarding is OK 3. Other services on my server work fine through router & NAT using external IP).
Tried:
1. Downgrading JAVA from 7.0: https://discussions.apple.com/message/23673943#23673943 - doesn't help
2. kern.ipc.maxsockbuf is big enough: https://discussions.apple.com/message/23525980#23525980
Also, IMHO, Apple periodically delete messages from forum about this problem, does anyone else has teh same feeling?
Any thoughts?

After upgrading to OS X 10.9 Mavericks - VPN not working. I am able to connect to VPN server fron inside local network, but can't do the same from outside through the router (1. I have statis external IP 2. NAT port forwarding is OK 3. Other services on my server work fine through router & NAT using external IP).
Tried:
1. Downgrading JAVA from 7.0: https://discussions.apple.com/message/23673943#23673943 - doesn't help
2. kern.ipc.maxsockbuf is big enough: https://discussions.apple.com/message/23525980#23525980
Also, IMHO, Apple periodically delete messages from forum about this problem, does anyone else has teh same feeling?
Any thoughts?

After updating to Firefox 5 my Realplayer Recorder is not working due to that add on not being compatible. How do I get this to work again?

After updating to Firefox 5 my Realplayer Recorder is not working due to that add on not being compatible. How do I get this to work again?

Blue
It sounds like you restored from an old back-up. Did you back-up just before your software update? It will use your last one and if your last back-up was a ywear old then it will use that one.
In general, if you are getting these messages on your iPhones select logout (when you get that Apple Id request) and then log back in with your newer ID.
Sorry for your losses.
Cheers

My imessage is not working. I went into settings, then messages, and it says my imessage activation is unsuccessful. What do I do to get imessage working again. When I turn it on it sends imessae through my email not my phone number

My imessage is not working. I went into settings, then messages, and it says my imessage activation is unsuccessful. What do I do to get imessage working again. When I turn it on it sends imessae through my email not my phone number

It is starting to get a common problem (iMessage), try doing this:
http://www.imore.com/having-trouble-imessage-or-facetime-ios-7-heres-how-fix-it
Good Luck

In the context of restoring a drive from a backup, i copied /etc/sudoers from my backup. Now it does not work due to the permissions not being correct (even though it was copied via sudo cp -rp)

In the context of restoring a drive from a backup, i copied /etc/sudoers from my backup. Now it does not work due to the permissions not being correct (even though it was copied via sudo cp -rp)

Most likely you have Office 2004 which are PPC-only applications and will not work in Lion. Upgrade to Office 2011. Other alternatives are:
Apple's iWork suite (Pages, Numbers, and Keynote.)
Open Office (Office 2007-like suite compatible with OS X.)
NeoOffice (similar to Open Office.)
LibreOffice (a new direction for the Open Office suite.)

Passwords, auto-fill in safari does not work it is enabled in settings, what can do

passwords, auto-fill in safari does not work it is enabled in settings, what can do

Private Browsing Off.
Private Browsing On.

VPN not working after Update from SLS to MLS

Hi folks,
last weekend I updated my Snow Leopard Server following the suggested procedure, installed first Mountain Lion and then OS X Server. Now I have a problem.
Setup:
- Macmini Server located in my private LAN, running SLS as a virtual machine (VMware)
- connected to the Internet via an AVM FritzBox 7270
For HTTP (80) and VPN (500, 1701 and 4500) the ports are forwarded to the virtual machine - everything was working well before the update (access to Website & VPN from both internal and external). The VPN connection is used either with an iPhoen or with my Macbook pro.
The website is still working like expected. VPN service is not working properly anymore. I can access it from internal, but not from external.
So, to make it clear, nothing but the server OS changed in the setup.
Any ideas? Changed ports from 10.6 to 10.8?
Thanks in advance,
Andre
(err, and YES, I have a snapshot of 10.6. - if I revert it's working again, but this can't be the solution)

Hi all,
to point out the difference, this is what the logs say....
Connecting from internal, VPN success:
21.06.13 18:12:13,880
racoon[226]
IPSec Phase1 started (Initiated by peer).
21.06.13 18:12:13,882
racoon[226]
IKE Packet: receive success. (Responder, Main-Mode message 1).
21.06.13 18:12:13,883
racoon[226]
IKE Packet: transmit success. (Responder, Main-Mode message 2).
21.06.13 18:12:13,921
racoon[226]
IKE Packet: receive success. (Responder, Main-Mode message 3).
21.06.13 18:12:13,942
racoon[226]
IKE Packet: transmit success. (Responder, Main-Mode message 4).
21.06.13 18:12:13,969
racoon[226]
IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).
21.06.13 18:12:13,969
racoon[226]
IKE Packet: receive success. (Responder, Main-Mode message 5).
21.06.13 18:12:13,970
racoon[226]
IKEv1 Phase1 Responder: success. (Responder, Main-Mode).
21.06.13 18:12:13,970
racoon[226]
IKE Packet: transmit success. (Responder, Main-Mode message 6).
21.06.13 18:12:13,970
racoon[226]
IPSec Phase1 established (Initiated by peer).
21.06.13 18:12:14,881
racoon[226]
IPSec Phase2 started (Initiated by peer).
21.06.13 18:12:14,881
racoon[226]
IKE Packet: receive success. (Responder, Quick-Mode message 1).
21.06.13 18:12:14,881
racoon[226]
IKE Packet: transmit success. (Responder, Quick-Mode message 2).
21.06.13 18:12:14,885
racoon[226]
IKE Packet: receive success. (Responder, Quick-Mode message 3).
21.06.13 18:12:14,886
racoon[226]
IKEv1 Phase2 Responder: success. (Responder, Quick-Mode).
21.06.13 18:12:14,886
racoon[226]
IPSec Phase2 established (Initiated by peer).
21.06.13 18:12:14,890
vpnd[1210]
Incoming call... Address given to client = 192.168.0.203
21.06.13 18:12:14,918
pppd[1371]
pppd 2.4.2 (Apple version 596.13) started by root, uid 0
21.06.13 18:12:14,923
pppd[1371]
L2TP incoming call in progress from '192.168.0.117'...
21.06.13 18:12:14,931
pppd[1371]
L2TP connection established.
21.06.13 18:12:14,935
pppd[1371]
Connect: ppp1 <--> socket[34:18]
21.06.13 18:12:14,944
UserEventAgent[17]
Captive: [mySCCopyWiFiDevices:162] WiFi Device Name == NULL
21.06.13 18:12:15,036
pppd[1371]
CHAP peer authentication succeeded for <username>
21.06.13 18:12:15,042
pppd[1371]
DSAccessControl plugin: User '<username>' authorized for access
21.06.13 18:12:15,052
pppd[1371]
Unsupported protocol 0x8057 received
21.06.13 18:12:15,058
pppd[1256]
l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.0.103), current interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
21.06.13 18:12:15,058
pppd[1371]
local IP address 192.168.0.103
21.06.13 18:12:15,059
pppd[1371]
remote IP address 192.168.0.203
21.06.13 18:12:15,061
pppd[1371]
l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.0.103), current interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
21.06.13 18:12:15,068
configd[21]
network changed: v4(en0:192.168.0.103, ppp0, ppp1+:192.168.0.103) DNS* Proxy SMB
21.06.13 18:12:17,102
apsd[466]
Certificate not yet generated
21.06.13 18:12:18,103
apsd[466]
Certificate not yet generated
21.06.13 18:12:19,004
apsd[466]
Couldn't find cert in response dict
21.06.13 18:12:19,006
apsd[466]
Failed to get client cert on attempt 11, will retry in 900 seconds
21.06.13 18:12:19,066
racoon[226]
IKE Packet: transmit success. (Information message).
21.06.13 18:12:19,067
racoon[226]
IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
21.06.13 18:12:19,120
apsd[466]
Certificate not yet generated
21.06.13 18:12:21,802
pppd[1256]
l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.0.103), deleted interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
21.06.13 18:12:21,817
pppd[1371]
l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.0.103), deleted interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
21.06.13 18:12:21,822
configd[21]
network changed: v4(en0:192.168.0.103, ppp0, ppp1-:192.168.0.103) DNS* Proxy SMB
21.06.13 18:12:21,981
pppd[1371]
Fatal signal 6
21.06.13 18:12:21,982
racoon[226]
IKE Packet: receive success. (Information message).
21.06.13 18:12:22,011
vpnd[1210]
--> Client with address = 192.168.0.203 has hungup
21.06.13 18:12:22,022
UserEventAgent[17]
Captive: [mySCCopyWiFiDevices:162] WiFi Device Name == NULL
21.06.13 18:12:23,837
apsd[466]
Certificate not yet generated
21.06.13 18:12:23,839
apsd[466]
Certificate not yet generated
21.06.13 18:12:25,148
apsd[466]
Couldn't find cert in response dict
21.06.13 18:12:25,148
apsd[466]
Failed to get client cert on attempt 12, will retry in 900 seconds
21.06.13 18:12:25,845
apsd[466]
Certificate not yet generated
Connecting from external, VPN fail:
21.06.13 18:10:52,533
racoon[226]
Connecting.
21.06.13 18:10:52,533
racoon[226]
IPSec Phase1 started (Initiated by peer).
21.06.13 18:10:52,535
racoon[226]
IKE Packet: receive success. (Responder, Main-Mode message 1).
21.06.13 18:10:52,536
racoon[226]
IKE Packet: transmit success. (Responder, Main-Mode message 2).
21.06.13 18:10:52,692
racoon[226]
IKE Packet: receive success. (Responder, Main-Mode message 3).
21.06.13 18:10:52,713
racoon[226]
IKE Packet: transmit success. (Responder, Main-Mode message 4).
21.06.13 18:10:52,882
racoon[226]
IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).
21.06.13 18:10:52,882
racoon[226]
IKE Packet: receive success. (Responder, Main-Mode message 5).
21.06.13 18:10:52,882
racoon[226]
IKEv1 Phase1 Responder: success. (Responder, Main-Mode).
21.06.13 18:10:52,883
racoon[226]
IKE Packet: transmit success. (Responder, Main-Mode message 6).
21.06.13 18:10:52,883
racoon[226]
IPSec Phase1 established (Initiated by peer).
21.06.13 18:10:53,412
racoon[226]
Connecting.
21.06.13 18:10:53,413
racoon[226]
IPSec Phase2 started (Initiated by peer).
21.06.13 18:10:53,413
racoon[226]
IKE Packet: receive success. (Responder, Quick-Mode message 1).
21.06.13 18:10:53,414
racoon[226]
IKE Packet: transmit success. (Responder, Quick-Mode message 2).
21.06.13 18:10:53,531
racoon[226]
IKE Packet: receive success. (Responder, Quick-Mode message 3).
21.06.13 18:10:53,532
racoon[226]
IKEv1 Phase2 Responder: success. (Responder, Quick-Mode).
21.06.13 18:10:53,532
racoon[226]
IPSec Phase2 established (Initiated by peer).
21.06.13 18:11:13,643
racoon[226]
IKE Packet: receive success. (Information message).
21.06.13 18:11:13,671
racoon[226]
IKE Packet: receive success. (Information message).
Hope you see more than me and can help... :-(

[Solved] NetworkManager-pptp VPN not working after update to 0.9.10

Hello,
I have a PPTP VPN set up and it's been working for a long time. However, after I updated last night to networkmanager-0.9.10, it is no longer able to connect to the remote network. I can activate the VPN connection, enter my password, but after a short period of time, the connection reports: "Error: Connection activation failed: the VPN service returned invalid configuration." As I mentioned before, this VPN was working right before the update and I didn't change the configuration on either my computer or the destination network so I'm pretty sure that this is something to do with the update. I'm wondering if anybody else has run into this problem and if they've been able to find a solution. I've been searching all over these forums and the internet for some hours now and I haven't found anything yet. I'm hoping that somebody might be able to point me in the right direction or maybe know of something that might have changed with the new update.
Here is my VPN configuration (using NetworkManager-PPTP. I've also obscured the public IP address):
[connection]
id=MyVPN
uuid=fe6e6265-1a79-4a69-b6d1-8b47e9d4c948
type=vpn
permissions=user:greyseal96:;
autoconnect=false
timestamp=1408950986
[vpn]
service-type=org.freedesktop.NetworkManager.pptp
gateway=192.168.146.114
require-mppe=yes
user=greyseal96
password-flags=3
[ipv6]
method=auto
[ipv4]
method=auto
route1=10.17.0.0/16,10.17.1.1,1
never-default=true
Here are my logs during the time that I tried to connect:
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> Starting VPN service 'pptp'...
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 1938
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' appeared; activating connections
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN plugin state changed: starting (3)
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: pppd started with pid 1945
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (Connect) reply received.
Aug 24 23:44:21 MyArchBox pppd[1945]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
Aug 24 23:44:21 MyArchBox pppd[1945]: pppd 2.4.6 started by root, uid 0
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Aug 24 23:44:21 MyArchBox pppd[1945]: Using interface ppp0
Aug 24 23:44:21 MyArchBox pppd[1945]: Connect: ppp0 <--> /dev/pts/2
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Using interface ppp0
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Connect: ppp0 <--> /dev/pts/2
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 10)
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/9
Aug 24 23:44:21 MyArchBox pptp[1947]: nm-pptp-service-1938 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 50048).
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 6 / phase 'authenticate'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): passwd-hook, requesting credentials...
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): got credentials from NetworkManager-pptp
Aug 24 23:44:25 MyArchBox pppd[1945]: CHAP authentication succeeded
Aug 24 23:44:25 MyArchBox NetworkManager[578]: CHAP authentication succeeded
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE 128-bit stateless compression enabled
Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE 128-bit stateless compression enabled
Aug 24 23:44:25 MyArchBox pppd[1945]: Cannot determine ethernet address for proxy ARP
Aug 24 23:44:25 MyArchBox pppd[1945]: local IP address 10.17.10.3
Aug 24 23:44:25 MyArchBox pppd[1945]: remote IP address 10.17.10.1
Aug 24 23:44:25 MyArchBox pppd[1945]: primary DNS address 10.17.2.22
Aug 24 23:44:25 MyArchBox pppd[1945]: secondary DNS address 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN Gateway: 192.168.146.114
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Tunnel Device: ppp0
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> IPv4 configuration:
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Address: 10.17.10.3
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Prefix: 32
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Point-to-Point Address: 10.17.10.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Maximum Segment Size (MSS): 0
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Static Route: 10.17.0.0/16 Next Hop: 10.17.1.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Forbid Default Route: yes
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal DNS: 10.17.2.22
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal DNS: 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> DNS Domain: '(none)'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> No IPv6 configuration
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.481618] [platform/nm-linux-platform.c:1716] add_object(): Netlink error adding 10.17.0.0/16 via 10.17.1.1 dev ppp0 metric 1 mss 0 src user: Unspecific failure
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <warn> VPN connection 'MyVPN' did not receive valid IP config information.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Cannot determine ethernet address for proxy ARP
Aug 24 23:44:25 MyArchBox NetworkManager[578]: local IP address 10.17.10.3
Aug 24 23:44:25 MyArchBox NetworkManager[578]: remote IP address 10.17.10.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: primary DNS address 10.17.2.22
Aug 24 23:44:25 MyArchBox NetworkManager[578]: secondary DNS address 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 9 / phase 'running'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): ip-up event
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): sending Ip4Config to NetworkManager-pptp...
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: PPTP service (IP Config Get) reply received.
Aug 24 23:44:25 MyArchBox pppd[1945]: Terminating on signal 15
Aug 24 23:44:25 MyArchBox pppd[1945]: Modem hangup
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Aug 24 23:44:25 MyArchBox pppd[1945]: Connect time 0.0 minutes.
Aug 24 23:44:25 MyArchBox pppd[1945]: Sent 0 bytes, received 0 bytes.
Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE disabled
Aug 24 23:44:25 MyArchBox pppd[1945]: Connection terminated.
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox NetworkManager[578]: inet 10.17.0.0/16 table main
Aug 24 23:44:25 MyArchBox NetworkManager[578]: priority 0x1 protocol static
Aug 24 23:44:25 MyArchBox NetworkManager[578]: nexthop via 10.17.1.1 dev 10
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487073] [platform/nm-linux-platform.c:2252] link_change(): Netlink error changing link 10: <DOWN> mtu 0 (1) driver 'unknown' udi '/sys/devices/virtual/net/ppp0': No such device
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487153] [platform/nm-linux-platform.c:1777] delete_object(): Netlink error deleting 10.17.10.3/32 lft forever pref forever lifetime 1862-0[4294967295,4294967295] dev ppp0 src kernel: No such device (-31)
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: Terminated ppp daemon with PID 1945.
Aug 24 23:44:25 MyArchBox kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev- instead.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Terminating on signal 15
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Modem hangup
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connect time 0.0 minutes.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Sent 0 bytes, received 0 bytes.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE disabled
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 10 / phase 'terminate'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connection terminated.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
Aug 24 23:44:25 MyArchBox pppd[1945]: Exit.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** (nm-pptp-service:1938): WARNING **: pppd exited with error code 16
Aug 24 23:44:45 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' disappeared
If you've gotten this far, thank you for taking the time to read through all this! Any help that you can give would be much appreciated.
Last edited by greyseal96 (2014-08-27 15:20:02)

Hmm, not sure about the 3.16 series kernel, but I found that when I upgraded to kernel 3.18 the PPTP VPN also stopped working. This time, though, it was because, for some reason, there was a change in kernel 3.18 where the firewall kernel modules necessary for the VPN don't get loaded so the firewall won't allow some of the PPTP traffic from the remote side back in. Since the firewall is stateful, these modules need to be loaded so that the firewall can know that the incoming PPTP traffic from the remote side is part of an existing connection. Here's what my network manager logs looked like:
NetworkManager[619]: <info> Starting VPN service 'pptp'...
NetworkManager[619]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 31139
NetworkManager[619]: <info> VPN service 'pptp' appeared; activating connections
NetworkManager[619]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
NetworkManager[619]: <info> VPN plugin state changed: starting (3)
NetworkManager[619]: ** Message: pppd started with pid 31148
NetworkManager[619]: <info> VPN connection 'MyVPN' (Connect) reply received.
pppd[31148]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
NetworkManager[619]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
pppd[31148]: pppd 2.4.7 started by root, uid 0
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
pppd[31148]: Using interface ppp0
pppd[31148]: Connect: ppp0 <--> /dev/pts/5
NetworkManager[619]: Using interface ppp0
NetworkManager[619]: Connect: ppp0 <--> /dev/pts/5
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
NetworkManager[619]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 7)
NetworkManager[619]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/6
pptp[31150]: nm-pptp-service-31139 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 25344).
pppd[31148]: LCP: timeout sending Config-Requests <===HERE IS WHERE THE CONNECTION FAILS BECAUSE THE MODULES AREN'T LOADED.
pppd[31148]: Connection terminated.
NetworkManager[619]: LCP: timeout sending Config-Requests
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
NetworkManager[619]: Connection terminated.
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
pppd[31148]: Modem hangup
pppd[31148]: Exit.
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: Modem hangup
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: <info> VPN plugin state changed: stopped (6)
NetworkManager[619]: <info> VPN plugin state change reason: unknown (0)
NetworkManager[619]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
NetworkManager[619]: ** (nm-pptp-service:31139): WARNING **: pppd exited with error code 16
NetworkManager[619]: <info> VPN service 'pptp' disappeared
To fix this, I had to add a file to the /etc/modules-load.d directory to have the modules loaded into the kernel at boot. I just created a file called netfilter.conf and put the following in it:
nf_nat_pptp
nf_conntrack_pptp
nf_conntrack_proto_gre
Not sure if this addresses your problem or not, but maybe it's worth a look.

VPN not working after adding subinterface - ASA 5510

Hello,
Currently I want to add a second lan (vlan) in a customers network. The new network will be for a wireless infrastructure.
There is also VPN Configured on the ASA - One with L2TP for Windows Clients and an IPsec for Cisco Clients.
Former we only had one outside (Eth0/0) and one inside interface (Eth0/1) on the ASA.
Now I want to use the Eth0/2 with subinterfaces, so that we will be flexible for future, when deploying more vlans.
But now, when i turn the first subinterface Eth0/2.2 to no-shut the VPN Connections does not work any more.
Bulding up the VPN connection works, but it seems that the traffic is not tunneled. (I checked this, because tracert to an internal adress goes to the internet)
Below there is my config, i don't know whats wrong. I think split-tunnel is configured correctly (because it works when i delete eth0/2.2)
TREV is the network of this location.
Company1,2,3 are remote locations.
: Saved
ASA Version 8.2(5)
hostname XXXXXXX
domain-name domain.lan
enable password XXXXXXXXXXX encrypted
passwd XXXXXXXXXX encrypted
names
name 192.168.100.0 TREV
name 192.168.200.0 COMPANY3
name XXXXXXXX Company1
name 192.168.1.0 Company2
name XXXXXXXXX GCT
name XXXXXXXX BMD
name 192.168.110.0 Wireless
name 192.168.201.0 COMPANY3-VPN
name 192.168.11.0 COMPANY2-VPN
name 192.168.101.0 TREV-VPN
interface Ethernet0/0
description Outside
nameif outside
security-level 0
ip address XXXXX 255.255.255.248
interface Ethernet0/1
description Inside
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Ethernet0/2
description Trunk Interface
no nameif
no security-level
no ip address
interface Ethernet0/2.2
description Wireless
vlan 110
nameif wlan
security-level 100
ip address 192.168.110.1 255.255.255.0
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.100.10
domain-name domain.lan
dns server-group COMPANY2
name-server 192.168.1.16
domain-name domain.local
dns server-group COMPANY3
name-server 192.168.200.1
domain-name domain.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network VPN_Networks
network-object COMPANY3 255.255.255.0
network-object COMPANY3-VPN 255.255.255.0
network-object COMPANY2 255.255.255.0
network-object COMPANY2-VPN 255.255.255.0
network-object TREV 255.255.255.0
network-object TREV-VPN 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object COMPANY2 255.255.255.0
network-object COMPANY3 255.255.255.0
network-object COMPANY3-VPN 255.255.255.0
network-object COMPANY2-VPN 255.255.255.0
network-object Wireless 255.255.255.0
access-list INCOMING remark *** ICMP Erlauben ***
access-list INCOMING extended permit icmp any any echo-reply
access-list INCOMING extended permit icmp any any time-exceeded
access-list INCOMING extended permit icmp any any unreachable
access-list INCOMING extended permit icmp any any parameter-problem
access-list INCOMING extended permit icmp any any source-quench
access-list INCOMING extended permit icmp any any echo
access-list INCOMING remark *** Wartung Company1 ***
access-list INCOMING remark *** Wartung BMD ***
access-list INCOMING remark *** Mail ***
access-list ......
access-list Trev-nat0 remark *** NoNat ***
access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group VPN_Networks
access-list Trev-nat0 extended permit ip object-group VPN_Networks TREV 255.255.255.0
access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list DefaultRAGroup_splitTunnelAcl standard permit TREV 255.255.255.0
access-list outside_1_cryptomap extended permit ip TREV 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list inside_debug extended permit tcp any host 192.168.100.5
access-list inside_debug extended permit tcp any TREV 255.255.255.0
access-list Wireless-nat0 extended permit ip Wireless 255.255.255.0 TREV 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
mtu wlan 1500
ip local pool VPN-Pool 192.168.101.1-192.168.101.31 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 2 XXXXXXXXXXX
nat (inside) 0 access-list Trev-nat0
nat (inside) 2 192.168.100.25 255.255.255.255
nat (inside) 2 192.168.100.250 255.255.255.255
nat (inside) 1 TREV 255.255.255.0
nat (wlan) 0 access-list Wireless-nat0
static (inside,outside) tcp interface 444 192.168.100.10 444 netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.100.10 https netmask 255.255.255.255
.... a lot of statics..............
static (inside,outside) tcp XXXXXXXXXX pop3 192.168.100.25 pop3 netmask 255.255.255.255
static (inside,outside) tcp XXXXXXXXXX 995 192.168.100.25 995 netmask 255.255.255.255
access-group INCOMING in interface outside
route outside 0.0.0.0 0.0.0.0 XXXXXXXXXX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 192.168.100.10
timeout 5
key *****
radius-common-pw *****
aaa-server RADIUS2 protocol radius
aaa-server RADIUS2 (inside) host 192.168.100.10
key *****
radius-common-pw *****
aaa authentication ssh console LOCAL
http server enable 4430
http COMPANY2 255.255.255.0 management
http TREV 255.255.255.0 inside
http Company1 255.255.255.224 outside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_AES_128_SHA esp-aes esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_AES_128_SHA mode transport
crypto ipsec transform-set TRANS_ESP_AES_256_SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_AES_256_SHA mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 TRANS_ESP_AES_128_SHA TRANS_ESP_AES_256_SHA TRANS_ESP_3DES_MD5 TRANS_ESP_3DES_SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 178.188.202.78
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption des
hash sha
group 5
lifetime 28800
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh bit-Studio 255.255.255.224 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh TREV 255.255.255.0 inside
ssh timeout 60
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcprelay server 192.168.100.10 inside
dhcprelay enable wlan
dhcprelay setroute wlan
dhcprelay timeout 90
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
wins-server value 192.168.100.10
dns-server value 192.168.100.10
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
default-domain value domain.lan
intercept-dhcp enable
group-policy IPsecVPN internal
group-policy IPsecVPN attributes
wins-server value 192.168.100.10
dns-server value 192.168.100.10
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
default-domain value domain.lan
username admin password XXXXXXXXXX encrypted privilege 15
username vpntest password XXXXXXXXX nt-encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-Pool
authentication-server-group RADIUS
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
tunnel-group XXXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXXXXXX ipsec-attributes
pre-shared-key *****
tunnel-group IPsecVPN type remote-access
tunnel-group IPsecVPN general-attributes
address-pool VPN-Pool
authentication-server-group RADIUS
default-group-policy IPsecVPN
tunnel-group IPsecVPN ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f2041a5902e945a130fe25fbb8e5d368
: end

Hi,
First I would go through all the NAT0/NAT Exempt rules you have for VPNs. They seem to contain useless lines where either destination or source network isnt correct.
Lets look at the NAT0 ACL you have line by line
access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group VPN_Networks
The above access-list has the correct source network configured Yet it has its destination addresses configured with an "object-group" which contains your LAN network
You should probably remove the LAN network from the object-group VPN_Networks
access-list Trev-nat0 extended permit ip object-group VPN_Networks TREV 255.255.255.0
To my understanding the above ACL line doesnt serve any purpose as the networks configured under VPN_Networks arent located behind your "inside" interface (Other than the one I'm asking to remove from the object-group)
access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group DM_INLINE_NETWORK_1
The above ACL overlap with the very first ACL lines configurations and needlesly makes the configuration harder to read. It also contains the Wireless network which it shouldnt
I would suggest simplifying your NAT0 configurations for example in the following way (change the names if you want if youre going to try it out)
object-group network TREV-LAN
description Local networks
network-object 192.168.100.0 255.255.255.0
object-group network VPN-NETWORKS
description Remote networks
network-object 192.168.200.0 255.255.255.0
network-object 192.168.201.0 255.255.255.0
network-object 192.168.1.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 192.168.101.0 255.255.255.0
access-list TREV-LAN-NAT0 remark NAT0 / NAT Exempt for VPN Connections
access-list TREV-LAN-NAT0 permit ip object-group TREV-LAN object-group VPN-NETWORKS
With the above configurations
You have all NAT0 with a single line of access-list configuration (not counting the remark line as it doesnt affect anything)
If there is changes in the VPN pools, VPN remote networks or LAN networks you can simply change them under the configured object-groups instead of touching the actual ACL. There might be situations where you should change the ACL from the above if there is some bigger changes to network
So as I said, I would start with changing the above NAT configurations and then test the VPN again. If it doesnt work we will have to check some other things out.
- Jouni

Company VPN not working with Home Hub 5

Hi
I switched to BT infinity a month or so ago, but have only recently tried to access my company VPN through the service (VPN uses Citrix Xenapp). It used to work (with my previous ISP using a different router) just fine.
I can connect to VPN okay, but when I try to launch a virtual app (Windows 7) I get the usual pop-up asking if I want to run the app - I answer Yes but then.... well nothing happens. It's the same in IE11, Chrome and Safari. No error or warning messages, just nothing,
VPN works fine from other locations (just not home - which is where I need it!).
Have searched around and found other postings like this:-
http://bt.custhelp.com/app/answers/detail/a_id/14244/c/346,402,405
(Tried that and it hasn't worked).
Tried switching off parental controls - but that did not good either.
Also tried factory reset of the hub (not that I've changed any settings) with same result.
This old thread seems similar, but specifically states that the issue wouldn't affect HomeHub 5:
https://community.bt.com/t5/Other-Broadband-Queries/New-firmware-kills-VPN/td-p/1196385/page/21
I'm working on a wired PC in home office, so wireless isn't an option.
Can anyone help? It's like something is blocking the application but no messages etc.

Do you connect via a website or via a client? If it's via a client then try adjusting the MTU on the network interface on the device that's connecting to the VPN try for example 1200. If that doesn't work I'd get your support guys to talk to the software vendor as I'd guess you aren't the first person to have this problem.

EOIO is not working for file- BPM- Proxy scenario.

Hi All,
I have one File to BPM (Merge pattern ) to Proxy scenario.
I have two file communication channel at the sender side and defined QOS as EOIO for both. In SXMB_MONI it assings same queue for all messages.
BPM is merging that messages. However during that it assings different queue for merged messages.
When it comes to proxy , again different queues are assingned to the messages.
Is there any way I can define QOS in BPM or at the proxy side ( I know it should be at the sender side only , but it's not working..)
Thanks & Regards,
Dijesh Tanna.

HI,
Within the current release the BPM will always only use EO (SAP Note 833740).
May be the SAP note 905049 will help you on this ...
Thanks
Swarup

HTTPS Web Service datastore : does not work in case of proxy

Data Services 12.2 on Windows XP SP2
I've set up a datastore, type "web service", url is https://.... (an external web service, outside of our company)
I'm able to import the functions of this web service into the datastore.
In a DF, in a query transform, I call one these functions.
The job fails with this error message :
There is no response for the web service <searchCertificate>. Ensure that the network, web server, and service are running properly. Also ensure that the service client call time out is set properly.
I'm sure the web service is active. I have to pass a proxy.
When I do not have to pass a proxy (when I execute this job on my laptop not connected to the office network) the job runs fine !
How can you configure the axis2.xml so that https can run with a proxy ? (no problem to do this for http web services, but I do not see a solution for https web services !)
Thanks !!

Hi Sukarna,
the connection is not the problem.
Actually I've tested the scenario of abap proxy --> PI -->abap proxy for the same interface, it works fine. Only when I try ws instead of proxy, I got this error. Since proxy scenario works fine, the connection should not be issue.
any more clues?
Thanks

Remote access vpn not working, VPNC client

Hi,
I have configured a remote access vpn client on cisco ASA 5520 with the following configuration. we are using cisco vpn client.
tunnel-group consultant type remote-access
tunnel-group consultant general-attributes
address-pool VPN
authentication-server-group RSA-AAA LOCAL
default-group-policy consultant
tunnel-group consultant ipsec-attributes
pre-shared-key *
group-policy consultant internal
group-policy consultant attributes
vpn-idle-timeout 120
vpn-session-timeout 720
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value access-spilt
access-list access-spilt standard permit host 10.101.50.60
One of the linux users is using vpnc and once the user connects to the vpn and the user adds a static route on the machine with the destination pointing to the vpn interface, for example 10.101.50.0/24, user is able to reach all the hosts in the subnet even though the access list on the firewall is configured for one host 10.101.50.60.
I did the same test on a windows machine, but was only able to reach the specific host allowed through vpn. why is the network filter not working for vpnc. please advise.
Thanks

Hi have solved the issue . enabling the demo 3DES & AES now my VPN is connecting
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
thx to friend "Jennifer Halim"

VPN Not working due to College Proxy Settings

Similar Messages

Maybe you are looking for