VPN Not working due to College Proxy Settings

2014-04-27 11:11:05 *Tunnelblick: OS X 10.9.1; Tunnelblick 3.3.0 (build 3518)
2014-04-27 11:11:05 *Tunnelblick: Attempting connection with EarthVPN-India, Pune; Set nameserver = 1; monitoring connection
2014-04-27 11:11:05 *Tunnelblick: openvpnstart start EarthVPN-India,\ Pune.tblk 1338 1 0 3 0 305 -atADGNWradsgnw -
2014-04-27 11:11:05 *Tunnelblick: openvpnstart starting OpenVPN:
2014-04-27 11:11:06 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-27 11:11:06 Socket Buffers: R=[131072->65536] S=[131072->65536]
2014-04-27 11:11:06 MANAGEMENT: >STATE:1398577266,RESOLVE,,,
2014-04-27 11:11:36 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:11:36 MANAGEMENT: >STATE:1398577296,RESOLVE,,,
2014-04-27 11:12:06 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:12:41 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:13:16 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:13:51 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:14:26 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:15:01 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:15:37 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:16:12 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:16:47 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:17:22 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:17:57 RESOLVE: Cannot resolve host address: pun-in.earthvpn.com: nodename nor servname provided, or not known
2014-04-27 11:18:08 *Tunnelblick: Disconnecting; 'disconnect' button pressed
2014-04-27 11:18:08 *Tunnelblick: Disconnecting using 'killall'
2014-04-27 11:18:32 RESOLVE: signal received during DNS resolution attempt
2014-04-27 11:18:32 SIGTERM[hard,init_instance] received, process exiting
2014-04-27 11:18:32 MANAGEMENT: >STATE:1398577712,EXITING,init_instance,,
2014-04-27 11:18:33 *Tunnelblick: No 'post-disconnect.sh' script to execute

Thanks for the reply Jkbull .
My issue was solved by using "Viscosity" a vpn client for Mac which even works with OSX Yosemite.
but i cannot find any solution for tunnelblick.
I am not sure but think the problem was with tun-tap settings or 443 port.
I have tried changing the reference to "pun-in.earthvpn.com" in the OpenVPN configuration file to its current IP address of "103.250.184.251".
I have an option in mac network settings to use one or more DNS Servers so i have added Google Public DNS and my college DNS server- "202.141.81.2".
I Cannot connect to Internet by not using proxy because our connections go through our proxy server "202.141.80.19:3128" and we have user-password login for this server to establish a internet connection.
The Problem still persists.
When i connect with viscosity,
Initially i use my college proxy settings.
Connect to EarthVpn by using Viscosity
It asks me with the username, password of the earthvpn account and when provided it establishes  connection.
I use no proxy(that is remove my proxy settings) after the connection is established.
Now it is connected to VPN.
I wish tunnelblick guys come up a solution for this problem.

Similar Messages

  • Fring not working on 5800 with proxy settings

    I have already set my internet proxy settings and so internet works perfectly fine. What I dont understand is why my fring won't work. Any help? Thanks.

    Hi. I m Rai Singh using Nokia 5800 XM. I sucessfully installed fringSymbian94.sis , no probs But i m unable to connect via gprs. I m using idea gors service (NOP99).
    My gprs settings are
    Apn SpiceExcite
    Usr name Blank
    Passwrd Blank
    Authentication Normal
    Advanc setings-
    Proxy 10.11.12.13
    Port 9401
    I had also tried without proxy and with secured authenticatn bt same result NO. I think fring developers hav to solve this prob in the nxt upcoming version to meet the challenges of other IM providers as it is major drawback of fring. Otherwise it is awesom software. Hoping for quick action from ur side..
    Moderator note: Personal contact details removed
    Message Edited by dazz19 on 10-May-2009 06:11 PM

  • Application is not working due to memory issue

    Hi Friesnds,
    Kindly help me regarding settings in java. Scenario is like that. I have one server having two jboss versions (jboss-4.2.3 GA and jboss- 3.2.6). Each having java memory (JVM settings) 1 GB. The total memory of that server is 3 GB.
    Problem is that every two days my application is not working due to memory issue. Once i freed the memory (through run the commands - (1). sync
    (2). echo 3 > /proc/sys/vm/drop_caches
    Application works fine.
    I heared that the above command (echo 3 > /proc/sys/vm/drop_caches) can't run frequently because of server crash.
    Kindly help me regarding this issue and provide the resolution.
    Let me know if you need more information from my side.
    Thanks
    Ashish Shukla

    All of the above.  I tested on 4 different networks and had no luck, I also had friends test my network and the other networks with their iPhones and all had no issues using FaceTime.
    Also after I wiped my phone (erased all content and settings) I was able to successfully initiate a FaceTime call with no changes to my network and was also able to initiate another call when connected to another previously tested network that didn't work before.  Once I restored from backup though, FaceTime stopped working again.
    I did find this discussion: https://discussions.apple.com/thread/5163024?start=0&tstart=0
    and tried the suggestions found there too.  That discussion describes my issue I am having as well.

  • VPN not working after upgrading to Mavericks

    After upgrading to OS X 10.9 Mavericks - VPN not working. I am able to connect to VPN server fron inside local network, but can't do the same from outside through the router (1. I have statis external IP 2. NAT port forwarding is OK 3. Other services on my server work fine through router & NAT using external IP).
    Tried:
    1. Downgrading JAVA from 7.0: https://discussions.apple.com/message/23673943#23673943  - doesn't help
    2. kern.ipc.maxsockbuf is big enough: https://discussions.apple.com/message/23525980#23525980
    Also, IMHO, Apple periodically delete messages from forum about this problem, does anyone else has teh same feeling?
    Any thoughts?

    After upgrading to OS X 10.9 Mavericks - VPN not working. I am able to connect to VPN server fron inside local network, but can't do the same from outside through the router (1. I have statis external IP 2. NAT port forwarding is OK 3. Other services on my server work fine through router & NAT using external IP).
    Tried:
    1. Downgrading JAVA from 7.0: https://discussions.apple.com/message/23673943#23673943  - doesn't help
    2. kern.ipc.maxsockbuf is big enough: https://discussions.apple.com/message/23525980#23525980
    Also, IMHO, Apple periodically delete messages from forum about this problem, does anyone else has teh same feeling?
    Any thoughts?

  • After updating to Firefox 5 my Realplayer Recorder is not working due to that add on not being compatible. How do I get this to work again?

    After updating to Firefox 5 my Realplayer Recorder is not working due to that add on not being compatible. How do I get this to work again?

    Blue
    It sounds like you restored from an old back-up.  Did you back-up just before your software update?  It will use your last one and if your last back-up was a ywear old then it will use that one.
    In general, if you are getting these messages on your iPhones select logout (when you get that Apple Id request) and then log back in with your newer ID.
    Sorry for your losses.
    Cheers

  • My imessage is not working. I went into settings, then messages, and it says my imessage activation is unsuccessful. What do I do to get imessage working again. When I turn it on it sends imessae through my email not my phone number

    My imessage is not working. I went into settings, then messages, and it says my imessage activation is unsuccessful. What do I do to get imessage working again. When I turn it on it sends imessae through my email not my phone number

    It is starting to get a common problem (iMessage), try doing this:
    http://www.imore.com/having-trouble-imessage-or-facetime-ios-7-heres-how-fix-it
    Good Luck

  • In the context of restoring a drive from a backup, i copied /etc/sudoers from my backup. Now it does not work due to the permissions not being correct (even though it was copied via sudo cp -rp)

    In the context of restoring a drive from a backup, i copied /etc/sudoers from my backup. Now it does not work due to the permissions not being correct (even though it was copied via sudo cp -rp)

    Most likely you have Office 2004 which are PPC-only applications and will not work in Lion. Upgrade to Office 2011. Other alternatives are:
    Apple's iWork suite (Pages, Numbers, and Keynote.)
    Open Office (Office 2007-like suite compatible with OS X.)
    NeoOffice (similar to Open Office.)
    LibreOffice (a new direction for the Open Office suite.)

  • Passwords, auto-fill in safari does not work it is enabled in settings, what can do

    passwords, auto-fill in safari does not work it is enabled in settings, what can do

    Private Browsing Off.
    Private Browsing On.

  • VPN not working after Update from SLS to MLS

    Hi folks,
    last weekend I updated my Snow Leopard Server following the suggested procedure, installed first Mountain Lion and then OS X Server. Now I have a problem.
    Setup:
    - Macmini Server located  in my private LAN, running SLS as a virtual machine (VMware)
    - connected to the Internet via an AVM FritzBox 7270
    For HTTP (80) and VPN (500, 1701 and 4500) the ports are forwarded to the virtual machine - everything was working well before the update (access to Website & VPN from both internal and external). The VPN connection is used either with an iPhoen or with my Macbook pro.
    The website is still working like expected. VPN service is not working properly anymore. I can access it from internal, but not from external.
    So, to make it clear, nothing but the server OS changed in the setup.
    Any ideas? Changed ports from 10.6 to 10.8?
    Thanks in advance,
    Andre
    (err, and YES, I have a snapshot of 10.6. - if I revert it's working again, but this can't be the solution)

    Hi all,
    to point out the difference, this is what the logs say....
    Connecting from internal, VPN success:
    21.06.13 18:12:13,880
    racoon[226]
    IPSec Phase1 started (Initiated by peer).
    21.06.13 18:12:13,882
    racoon[226]
    IKE Packet: receive success. (Responder, Main-Mode message 1).
    21.06.13 18:12:13,883
    racoon[226]
    IKE Packet: transmit success. (Responder, Main-Mode message 2).
    21.06.13 18:12:13,921
    racoon[226]
    IKE Packet: receive success. (Responder, Main-Mode message 3).
    21.06.13 18:12:13,942
    racoon[226]
    IKE Packet: transmit success. (Responder, Main-Mode message 4).
    21.06.13 18:12:13,969
    racoon[226]
    IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).
    21.06.13 18:12:13,969
    racoon[226]
    IKE Packet: receive success. (Responder, Main-Mode message 5).
    21.06.13 18:12:13,970
    racoon[226]
    IKEv1 Phase1 Responder: success. (Responder, Main-Mode).
    21.06.13 18:12:13,970
    racoon[226]
    IKE Packet: transmit success. (Responder, Main-Mode message 6).
    21.06.13 18:12:13,970
    racoon[226]
    IPSec Phase1 established (Initiated by peer).
    21.06.13 18:12:14,881
    racoon[226]
    IPSec Phase2 started (Initiated by peer).
    21.06.13 18:12:14,881
    racoon[226]
    IKE Packet: receive success. (Responder, Quick-Mode message 1).
    21.06.13 18:12:14,881
    racoon[226]
    IKE Packet: transmit success. (Responder, Quick-Mode message 2).
    21.06.13 18:12:14,885
    racoon[226]
    IKE Packet: receive success. (Responder, Quick-Mode message 3).
    21.06.13 18:12:14,886
    racoon[226]
    IKEv1 Phase2 Responder: success. (Responder, Quick-Mode).
    21.06.13 18:12:14,886
    racoon[226]
    IPSec Phase2 established (Initiated by peer).
    21.06.13 18:12:14,890
    vpnd[1210]
    Incoming call... Address given to client = 192.168.0.203
    21.06.13 18:12:14,918
    pppd[1371]
    pppd 2.4.2 (Apple version 596.13) started by root, uid 0
    21.06.13 18:12:14,923
    pppd[1371]
    L2TP incoming call in progress from '192.168.0.117'...
    21.06.13 18:12:14,931
    pppd[1371]
    L2TP connection established.
    21.06.13 18:12:14,935
    pppd[1371]
    Connect: ppp1 <--> socket[34:18]
    21.06.13 18:12:14,944
    UserEventAgent[17]
    Captive: [mySCCopyWiFiDevices:162] WiFi Device Name == NULL
    21.06.13 18:12:15,036
    pppd[1371]
    CHAP peer authentication succeeded for <username>
    21.06.13 18:12:15,042
    pppd[1371]
    DSAccessControl plugin: User '<username>' authorized for access
    21.06.13 18:12:15,052
    pppd[1371]
    Unsupported protocol 0x8057 received
    21.06.13 18:12:15,058
    pppd[1256]
    l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.0.103), current interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
    21.06.13 18:12:15,058
    pppd[1371]
    local  IP address 192.168.0.103
    21.06.13 18:12:15,059
    pppd[1371]
    remote IP address 192.168.0.203
    21.06.13 18:12:15,061
    pppd[1371]
    l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.0.103), current interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
    21.06.13 18:12:15,068
    configd[21]
    network changed: v4(en0:192.168.0.103, ppp0, ppp1+:192.168.0.103) DNS* Proxy SMB
    21.06.13 18:12:17,102
    apsd[466]
    Certificate not yet generated
    21.06.13 18:12:18,103
    apsd[466]
    Certificate not yet generated
    21.06.13 18:12:19,004
    apsd[466]
    Couldn't find cert in response dict
    21.06.13 18:12:19,006
    apsd[466]
    Failed to get client cert on attempt 11, will retry in 900 seconds
    21.06.13 18:12:19,066
    racoon[226]
    IKE Packet: transmit success. (Information message).
    21.06.13 18:12:19,067
    racoon[226]
    IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
    21.06.13 18:12:19,120
    apsd[466]
    Certificate not yet generated
    21.06.13 18:12:21,802
    pppd[1256]
    l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.0.103), deleted interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
    21.06.13 18:12:21,817
    pppd[1371]
    l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.0.103), deleted interface setting (name: ppp1, family: PPP, address: 192.168.0.103, subnet: 255.255.255.0, destination: 192.168.0.203).
    21.06.13 18:12:21,822
    configd[21]
    network changed: v4(en0:192.168.0.103, ppp0, ppp1-:192.168.0.103) DNS* Proxy SMB
    21.06.13 18:12:21,981
    pppd[1371]
    Fatal signal 6
    21.06.13 18:12:21,982
    racoon[226]
    IKE Packet: receive success. (Information message).
    21.06.13 18:12:22,011
    vpnd[1210]
       --> Client with address = 192.168.0.203 has hungup
    21.06.13 18:12:22,022
    UserEventAgent[17]
    Captive: [mySCCopyWiFiDevices:162] WiFi Device Name == NULL
    21.06.13 18:12:23,837
    apsd[466]
    Certificate not yet generated
    21.06.13 18:12:23,839
    apsd[466]
    Certificate not yet generated
    21.06.13 18:12:25,148
    apsd[466]
    Couldn't find cert in response dict
    21.06.13 18:12:25,148
    apsd[466]
    Failed to get client cert on attempt 12, will retry in 900 seconds
    21.06.13 18:12:25,845
    apsd[466]
    Certificate not yet generated
    Connecting from external, VPN fail:
    21.06.13 18:10:52,533
    racoon[226]
    Connecting.
    21.06.13 18:10:52,533
    racoon[226]
    IPSec Phase1 started (Initiated by peer).
    21.06.13 18:10:52,535
    racoon[226]
    IKE Packet: receive success. (Responder, Main-Mode message 1).
    21.06.13 18:10:52,536
    racoon[226]
    IKE Packet: transmit success. (Responder, Main-Mode message 2).
    21.06.13 18:10:52,692
    racoon[226]
    IKE Packet: receive success. (Responder, Main-Mode message 3).
    21.06.13 18:10:52,713
    racoon[226]
    IKE Packet: transmit success. (Responder, Main-Mode message 4).
    21.06.13 18:10:52,882
    racoon[226]
    IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).
    21.06.13 18:10:52,882
    racoon[226]
    IKE Packet: receive success. (Responder, Main-Mode message 5).
    21.06.13 18:10:52,882
    racoon[226]
    IKEv1 Phase1 Responder: success. (Responder, Main-Mode).
    21.06.13 18:10:52,883
    racoon[226]
    IKE Packet: transmit success. (Responder, Main-Mode message 6).
    21.06.13 18:10:52,883
    racoon[226]
    IPSec Phase1 established (Initiated by peer).
    21.06.13 18:10:53,412
    racoon[226]
    Connecting.
    21.06.13 18:10:53,413
    racoon[226]
    IPSec Phase2 started (Initiated by peer).
    21.06.13 18:10:53,413
    racoon[226]
    IKE Packet: receive success. (Responder, Quick-Mode message 1).
    21.06.13 18:10:53,414
    racoon[226]
    IKE Packet: transmit success. (Responder, Quick-Mode message 2).
    21.06.13 18:10:53,531
    racoon[226]
    IKE Packet: receive success. (Responder, Quick-Mode message 3).
    21.06.13 18:10:53,532
    racoon[226]
    IKEv1 Phase2 Responder: success. (Responder, Quick-Mode).
    21.06.13 18:10:53,532
    racoon[226]
    IPSec Phase2 established (Initiated by peer).
    21.06.13 18:11:13,643
    racoon[226]
    IKE Packet: receive success. (Information message).
    21.06.13 18:11:13,671
    racoon[226]
    IKE Packet: receive success. (Information message).
    Hope you see more than me and can help... :-(

  • [Solved] NetworkManager-pptp VPN not working after update to 0.9.10

    Hello,
    I have a PPTP VPN set up and it's been working for a long time.  However, after I updated last night to networkmanager-0.9.10, it is no longer able to connect to the remote network.  I can activate the VPN connection, enter my password, but after a short period of time, the connection reports:  "Error: Connection activation failed: the VPN service returned invalid configuration."  As I mentioned before, this VPN was working right before the update and I didn't change the configuration on either my computer or the destination network so I'm pretty sure that this is something to do with the update.  I'm wondering if anybody else has run into this problem and if they've been able to find a solution.  I've been searching all over these forums and the internet for some hours now and I haven't found anything yet.  I'm hoping that somebody might be able to point me in the right direction or maybe know of something that might have changed with the new update.
    Here is my VPN configuration (using NetworkManager-PPTP.  I've also obscured the public IP address):
    [connection]
    id=MyVPN
    uuid=fe6e6265-1a79-4a69-b6d1-8b47e9d4c948
    type=vpn
    permissions=user:greyseal96:;
    autoconnect=false
    timestamp=1408950986
    [vpn]
    service-type=org.freedesktop.NetworkManager.pptp
    gateway=192.168.146.114
    require-mppe=yes
    user=greyseal96
    password-flags=3
    [ipv6]
    method=auto
    [ipv4]
    method=auto
    route1=10.17.0.0/16,10.17.1.1,1
    never-default=true
    Here are my logs during the time that I tried to connect:
    Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> Starting VPN service 'pptp'...
    Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 1938
    Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' appeared; activating connections
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN plugin state changed: starting (3)
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: pppd started with pid 1945
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (Connect) reply received.
    Aug 24 23:44:21 MyArchBox pppd[1945]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
    Aug 24 23:44:21 MyArchBox pppd[1945]: pppd 2.4.6 started by root, uid 0
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
    Aug 24 23:44:21 MyArchBox pppd[1945]: Using interface ppp0
    Aug 24 23:44:21 MyArchBox pppd[1945]: Connect: ppp0 <--> /dev/pts/2
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: Using interface ppp0
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: Connect: ppp0 <--> /dev/pts/2
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 10)
    Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/9
    Aug 24 23:44:21 MyArchBox pptp[1947]: nm-pptp-service-1938 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
    Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
    Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
    Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
    Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
    Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
    Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 50048).
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 6 / phase 'authenticate'
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): passwd-hook, requesting credentials...
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): got credentials from NetworkManager-pptp
    Aug 24 23:44:25 MyArchBox pppd[1945]: CHAP authentication succeeded
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: CHAP authentication succeeded
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
    Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE 128-bit stateless compression enabled
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE 128-bit stateless compression enabled
    Aug 24 23:44:25 MyArchBox pppd[1945]: Cannot determine ethernet address for proxy ARP
    Aug 24 23:44:25 MyArchBox pppd[1945]: local  IP address 10.17.10.3
    Aug 24 23:44:25 MyArchBox pppd[1945]: remote IP address 10.17.10.1
    Aug 24 23:44:25 MyArchBox pppd[1945]: primary   DNS address 10.17.2.22
    Aug 24 23:44:25 MyArchBox pppd[1945]: secondary DNS address 10.17.2.23
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin.
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN Gateway: 192.168.146.114
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Tunnel Device: ppp0
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> IPv4 configuration:
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Address: 10.17.10.3
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Prefix: 32
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Point-to-Point Address: 10.17.10.1
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Maximum Segment Size (MSS): 0
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Static Route: 10.17.0.0/16   Next Hop: 10.17.1.1
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Forbid Default Route: yes
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal DNS: 10.17.2.22
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal DNS: 10.17.2.23
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   DNS Domain: '(none)'
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> No IPv6 configuration
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.481618] [platform/nm-linux-platform.c:1716] add_object(): Netlink error adding 10.17.0.0/16 via 10.17.1.1 dev ppp0 metric 1 mss 0 src user: Unspecific failure
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <warn> VPN connection 'MyVPN' did not receive valid IP config information.
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: Cannot determine ethernet address for proxy ARP
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: local  IP address 10.17.10.3
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: remote IP address 10.17.10.1
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: primary   DNS address 10.17.2.22
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: secondary DNS address 10.17.2.23
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 9 / phase 'running'
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): ip-up event
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): sending Ip4Config to NetworkManager-pptp...
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: PPTP service (IP Config Get) reply received.
    Aug 24 23:44:25 MyArchBox pppd[1945]: Terminating on signal 15
    Aug 24 23:44:25 MyArchBox pppd[1945]: Modem hangup
    Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
    Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
    Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
    Aug 24 23:44:25 MyArchBox pppd[1945]: Connect time 0.0 minutes.
    Aug 24 23:44:25 MyArchBox pppd[1945]: Sent 0 bytes, received 0 bytes.
    Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE disabled
    Aug 24 23:44:25 MyArchBox pppd[1945]: Connection terminated.
    Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
    Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
    Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
    Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
    Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: inet 10.17.0.0/16 table main
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: priority 0x1 protocol static
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: nexthop via 10.17.1.1 dev 10
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487073] [platform/nm-linux-platform.c:2252] link_change(): Netlink error changing link 10:  <DOWN> mtu 0 (1) driver 'unknown' udi '/sys/devices/virtual/net/ppp0': No such device
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487153] [platform/nm-linux-platform.c:1777] delete_object(): Netlink error deleting 10.17.10.3/32 lft forever pref forever lifetime 1862-0[4294967295,4294967295] dev ppp0 src kernel: No such device (-31)
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: Terminated ppp daemon with PID 1945.
    Aug 24 23:44:25 MyArchBox kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: Terminating on signal 15
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: Modem hangup
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connect time 0.0 minutes.
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: Sent 0 bytes, received 0 bytes.
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE disabled
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 10 / phase 'terminate'
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connection terminated.
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
    Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
    Aug 24 23:44:25 MyArchBox pppd[1945]: Exit.
    Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** (nm-pptp-service:1938): WARNING **: pppd exited with error code 16
    Aug 24 23:44:45 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' disappeared
    If you've gotten this far, thank you for taking the time to read through all this!  Any help that you can give would be much appreciated.
    Last edited by greyseal96 (2014-08-27 15:20:02)

    Hmm, not sure about the 3.16 series kernel, but I found that when I upgraded to kernel 3.18 the PPTP VPN also stopped working.  This time, though, it was because, for some reason, there was a change in kernel 3.18 where the firewall kernel modules necessary for the VPN don't get loaded so the firewall won't allow some of the PPTP traffic from the remote side back in.  Since the firewall is stateful, these modules need to be loaded so that the firewall can know that the incoming PPTP traffic from the remote side is part of an existing connection.  Here's what my network manager logs looked like:
    NetworkManager[619]: <info> Starting VPN service 'pptp'...
    NetworkManager[619]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 31139
    NetworkManager[619]: <info> VPN service 'pptp' appeared; activating connections
    NetworkManager[619]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
    NetworkManager[619]: <info> VPN plugin state changed: starting (3)
    NetworkManager[619]: ** Message: pppd started with pid 31148
    NetworkManager[619]: <info> VPN connection 'MyVPN' (Connect) reply received.
    pppd[31148]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
    NetworkManager[619]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
    NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
    pppd[31148]: pppd 2.4.7 started by root, uid 0
    NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
    pppd[31148]: Using interface ppp0
    pppd[31148]: Connect: ppp0 <--> /dev/pts/5
    NetworkManager[619]: Using interface ppp0
    NetworkManager[619]: Connect: ppp0 <--> /dev/pts/5
    NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
    NetworkManager[619]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 7)
    NetworkManager[619]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/6
    pptp[31150]: nm-pptp-service-31139 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
    pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
    pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
    pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
    pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
    pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
    pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 25344).
    pppd[31148]: LCP: timeout sending Config-Requests <===HERE IS WHERE THE CONNECTION FAILS BECAUSE THE MODULES AREN'T LOADED.
    pppd[31148]: Connection terminated.
    NetworkManager[619]: LCP: timeout sending Config-Requests
    NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
    NetworkManager[619]: Connection terminated.
    NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
    NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
    pppd[31148]: Modem hangup
    pppd[31148]: Exit.
    NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
    NetworkManager[619]: Modem hangup
    NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
    NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
    NetworkManager[619]: <info> VPN plugin state changed: stopped (6)
    NetworkManager[619]: <info> VPN plugin state change reason: unknown (0)
    NetworkManager[619]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
    NetworkManager[619]: ** (nm-pptp-service:31139): WARNING **: pppd exited with error code 16
    NetworkManager[619]: <info> VPN service 'pptp' disappeared
    To fix this, I had to add a file to the /etc/modules-load.d directory to have the modules loaded into the kernel at boot.  I just created a file called netfilter.conf and put the following in it:
    nf_nat_pptp
    nf_conntrack_pptp
    nf_conntrack_proto_gre
    Not sure if this addresses your problem or not, but maybe it's worth a look.

  • VPN not working after adding subinterface - ASA 5510

    Hello,
    Currently I want to add a second lan (vlan) in a customers network. The new network will be for a wireless infrastructure.
    There is also VPN Configured on the ASA - One with L2TP for Windows Clients and an IPsec for Cisco Clients.
    Former we only had one outside (Eth0/0) and one inside interface (Eth0/1) on the ASA.
    Now I want to use the Eth0/2 with subinterfaces, so that we will be flexible for future, when deploying more vlans.
    But now, when i turn the first subinterface Eth0/2.2 to no-shut the VPN Connections does not work any more.
    Bulding up the VPN connection works, but it seems that the traffic is not tunneled. (I checked this, because tracert to an internal adress goes to the internet)
    Below there is my config, i don't know whats wrong. I think split-tunnel is configured correctly (because it works when i delete eth0/2.2)
    TREV is the network of this location.
    Company1,2,3 are remote locations.
    : Saved
    ASA Version 8.2(5)
    hostname XXXXXXX
    domain-name domain.lan
    enable password XXXXXXXXXXX encrypted
    passwd XXXXXXXXXX encrypted
    names
    name 192.168.100.0 TREV
    name 192.168.200.0 COMPANY3
    name XXXXXXXX Company1
    name 192.168.1.0 Company2
    name XXXXXXXXX GCT
    name XXXXXXXX BMD
    name 192.168.110.0 Wireless
    name 192.168.201.0 COMPANY3-VPN
    name 192.168.11.0 COMPANY2-VPN
    name 192.168.101.0 TREV-VPN
    interface Ethernet0/0
    description Outside
    nameif outside
    security-level 0
    ip address XXXXX 255.255.255.248
    interface Ethernet0/1
    description Inside
    nameif inside
    security-level 100
    ip address 192.168.100.1 255.255.255.0
    interface Ethernet0/2
    description Trunk Interface
    no nameif
    no security-level
    no ip address
    interface Ethernet0/2.2
    description Wireless
    vlan 110
    nameif wlan
    security-level 100
    ip address 192.168.110.1 255.255.255.0
    interface Ethernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    management-only
    ftp mode passive
    dns domain-lookup inside
    dns server-group DefaultDNS
    name-server 192.168.100.10
    domain-name domain.lan
    dns server-group COMPANY2
    name-server 192.168.1.16
    domain-name domain.local
    dns server-group COMPANY3
    name-server 192.168.200.1
    domain-name domain.local
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network VPN_Networks
    network-object COMPANY3 255.255.255.0
    network-object COMPANY3-VPN 255.255.255.0
    network-object COMPANY2 255.255.255.0
    network-object COMPANY2-VPN 255.255.255.0
    network-object TREV 255.255.255.0
    network-object TREV-VPN 255.255.255.0
    object-group network DM_INLINE_NETWORK_1
    network-object COMPANY2 255.255.255.0
    network-object COMPANY3 255.255.255.0
    network-object COMPANY3-VPN 255.255.255.0
    network-object COMPANY2-VPN 255.255.255.0
    network-object Wireless 255.255.255.0
    access-list INCOMING remark *** ICMP Erlauben ***
    access-list INCOMING extended permit icmp any any echo-reply
    access-list INCOMING extended permit icmp any any time-exceeded
    access-list INCOMING extended permit icmp any any unreachable
    access-list INCOMING extended permit icmp any any parameter-problem
    access-list INCOMING extended permit icmp any any source-quench
    access-list INCOMING extended permit icmp any any echo
    access-list INCOMING remark *** Wartung Company1 ***
    access-list INCOMING remark *** Wartung BMD ***
    access-list INCOMING remark *** Mail ***
    access-list ......
    access-list Trev-nat0 remark *** NoNat ***
    access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group VPN_Networks
    access-list Trev-nat0 extended permit ip object-group VPN_Networks TREV 255.255.255.0
    access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group DM_INLINE_NETWORK_1
    access-list DefaultRAGroup_splitTunnelAcl standard permit TREV 255.255.255.0
    access-list outside_1_cryptomap extended permit ip TREV 255.255.255.0 object-group DM_INLINE_NETWORK_1
    access-list inside_debug extended permit tcp any host 192.168.100.5
    access-list inside_debug extended permit tcp any TREV 255.255.255.0
    access-list Wireless-nat0 extended permit ip Wireless 255.255.255.0 TREV 255.255.255.0
    pager lines 24
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    mtu wlan 1500
    ip local pool VPN-Pool 192.168.101.1-192.168.101.31 mask 255.255.255.0
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-645.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    global (outside) 2 XXXXXXXXXXX
    nat (inside) 0 access-list Trev-nat0
    nat (inside) 2 192.168.100.25 255.255.255.255
    nat (inside) 2 192.168.100.250 255.255.255.255
    nat (inside) 1 TREV 255.255.255.0
    nat (wlan) 0 access-list Wireless-nat0
    static (inside,outside) tcp interface 444 192.168.100.10 444 netmask 255.255.255.255
    static (inside,outside) tcp interface https 192.168.100.10 https netmask 255.255.255.255
    .... a lot of statics..............
    static (inside,outside) tcp XXXXXXXXXX pop3 192.168.100.25 pop3 netmask 255.255.255.255
    static (inside,outside) tcp XXXXXXXXXX  995 192.168.100.25 995 netmask 255.255.255.255
    access-group INCOMING in interface outside
    route outside 0.0.0.0 0.0.0.0 XXXXXXXXXX  1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server RADIUS protocol radius
    aaa-server RADIUS (inside) host 192.168.100.10
    timeout 5
    key *****
    radius-common-pw *****
    aaa-server RADIUS2 protocol radius
    aaa-server RADIUS2 (inside) host 192.168.100.10
    key *****
    radius-common-pw *****
    aaa authentication ssh console LOCAL
    http server enable 4430
    http COMPANY2 255.255.255.0 management
    http TREV 255.255.255.0 inside
    http Company1 255.255.255.224 outside
    http 0.0.0.0 0.0.0.0 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
    crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set TRANS_ESP_AES_128_SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set TRANS_ESP_AES_128_SHA mode transport
    crypto ipsec transform-set TRANS_ESP_AES_256_SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set TRANS_ESP_AES_256_SHA mode transport
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 TRANS_ESP_AES_128_SHA TRANS_ESP_AES_256_SHA TRANS_ESP_3DES_MD5 TRANS_ESP_3DES_SHA
    crypto map outside_map 1 match address outside_1_cryptomap
    crypto map outside_map 1 set pfs group1
    crypto map outside_map 1 set peer 178.188.202.78
    crypto map outside_map 1 set transform-set ESP-3DES-SHA
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    crypto isakmp policy 20
    authentication pre-share
    encryption des
    hash sha
    group 5
    lifetime 28800
    crypto isakmp policy 30
    authentication pre-share
    encryption 3des
    hash sha
    group 5
    lifetime 86400
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh bit-Studio 255.255.255.224 outside
    ssh 0.0.0.0 0.0.0.0 outside
    ssh TREV 255.255.255.0 inside
    ssh timeout 60
    console timeout 0
    management-access inside
    dhcpd address 192.168.1.2-192.168.1.254 management
    dhcprelay server 192.168.100.10 inside
    dhcprelay enable wlan
    dhcprelay setroute wlan
    dhcprelay timeout 90
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy DefaultRAGroup internal
    group-policy DefaultRAGroup attributes
    wins-server value 192.168.100.10
    dns-server value 192.168.100.10
    vpn-tunnel-protocol IPSec l2tp-ipsec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
    default-domain value domain.lan
    intercept-dhcp enable
    group-policy IPsecVPN internal
    group-policy IPsecVPN attributes
    wins-server value 192.168.100.10
    dns-server value 192.168.100.10
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
    default-domain value domain.lan
    username admin password XXXXXXXXXX encrypted privilege 15
    username vpntest password XXXXXXXXX nt-encrypted
    tunnel-group DefaultRAGroup general-attributes
    address-pool VPN-Pool
    authentication-server-group RADIUS
    default-group-policy DefaultRAGroup
    tunnel-group DefaultRAGroup ipsec-attributes
    pre-shared-key *****
    tunnel-group DefaultRAGroup ppp-attributes
    no authentication chap
    authentication ms-chap-v2
    tunnel-group XXXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXXXXXX ipsec-attributes
    pre-shared-key *****
    tunnel-group IPsecVPN type remote-access
    tunnel-group IPsecVPN general-attributes
    address-pool VPN-Pool
    authentication-server-group RADIUS
    default-group-policy IPsecVPN
    tunnel-group IPsecVPN ipsec-attributes
    pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:f2041a5902e945a130fe25fbb8e5d368
    : end

    Hi,
    First I would go through all the NAT0/NAT Exempt rules you have for VPNs. They seem to contain useless lines where either destination or source network isnt correct.
    Lets look at the NAT0 ACL you have line by line
    access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group VPN_Networks
    The above access-list has the correct source network configured Yet it has its destination addresses configured with an "object-group" which contains your LAN network
    You should probably remove the LAN network from the object-group VPN_Networks
    access-list Trev-nat0 extended permit ip object-group VPN_Networks TREV 255.255.255.0
    To my understanding the above ACL line doesnt serve any purpose as the networks configured under VPN_Networks arent located behind your "inside" interface (Other than the one I'm asking to remove from the object-group)
    access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group DM_INLINE_NETWORK_1
    The above ACL overlap with the very first ACL lines configurations and needlesly makes the configuration harder to read. It also contains the Wireless network which it shouldnt
    I would suggest simplifying your NAT0 configurations for example in the following way (change the names if you want if youre going to try it out)
    object-group network TREV-LAN
      description Local networks
      network-object 192.168.100.0 255.255.255.0
    object-group network VPN-NETWORKS
    description Remote networks
    network-object 192.168.200.0 255.255.255.0
    network-object 192.168.201.0 255.255.255.0
    network-object 192.168.1.0 255.255.255.0
    network-object 192.168.11.0 255.255.255.0
    network-object 192.168.101.0 255.255.255.0
    access-list TREV-LAN-NAT0 remark NAT0 / NAT Exempt for VPN Connections
    access-list TREV-LAN-NAT0 permit ip object-group TREV-LAN object-group VPN-NETWORKS
    With the above configurations
    You have all NAT0 with a single line of access-list configuration (not counting the remark line as it doesnt affect anything)
    If there is changes in the VPN pools, VPN remote networks or LAN networks you can simply change them under the configured object-groups instead of touching the actual ACL. There might be situations where you should change the ACL from the above if there is some bigger changes to network
    So as I said, I would start with changing the above NAT configurations and then test the VPN again. If it doesnt work we will have to check some other things out.
    - Jouni

  • Company VPN not working with Home Hub 5

    Hi
    I switched to BT infinity a month or so ago, but have only recently tried to access my company VPN through the service (VPN uses Citrix Xenapp).  It used to work (with my previous ISP using a different router) just fine.
    I can connect to VPN okay, but when I try to launch a virtual app (Windows 7) I get the usual pop-up asking if I want to run the app - I answer Yes but then.... well nothing happens.   It's the same in IE11, Chrome and Safari.  No error or warning messages, just nothing,
    VPN works fine from other locations (just not home - which is where I need it!).
    Have searched around and found other postings like this:-
    http://bt.custhelp.com/app/answers/detail/a_id/142​44/c/346,402,405
    (Tried that and it hasn't worked). 
    Tried switching off parental controls - but that did not good either.
    Also tried factory reset of the hub (not that I've changed any settings) with same result.
    This old thread seems similar, but specifically states that the issue wouldn't affect HomeHub 5:
    https://community.bt.com/t5/Other-Broadband-Queries/New-firmware-kills-VPN/td-p/1196385/page/21
    I'm working on a wired PC in home office, so wireless isn't an option.
    Can anyone help?  It's like something is blocking the application but no messages etc.

    Do you connect via a website or via a client? If it's via a client then try adjusting the MTU on the network interface on the device that's connecting to the VPN try for example 1200. If that doesn't work I'd get your support guys to talk to the software vendor as I'd guess you aren't the first person to have this problem.

  • EOIO is not working for file- BPM- Proxy scenario.

    Hi All,
    I have one File to BPM (Merge pattern ) to Proxy scenario.
    I have two file communication channel at the sender side and defined QOS as EOIO for both. In SXMB_MONI it assings same queue for all messages.
    BPM is merging that messages. However during that it assings different queue for merged messages.
    When it comes to proxy , again different queues are assingned to the messages.
    Is there any way I can define QOS in BPM or at the proxy side ( I know it should be at the sender side only , but it's not working..)
    Thanks & Regards,
    Dijesh Tanna.

    HI,
    Within the current release the BPM will always only use EO (SAP Note 833740).
    May be the SAP note  905049 will help you on this ...
    Thanks
    Swarup

  • HTTPS Web Service datastore : does not work in case of proxy

    Data Services 12.2 on Windows XP SP2
    I've set up a datastore, type "web service", url is https://.... (an external web service, outside of our company)
    I'm able to import the functions of this web service into the datastore.
    In a DF, in a query transform, I call one these functions.
    The job fails with this error message :
    There is no response for the web service <searchCertificate>. Ensure that the network, web server, and service are running properly. Also ensure that the service client call time out is set properly.
    I'm sure the web service is active. I have to pass a proxy.
    When I do not have to pass a proxy (when I execute this job on my laptop not connected to the office network) the job runs fine !
    How can you configure the axis2.xml so that https can run with a proxy ? (no problem to do this for http web services, but I do not see a solution for https web services !)
    Thanks !!

    Hi Sukarna,
    the connection is not the problem.
    Actually I've tested the scenario of abap proxy --> PI -->abap proxy for the same interface, it works fine. Only when I try ws instead of proxy, I got this error. Since proxy scenario works fine, the connection should not be issue.
    any more clues?
    Thanks

  • Remote access vpn not working, VPNC client

                       Hi,
    I have configured a remote access vpn client on cisco ASA 5520 with the following configuration. we are using cisco vpn client.
    tunnel-group consultant type remote-access
    tunnel-group consultant general-attributes
    address-pool VPN
    authentication-server-group RSA-AAA LOCAL
    default-group-policy consultant
    tunnel-group consultant ipsec-attributes
    pre-shared-key *
    group-policy consultant internal
    group-policy consultant attributes
    vpn-idle-timeout 120
    vpn-session-timeout 720
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value access-spilt
    access-list access-spilt standard permit host 10.101.50.60
    One of the linux users is using vpnc and once the user connects to the vpn and the user adds a static route on the machine with the destination pointing to the vpn interface, for example 10.101.50.0/24, user is able to reach all the hosts in the subnet even though the access list on the firewall is configured for one host 10.101.50.60.
    I did the same test on a windows machine, but was only able to reach the specific host allowed through vpn.  why is the network filter not working for vpnc. please advise.
    Thanks

    Hi have solved the issue . enabling the demo 3DES & AES now my VPN is connecting
    https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
    thx to friend "Jennifer Halim"

Maybe you are looking for

  • How can I burn a MP3 CD in itunes

    I bought an Asus DVD/CD burner to plug into my MBA in hopes that I could burn an MP3 CD for my car stereo. When I try to burn the CD iTunes tells me it can't find the burner. How do I mount, or setup, the burner so iTunes will see it. I can play a DV

  • How do I download my music onto another computer, when I no longer have the music on another computer, ipod, or any other storage device?

    Just as it says: How can I download music again that I have already bought and downloaded once on another computer? I no longer have the music on another computer (I no longer have the original computer) and the only other place I put the music was m

  • Safari 1.3.2 - OS 10.3.9 and MLB sites

    OS 10.3.9 Safari 1.3.2 Having a problem with Red Sox (http://boston.redsox.mlb.com/index.jsp?c_id=bos) web site and the official MLB site (http://mlb.mlb.com/index.jsp) on my iMac. Everything else works but I get switched to a "null" page after 30 se

  • Problem with the WLAN

    Hello I have the E51 and when trying to connect my mobile using the WLAN, I used a wrong key while asking for a key and I could not changing it to use the correct one. Each time I want to conect to the WLAN it uses the same wrong key and connect auto

  • Quicktime Logo Display Whilst Loading Video Content

    We are currently building a HTML5 platform using VIDEOJS and have come up against an issue when using it on an ipad. We have several videos loading in a sequence which can be played when an icon is selected. The platform works perfectly on a desktop