VPn Server issue

Hello everybody.
I have an issue making my VPN Server work. here is my situation:
I have a router R1 with 2 ethernet interfaces
interface N°1 : 192.168.1.1/24
interface N°2 : 192.168.2.1/24
the first interface is connected to the subnet to which some computers and servers (DHCP,DNS,Active directory servers) are connected.
the second interface is connected to my VPN server.
the VPN server has 2 interfaces.
one connected to the intranet (precisely R1) with the ip 192.168.2.2 and the second has a public ip address.
the VPN server successfully get its pool of addresses from the dhcp server with the ip 192.168.1.4.
and since the VPN server use the interface with the ip 192.168.2.2 to reach the DHCP server it gets a subset of 192.168.2.0/24.
so I end up with a VPN server who has an intranet interface that belongs to the same subnet as any connected vpn client.
the connection between the server and clients is established correctly and the clients get the correct ip addresses. and yet I can't ping any device except the VPN server interface.
so I captured the packets flow and I discovered that the ECHO message reach it's destination. The problem occur when the Router R1 try to forward the reply to the client.it send an ARP request but it don't get any response.
in this situation based on what a read on internet the VPN server is supposed to act as a proxy ARP replying with it's own MAC address on behalf of the vpn client and then routing the packet to it's destination.
when I configured the VPN server with a static pool from 192.168.3.0/24 and added a static route in R1 everything worked perfectly.
Thanks

Hi,
Could you clarify “so I end up with a
VPN server who has an intranet interface that belongs to the same subnet as any connected vpn client.” Have you disable the 192.168.2.2 interface or make others action on it’s configuration?
•If the static IP address pool consists of ranges of IP addresses that are for a separate subnet, then you need to either enable an IP routing protocol on the remote access
server computer or add static IP routes consisting of the {IP Address, Mask} of each range to the routers of the intranet. If the routes are not added, then remote access clients cannot receive traffic from resources on the intranet.
•If the DHCP server is on the same subnet as the RRAS server, then you do not have to configure the DHCP relay agent. RRAS can find DHCP servers on the same subnet by using
broadcast network packets.
The related KB:
Configure the Way RRAS Assigns IP Addresses to VPN Clients
http://technet.microsoft.com/en-us/library/dd469667.aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
"“so I end up with a
VPN server who has an intranet interface that belongs to the same subnet as any connected vpn client.” means that the interface of my server that is connected to my private network has an ip from 192.168.2.0/24 its the interface used to get to my network
ressources like the DHCP server.
the DHCP relay agent is configured correctly and my vpn server can contact the dhcp server.
when I used a static pool from 192.168.3.0/24 and added a static route to my router everything work perfectly but when I configure my vpn server to get ip addresses
from DHCP server The vpn client can't access my intranet ressources even though it get a correct ip.

Similar Messages

Server 2012 R2 RRAS NAT VPN connectivity issues

Hello all,
I'm having trouble making IKEv2 connections to my VPN server from the Internet after changing my home lab network infrastructure to use Server 2012 R2 RRAS NAT routing. Despite all of the appearances of a proper configuration, it appears that NAT-T is not
working properly.
Let me preface my questions/issues with some critical infrastructure disclosures/explanations to help troubleshoot this issue:
1. This is a home lab environment with no impact to corporate production systems in any way. All information garnered from help in this session is understood to be as-is.
2. The entire environment is on Server 2012 R2 Hyper-V. I’ve configured trunking on all of the layer 2 (Cisco Catalyst switch) etherchannels, and I’ve configured trunking on the Hyper-V vSwitches. I have no issue with internal routing or NAT or with attaching
to VPN from an internal VLAN, which indicates that routing (Layer 3) is not at issue here since everything goes where it should.
3. The NAT server and the VPN server are two separate Windows Server 2012 R2 Std. Hyper-V VMs. The NAT server has 1 NAT uplink to/from my ISP and 5 router interfaces (NICs with no gateways specified). I have a static IP, so it’s not an IP changing anywhere.
I have all of the port forwarding on the public NAT interface configured properly. Email, web, and application access work fine from out-to-in. The VPN server has 2 NICs: one on a VPN VLAN and the other on an internal VLAN.
4. I ran Netmon from my corporate office and saw that IKEv2 traffic to my host over UDP 500 was successful (I got a response back), but the connection to UDP 4500 was attempted 3 times and then fails. Since UDP 4500 is the NAT-T port, I’m thinking this is
where the fault is occurring. I also ran Netmon from the NAT router itself and found that traffic was flowing from the Internet to the VPN server up the stack to Layer 3.
5. As a test, I turned off Windows firewall on both the VPN server and the NAT server. This made no difference, so firewall is not at play here.
6. My certificates are configured properly with my external VPN address and appropriate SANs pointing to the public IP address. These same certificates worked without issue prior to the migration to Server 2012 R2 RRAS as my NAT router.
The actual error I'm receiving is Error 809 which indicates a problem with the connectivity to the VPN server, presumably through the NAT router. Prior to the change to virtual routing, I was using a Linksys E3000 with L2TP/PPTP passthrough enabled and had
no issues connecting to my VPN server remotely.
Some questions I have specifically regarding Server 2012 R2 RRAS and NAT:
1. Is NAT-T "turned on" by default? Are there any settings required through netsh or elsewhere that I might have overlooked to enable NAT Traversal?
2. How can I test if NAT-T is working outside of VPN testing?
3. Is it Microsoft's recommendation/requirement that VPN and NAT be collocated on the same server? I noticed in the NAT forwarding rules that the pre-defined L2TP forwarder says "L2TP on this server." Does that indicate that L2TP can't pass beyond
that server? What are the security implications for running VPN from the router?
Any help would be appreciated. I've been troubleshooting this issue for 2 weeks and cannot seem to find any documentation or help on this issue. I'm hoping if others have similar issues, this post will help point them in the right direction. I have netmon
captures to assist with troubleshooting if it comes to that. I'm certain this is NAT-T at this point, but I just can't prove it beyond a shadow of a doubt, and I have customers who have asked about using Microsoft RRAS for routing. I can't, in good conscience,
recommend it if NAT-T is problematic since most companies want some sort of VPN solution for their environment.
Respectfully yours,
Ron Arestia

Hi Ron,
Please try to create and configure the AssumeUDPEncapsulationContextOnSendRule registry value.
For detailed information, please refer to the link below:
http://support.microsoft.com/kb/926179
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

HT200189 VPN server update actually did not solve my issue on 10.9.1 using Server 3.0.2

The aforementioned fix actually did not solve my issue on 10.9.1 using Server 3.0.2. Any other suggestions? I also see that the VPN service cannot be shut down. After sliding to off, it gives no message and automatically slides to On again...

In my case I managed to fix it by means of this article:
http://jonsview.com/how-to-setup-os-x-10-9-as-a-l2tp-vpn-server-without-apples-s erver-app
And then especially the part about using an old version of Racoon (from Mountain Lion for example) to replace the current apparent defunct one in Mavericks...

GUI issues with VPN server / remote settings - SR520 UC540

Kinda new to the CCA world, but not new to the game. So far I am finding the limitations a bit frustrating, but here's the main issue at the moment:
Attempting to set up a simple network with a UC540 at HQ, with an SR520 at a SOHO site. I can get the remote VPN working fine, also get a VPN to the SR520 for remote administration working. Actually had everything working fine, saved the config and rebooted to test prior to shipping it to out.
However, when I go back to look at the settings, trouble starts.The remote VPN settings don't show - the CCA tells me changes have been made in the CLI (not). The display for the VPN Server also seems buggy as it will not always display the settings for the VPN itself or the networks listed under split tunnels.Changes to either VPN setup appear to bork the other.
As this is going to a site far, far away I need to be very sure that the VPN setup is solid, at least for remote access. I have a sneaking suspicion that some of the settings are shared and changes to one setup affect the other, but after going from everything working > save > reload > not working, I can't see what is wrong.
Short version - need SOHO to communicate with HQ over site-to-site VPN, with remote access from 3d location to CCA.
Any hints?

Hi,
To resolve your issue as soon as possible, please post your question on the Forefront TMG forum:
http://social.technet.microsoft.com/Forums/en-US/home?forum=Forefrontedgegeneral
Steven Lee
TechNet Community Support

VPN to Mountain Lion Server issues

Hi,
I checked a lot of VPN threads here today, but I wasn't able to find a solution for my problem just now. I try to connect by VPN to my Mountain Lion Server, but I get an error message that the VPN server is not responding. I get this message from iPhone and Mac. The Mountain Lion Server is a new installation, no upgrade from an older server.
Some informations on my setup:
I installed the server with a hostname like myserver.mycompany.com and option 3 (internet access), as I want to use it for email at a later stage. All services are working fine (except VPN). DNS is active, but basically it only contains the adress myserver.mycompany.com and forwards everything else to our router.
I changed the DNS settings of our domain ( hosted by an ISP - so not in the local DNS ! ). I created a subdomain vpn.mycompany.com which points to the static IP of our router.
In the router I opened the UDP ports 500, 1701 and 4500, and for 1701 i made the same thing for TCP (I found this in a forum, but I think this is not necessary?), the ports are pointing to the ip of the os x server.
In OS X Server I started VPN for L2TP using the vpn.mycompany.com hostname, and a shared secret.
When I try to connect with I client from outside I try to connect using L2TP via vpn.mycompany.com using the shared secred and user-id and password. The user-id is created in OS X Mountain Lion server and is configured to use VPN service. When trying to connect I get the error message "L2TP-VPN server is not repsonding...".
In the log file of the server I see some entries for each connect:
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: Connecting.
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IPSec Phase1 started (Initiated by peer).
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: receive success. (Responder, Main-Mode message 1).
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: receive success. (Responder, Main-Mode message 3).
Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
Oct 10 20:21:48 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Phase1 Retransmit).
Oct 10 20:22:06 --- last message repeated 2 times ---
Oct 10 20:22:06 myserver.mycompany.com com.apple.SecurityServer[17]: Succeeded authorizing right 'system.privilege.admin' by client '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] (2,0)
Oct 10 20:22:06 myserver.mycompany.com com.apple.SecurityServer[17]: Succeeded authorizing right 'system.privilege.admin' by client '/Library/PrivilegedHelperTools/com.apple.serverd' [1716] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] (100000,0)
Oct 10 20:22:06 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Phase1 Retransmit).
No more entries in log file now. Anyone any ideas what's going wrong. Might there be a problem as I use another servername outside as inside (vpn... instead of myserver...)?
Thanks!

Solved, first of all we tested to establish the VPN connection locally by adding the ip address of the server to /etc/hosts for vpn.mycompany.com. The VPN connected without problems then, so it was clear that it is a firewall/router problem, and not a server problem.
After that we studied some more documentations and found that we don't have to open port 50, but ip protocoll 50 (ESP) on the firewall. After that was done, the connection was working from the internet as well.

Issue with WAN Miniport when setting up VPN server in Windows 7

I tried making my computer a VPN server by setting up a "New incoming connection" under network connections within Network and sharing center. Originally, it did complete but did not show any WAN Miniport connections. I could not connect to this VPN
with my other computer.
What I've done so far:
I "updated" all the WAN Miniports in Device Manager to "MAC Bridge Miniport" driver (since I could not uninstall them as they were) and then proceeded to uninstall all the WAN miniports. I rebooted my computer and then the device
drivers tried to install automatically but only a few installed successfully.
I then downloaded the latest WDK (8.1) and tried re-installing all the WAN Miniports via devcon.exe with the command "devcon.exe install c:\windows\inf\netrasa.inf MS_PptpMiniport". It said that the node was created but it failed to install the
drivers. I rebooted my computer but some of these mini ports appeared as "Unknown" in Device Manager while others appeared with their names but with numbers attached since I've attempted this a few times, Ex: "WAN Miniport (IP) #3".
from my understanding, I need at least WAN Miniport pptp to be working for VPN to work. I don't know what to do at this point. Any help is greatly appreciated. Thanks in advance.
Gateway DX4822-01 Desktop PC
Windows 7 64-bit, SP1

Hi,
Please try to use Incoming connection troubleshooter to fix this problem for test. If it identify any problem that couldn't fix this problem, please provide the error message here.
Control Panel\All Control Panel Items\Troubleshooting\All Categories
Roger Lu
TechNet Community Support

OSX Server VPN timeout issue

I've setup the VPN server in OS X server, and have a new Apple Airport Extreme base station as my wireless router, and it is properly configured for OSX VPN. I can usually connect to the VPN on my iPhone over the cellular network (on the first or second try). However after a few minutes of inactivity, the VPN connection goes away.
Other VPNs I have configured on my phone (for work) don't timeout after periods of inactivity, and I was wondering if there were any settings I could change for the OSX VPN server to not have it drop the VPN connection after a few minutes of idle time.

Sorry, I didn't catch the phone part. That was for client. You can set the OS X Server's VPN timeout via the serveradmin command. Run the following to see all the settings...
serveradmin settings vpn
In particular, look at...
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer
The caveat here is that the longer, or lack of, timeout, the more insecure.

IPad2, Verizon 3G, VPN Connectivity Issues

Greetings all. I am the systems administrator for my corporation and have seen an issue that I wish to present to the community for discussion.
For those enterprise users that have an iPad2 with Verizons 3G, are you experiencing connectivity issues while trying to connect to your VPNs from the 3G network? If so, have you found any work around to allow connectivity or does it work fine for you?
Here's a summary of my issues:
We have a VPN server built on Debian Linux that has been in operation for over four years. It handles remote VPN connections from Windows, Linux, Android, OS X, iOS, and from many different devices including multiple flavors of Apple products (iMacs, Minis, MacBooks, iPads, etc.). To date, it has performed flawlessly with assorted devices connecting to it through broadband and assorted 3G networks.
Recently I purchased an iPad2 with Verizon 3G. I was able to set up the VPN connection using PPTP and connect using a Wi-Fi connection. When I turned off the Wi-Fi and attempted the same connection via Verizon 3G, it fails. I then took an associates iPad1 using AT&T 3G, set up the same connection, and was able to connect. I don't have access to an iPad2 on AT&T 3G so, I can't speak for that.
Here's the logs from the VPN server while connecting from my iPad2:
Wi-Fi
Jul 27 05:20:43 localhost pppd[31694]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Jul 27 05:20:43 localhost pppd[31694]: pptpd-logwtmp: $Version$
Jul 27 05:20:43 localhost pppd[31694]: pppd 2.4.4 started by root, uid 0
Jul 27 05:20:43 localhost pppd[31694]: Using interface ppp2
Jul 27 05:20:43 localhost pppd[31694]: Connect: ppp2 <--> /dev/pts/4
Jul 27 05:20:46 localhost pppd[31694]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
Jul 27 05:20:46 localhost pppd[31694]: found interface eth1 for proxy arp
Jul 27 05:20:46 localhost pppd[31694]: local IP address 192.168.1.69
Jul 27 05:20:46 localhost pppd[31694]: remote IP address 192.168.1.82
Jul 27 05:20:46 localhost pppd[31694]: pptpd-logwtmp.so ip-up ppp2 scott XXX.XXX.XXX.XXX (removed external IP for security reasons)
Quick connect, able to utilize VPN connection normally. No issues.
Verizon 3G
Jul 27 05:20:29 localhost pppd[31682]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Jul 27 05:20:29 localhost pppd[31682]: pptpd-logwtmp: $Version$
Jul 27 05:20:29 localhost pppd[31682]: pppd 2.4.4 started by root, uid 0
Jul 27 05:20:29 localhost pppd[31682]: Using interface ppp2
Jul 27 05:20:29 localhost pppd[31682]: Connect: ppp2 <--> /dev/pts/4
Jul 27 05:20:32 localhost pppd[31682]: peer refused to authenticate: terminating link
Jul 27 05:20:33 localhost pppd[31682]: Connection terminated.
Jul 27 05:20:33 localhost pppd[31682]: Exit.
As you can see, the peer refuses to authenticate causing the link to be terminated while attempting to connect using Verizons network. This is with the same VPN connection settings on the iPad2 that just worked with WiFi connection from the same device.
Here's what I can verify with regards to 3G networks:
Older (<4) iPhones and iPad1 using AT&T can connect
Windows and OS X based laptops using Sprint 3G can connect
Android based smart phones using Sprint 3G can connect
I have not called Verizon or Apple Support yet but, that's next when I have the time. My initial conclusion is that there is something with Verizons 3G services that is causing the issue. It may be that Verizon is using some sort of data compression process that is problematic with VPN transmission. While the log shows an unsupported IPv6 protocol when connecting via Wi-Fi, it still negotiates a successful connection and I don't think that's the root cause for the disconnect. Thoughts?

Hi Alexander,
I am running in to the exact same issue (although not with Linux). Did you ever find a fix for this? I have some support tickets open with my VAR's, but found your post and thought I would check. If I find anything I will post.
Thanks
Stu

Windows 8.1 VPN Server Setup - No Network softwaare to choose

Hi Everyone
Windows 8.1
Setting up an incoming VPN Server.
When I try to create a New Incoming Connection via Control Panel > Network and Sharing Center > Change adapter settings > Alt - F > New Incoming Connection.
The wizard appears so I check the User Account > Next > Check Through the Internet > Next bringing up the Allow connections to this computer window where I should be able select Networking software to be enabled and then go on
to click Allow Access button. The networking software to highlight window is blank. Using the Install... button below this window brings up the Select Network Feature Type window where I can highlight a feature (Client, Service or Protocol)
and click Add button . It returns to the Allow connections window which has not changed and nothing is added. Still blank.
How do I get the network software to be there to select?
I have done this on other machines and had no problems at all. It worked the way it should.
After I did an image and reset operating system, the VPN Server Setup worked as it should. Restored image as it is way to much work to rebuild the machine. So any ideas?
Any and all help will be appreciated.
Thanks in advance. Lowell

Hi,
Did you mean you have solved this problem by resetting Windows?
Regarding to current information, this issue can be caused by port settings or corrupted Windows components.
Please check if the VPN port 1723 has been set as allowed in both your Firewall and router settings pages.
Also, we may fix such issue by running following repair command:
NOTE: Please run these commands as administrator.
SFC /SCANNOW
dism /online /cleanup-image /restorehealth
For further help, you can upload %windir%\logs\CBS\cbs.log and %windir%\Logs\DISM\dism.log into Onedrive or similar file service and share the link here for our research.
Kate Li
TechNet Community Support

Can't connect to vpn server

I am now setting up the vpn server using mac mini with Mac OSX v 10.7 Lion Server. After setting up, I found that I can't make connection.
When I check out the console, I find that the vpnd continue assign IP address to the same client and then hungup as follows:
Is there any solution?
11/17/11 2:31:56.180 PM racoon: IKE Packet: receive success. (Responder, Main-Mode message 1).
11/17/11 2:31:56.181 PM racoon: IKE Packet: transmit success. (Responder, Main-Mode message 2).
11/17/11 2:31:56.206 PM racoon: IKE Packet: receive success. (Responder, Main-Mode message 3).
11/17/11 2:31:56.225 PM racoon: IKE Packet: transmit success. (Responder, Main-Mode message 4).
11/17/11 2:31:56.241 PM racoon: IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).
11/17/11 2:31:56.241 PM racoon: IKE Packet: receive success. (Responder, Main-Mode message 5).
11/17/11 2:31:56.241 PM racoon: IKEv1 Phase1 Responder: success. (Responder, Main-Mode).
11/17/11 2:31:56.241 PM racoon: IKE Packet: transmit success. (Responder, Main-Mode message 6).
11/17/11 2:31:56.241 PM racoon: IPSec Phase1 established (Initiated by peer).
11/17/11 2:31:57.098 PM racoon: IPSec Phase2 started (Initiated by me).
11/17/11 2:31:57.098 PM racoon: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
11/17/11 2:31:57.102 PM racoon: IPSec Phase2 started (Initiated by peer).
11/17/11 2:31:57.102 PM racoon: IKE Packet: receive success. (Responder, Quick-Mode message 1).
11/17/11 2:31:57.102 PM racoon: IKE Packet: transmit success. (Responder, Quick-Mode message 2).
11/17/11 2:31:57.104 PM racoon: IKE Packet: receive success. (Responder, Quick-Mode message 3).
11/17/11 2:31:57.105 PM racoon: IKEv1 Phase2 Responder: success. (Responder, Quick-Mode).
11/17/11 2:31:57.105 PM racoon: IPSec Phase2 established (Initiated by peer).
11/17/11 2:31:57.157 PM vpnd: Incoming call... Address given to client = 137.189.141.137
11/17/11 2:31:57.157 PM com.apple.ppp.l2tp: 2011-11-17 14:31:57 CST Incoming call... Address given to client = 137.189.141.137
11/17/11 2:31:57.180 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:31:57.181 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:31:58.156 PM vpnd: Incoming call... Address given to client = 137.189.141.138
11/17/11 2:31:58.156 PM com.apple.ppp.l2tp: 2011-11-17 14:31:58 CST Incoming call... Address given to client = 137.189.141.138
11/17/11 2:31:58.177 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:31:58.179 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:31:59.156 PM vpnd: Incoming call... Address given to client = 137.189.141.139
11/17/11 2:31:59.156 PM com.apple.ppp.l2tp: 2011-11-17 14:31:59 CST Incoming call... Address given to client = 137.189.141.139
11/17/11 2:31:59.178 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:31:59.179 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:32:00.100 PM racoon: IKE Packet: transmit success. (Phase2 Retransmit).
11/17/11 2:32:00.157 PM vpnd: Incoming call... Address given to client = 137.189.141.140
11/17/11 2:32:00.157 PM com.apple.ppp.l2tp: 2011-11-17 14:32:00 CST Incoming call... Address given to client = 137.189.141.140
11/17/11 2:32:00.178 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:32:00.180 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:32:02.102 PM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
11/17/11 2:32:03.103 PM racoon: IKE Packet: transmit success. (Phase2 Retransmit).
11/17/11 2:32:06.107 PM racoon: IKE Packet: transmit success. (Phase2 Retransmit).
11/17/11 2:32:09.110 PM racoon: IKEv1 Phase2: maximum retransmits. (Phase2 maximum retransmits).
11/17/11 2:32:12.114 PM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
11/17/11 2:32:17.191 PM vpnd: --> Client with address = 137.189.141.137 has hungup
11/17/11 2:32:17.191 PM com.apple.ppp.l2tp: 2011-11-17 14:32:17 CST --> Client with address = 137.189.141.137 has hungup
11/17/11 2:32:18.163 PM vpnd: Incoming call... Address given to client = 137.189.141.137
11/17/11 2:32:18.163 PM com.apple.ppp.l2tp: 2011-11-17 14:32:18 CST Incoming call... Address given to client = 137.189.141.137
11/17/11 2:32:18.180 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:32:18.184 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:32:18.186 PM vpnd: --> Client with address = 137.189.141.138 has hungup
11/17/11 2:32:18.186 PM com.apple.ppp.l2tp: 2011-11-17 14:32:18 CST --> Client with address = 137.189.141.138 has hungup
11/17/11 2:32:19.163 PM vpnd: Incoming call... Address given to client = 137.189.141.138
11/17/11 2:32:19.163 PM com.apple.ppp.l2tp: 2011-11-17 14:32:19 CST Incoming call... Address given to client = 137.189.141.138
11/17/11 2:32:19.180 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:32:19.184 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:32:19.186 PM vpnd: --> Client with address = 137.189.141.139 has hungup
11/17/11 2:32:19.186 PM com.apple.ppp.l2tp: 2011-11-17 14:32:19 CST --> Client with address = 137.189.141.139 has hungup
11/17/11 2:32:20.164 PM com.apple.ppp.l2tp: 2011-11-17 14:32:20 CST Incoming call... Address given to client = 137.189.141.139
11/17/11 2:32:20.164 PM vpnd: Incoming call... Address given to client = 137.189.141.139
11/17/11 2:32:20.187 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:32:20.188 PM vpnd: --> Client with address = 137.189.141.140 has hungup
11/17/11 2:32:20.188 PM com.apple.ppp.l2tp: 2011-11-17 14:32:20 CST --> Client with address = 137.189.141.140 has hungup
11/17/11 2:32:20.189 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:32:21.164 PM vpnd: Incoming call... Address given to client = 137.189.141.140
11/17/11 2:32:21.164 PM com.apple.ppp.l2tp: 2011-11-17 14:32:21 CST Incoming call... Address given to client = 137.189.141.140
11/17/11 2:32:21.185 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:32:21.187 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:32:29.130 PM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
11/17/11 2:32:38.192 PM vpnd: --> Client with address = 137.189.141.137 has hungup
11/17/11 2:32:38.192 PM com.apple.ppp.l2tp: 2011-11-17 14:32:38 CST --> Client with address = 137.189.141.137 has hungup
11/17/11 2:32:39.141 PM racoon: IKE Packet: transmit success. (Phase1 Retransmit).
11/17/11 2:32:39.172 PM vpnd: Incoming call... Address given to client = 137.189.141.137
11/17/11 2:32:39.172 PM com.apple.ppp.l2tp: 2011-11-17 14:32:39 CST Incoming call... Address given to client = 137.189.141.137
11/17/11 2:32:39.189 PM vpnd: --> Client with address = 137.189.141.138 has hungup
11/17/11 2:32:39.189 PM com.apple.ppp.l2tp: 2011-11-17 14:32:39 CST --> Client with address = 137.189.141.138 has hungup
11/17/11 2:32:39.191 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:32:39.192 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:32:40.172 PM vpnd: Incoming call... Address given to client = 137.189.141.138
11/17/11 2:32:40.172 PM com.apple.ppp.l2tp: 2011-11-17 14:32:40 CST Incoming call... Address given to client = 137.189.141.138
11/17/11 2:32:40.194 PM pppd: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
11/17/11 2:32:40.197 PM pppd: L2TP incoming call in progress from '137.189.141.146'...
11/17/11 2:32:40.198 PM vpnd: --> Client with address = 137.189.141.139 has hungup
11/17/11 2:32:40.198 PM com.apple.ppp.l2tp: 2011-11-17 14:32:40 CST --> Client with address = 137.189.141.139 has hungup
11/17/11 2:32:41.173 PM vpnd: Incoming call... Address given to client = 137.189.141.139
11/17/11 2:32:41.173 PM com.apple.ppp.l2tp: 2011-11-17 14:32:41 CST Incoming call... Address given to client = 137.189.141.139
11/17/11 2:32:41.191 PM vpnd: --> Client with address = 137.189.141.140 has hungup

I have no new information to report to help you with this, but I am also seeing the same issue. The same behavior happens when connecting through my router *or* via ATT iPhone tethering.

Cisco VPN server internal connection

I have a cisco 1841 router which I use as VPN server. This is the configuration:
Cisco#show running-config Building configuration...Current configuration : 6382 bytes!version 15.1service tcp-keepalives-inservice tcp-keepalives-outservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Cisco!boot-start-markerboot-end-marker!!enable secret 5 $1$Xg19$MKt1eIm4yrmDwcYn1z0x2/enable password qwerty!aaa new-model!!aaa authentication login default localaaa authentication login ciscocp_vpn_xauth_ml_1 localaaa authorization exec default local aaa authorization network ciscocp_vpn_group_ml_1 local ! !! !! aaa session-id common! dot11 syslogip source-route!! !! !ip cef no ipv6 cef! multilink bundle-name authenticated! crypto pki token default removal timeout 0! crypto pki trustpoint TP-self-signed-947112914 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-947242914 revocation-check none rsakeypair TP-self-signed-947182914! !crypto pki certificate chain TP-self-signed-947142914 certificate self-signed 01 3082023B 308201A4 A0030201 02020101 300D0609 2A874886 F70D1101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 39343731 34325931 34301E17 0D313131 31323532 30353931 325A170D 32303031 30313030 30303030 5A303031 2E302C06 03559403 1325444F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3934 37313432 39313430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 B4C6CC16 5EA2210F D4A0234B 90D9E29C E1132F0D 491CC9BC F513EF57 A5986C31 C03BC061 B3B4E103 0005F992 A7CA2605 8C46FCB2 C22AAC4B 739D1DC2 49EA3883 253D553C A1E7BD3A 26D49347 86414B11 5C03F4E6 A4BD5306 CD857F99 0A567B85 FD639414 C2E25161 74A52A7B 32753F25 AE8FDC73 EC859EEC D8A1C9C4 D8A50EED 02030100 01A36530 63300F06 03551D13 0101FF04 05300301 01FF3010 0603551D 11040930 07820543 6973636F 301F0603 551D2304 18301680 14414AD6 2A674283 54CC008C A6B81E1D 7A3B09A4 8C301D06 03551D0E 04160414 414AD62A 67428354 CC008CA6 B81E1D7A 3B09A48C 300D0609 2A864886 F70D0101 04050003 8181007B 00264BAE A55C3CB0 20F83B46 A047F400 3B5748CA D8C64A49 5484FE1E 7588949F A8E5EBAE BE5FAD22 0C89FC92 671E0BB6 1155EB76 21E72F07 68F76AE3 2F0CB2C6 EC26A8C1 C3EA1300 CE284F9B 3E3F6BB9 7807CF63 8154BC4B AD33392E 68347E0B F78AE625 818C3A4E 6E0302D8 26DF4890 08E42063 37BF9026 BF4E251D A86EEA quit!! license udi pid CISCO1841 sn FCZ150218ACusername root privilege 15 password 0 qwertyusername admin secret 5 $1$78MV2Yc72fwt5PoEm.eK33PlKw1username test privilege 15 password 0 test_123!redundancy!! ! crypto ctcp keepalive 6crypto ctcp port 443 ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2crypto isakmp keepalive 10 10 periodiccrypto isakmp nat keepalive 20! crypto isakmp client configuration group cisco key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_client include-local-lan max-users 1000 netmask 255.255.255.0!crypto isakmp client configuration group server_1 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_1 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_2 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_2 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_3 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_3 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_4 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_4 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_5 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_5 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_6 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_6 include-local-lan netmask 255.255.255.0!crypto isakmp client configuration group server_7 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_7 save-password include-local-lan netmask 255.255.255.0! crypto isakmp client configuration group server_8 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_8 include-local-lan netmask 255.255.255.0! crypto isakmp client configuration group server_9 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_9 include-local-lan netmask 255.255.255.0! crypto isakmp client configuration group server_10 key qwerty dns 8.8.8.8 domain cisco.com pool SDM_POOL_server_10 include-local-lan netmask 255.255.255.0! crypto ipsec security-association lifetime seconds 86400crypto ipsec security-association idle-time 86400!crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac !crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route!! crypto map SDM_CMAP_1 local-address FastEthernet0/0crypto map SDM_CMAP_1 client authentication list ciscocp_vpn_xauth_ml_1crypto map SDM_CMAP_1 isakmp authorization list ciscocp_vpn_group_ml_1crypto map SDM_CMAP_1 client configuration address respondcrypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! !! !! interface Loopback0 ip address 172.16.0.1 255.255.255.255!interface FastEthernet0/0 ip address 192.168.1.130 255.255.255.0 ip flow ingress speed auto full-duplex no mop enabled crypto map SDM_CMAP_1!interface FastEthernet0/1 no ip address shutdown speed auto full-duplex no mop enabled! ip local pool SDM_POOL_client 10.10.10.51 10.10.10.190ip local pool SDM_POOL_server_1 10.10.10.1ip local pool SDM_POOL_server_2 10.10.10.2ip local pool SDM_POOL_server_3 10.10.10.3ip local pool SDM_POOL_server_4 10.10.10.4ip local pool SDM_POOL_server_5 10.10.10.5ip local pool SDM_POOL_server_6 10.10.10.6ip local pool SDM_POOL_server_7 10.10.10.7ip local pool SDM_POOL_server_8 10.10.10.8ip local pool SDM_POOL_server_9 10.10.10.9ip local pool SDM_POOL_server_10 10.10.10.10ip forward-protocol ndip http serverip http authentication localip http secure-server! !ip route 0.0.0.0 0.0.0.0 192.168.1.1!logging esm configaccess-list 100 remark CCP_ACL Category=4access-list 100 permit ip 10.10.0.0 0.0.255.255 any!! !! !! !! control-plane! !! line con 0line aux 0line vty 0 4 password qwerty transport input telnet ssh! scheduler allocate 20000 1000end Cisco#
I have a VPN clients which can connect to the VPN server and communicate each other. I want to connect dedicated server to port FE 0/1 and all VPN clients to be able to see and communicate with the server. How I can connect the two networks?

Ideally, VPN connectivity is tested from devices behind the endpoint devices that do the encryption, yet many users test VPN connectivity with the ping command on the devices that do the encryption. While the ping generally works for this purpose, it is important to source your ping from the correct interface. If the ping is sourced incorrectly, it can appear that the VPN connection has failed when it really works. If ping works continuously then the problem can be that the xauth times out. Increase the timeout value for AAA server in order to resolve this issue.
For further information about troubleshoot the VPN connectivity click this link.
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solunf

Untrusted VPN Server Certificate

We just upgraded our AnyConnect to Ver 3.1.01065 and we are using a self signed cert with it. We haven't had any issues with the before but now when ever a customer logs on to the VPN using AnyConnect we get " Security warning: Untrusted VPN Server Certificate!" and it says that AnyConnect cannot verify the VPN server.
Then i can connect anyways or cancel.
Because this is my server and i trust the cert i am fine just clicking Connect anyways. My customers freak out a bit when they see this, I know this has to be a simple fix but i can't figure out how to get my local boxes to trust the cert. Has anyone run in to this with Ver 3.1.01065 and how did you fix it?
Thanks,
Jeremy

Cisco is really trying to make people stop using self-signed certificates with AC 3.1. You have to either use a trusted root CA (either private or public) or turn off the certificate checking altogether.

Lion 10.7.4 PPTP VPN MPPE Issues

Hey people,
I recently upgraded my server from Snow Leopard Server to Lion Server, and updated to 10.7.4. I know Lion Server didn't offer a GUI for PPTP configuration before 10.7.3, but after the update I figured I'd give it a shot. I kinda wish I hadn't.
I've setup VPN through the Server app, basically leaving all the settings to their default. I'm trying to connect to the server locally, so I know port forwarding isn't the issue. I only want to get PPTP working; since one of the L2TP ports is the same as the Back to my Mac through iCloud port (I think it's 4500 or something), I wanted to go with the PPTP so I could also have Back to my Mac (don't ask why I want both).
Anyway, the issue is in connecting to the server locally, I get an error in the log file about how MPPE is required, but keys are not available. I know what MPPE is, and even followed the support doc from http://support.apple.com/kb/TS4241, but it didn't help. Client-side, I'm getting the error "A connection could not be established to the PPP server. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."
I've copied the log file below. Please let me know if I missed any information; I'm in a bit of a rush and had to type this quickly. Any help is always appreciated. Thanks!
2012-05-13 14:29:57 EDT Incoming call... Address given to client = 192.168.1.229
Sun May 13 14:29:57 2012 : Directory Services Authentication plugin initialized
Sun May 13 14:29:57 2012 : Directory Services Authorization plugin initialized
Sun May 13 14:29:57 2012 : PPTP incoming call in progress from '192.168.1.13'...
Sun May 13 14:29:57 2012 : PPTP connection established.
Sun May 13 14:29:57 2012 : using link 0
Sun May 13 14:29:57 2012 : Using interface ppp0
Sun May 13 14:29:57 2012 : Connect: ppp0 <--> socket[34:17]
Sun May 13 14:29:57 2012 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x76ed810> <pcomp> <accomp>]
Sun May 13 14:29:57 2012 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x12cb3fcd> <pcomp> <accomp>]
Sun May 13 14:29:57 2012 : lcp_reqci: returning CONFACK.
Sun May 13 14:29:57 2012 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x12cb3fcd> <pcomp> <accomp>]
Sun May 13 14:29:57 2012 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x76ed810> <pcomp> <accomp>]
Sun May 13 14:29:57 2012 : sent [LCP EchoReq id=0x0 magic=0x76ed810]
Sun May 13 14:29:57 2012 : sent [CHAP Challenge id=0x11 <401c36015b2e670f22256c5d415e0a60>, name = "mac-mini-server.local"]
Sun May 13 14:29:57 2012 : rcvd [LCP EchoReq id=0x0 magic=0x12cb3fcd]
Sun May 13 14:29:57 2012 : sent [LCP EchoRep id=0x0 magic=0x76ed810]
Sun May 13 14:29:57 2012 : rcvd [LCP EchoRep id=0x0 magic=0x12cb3fcd]
Sun May 13 14:29:57 2012 : rcvd [CHAP Response id=0x11 <30ed187d21d0e87dd09b414cc535a12f0000000000000000622d557cb34e3baba02fdf3979d3e4 eef774f2c5192d667d00> , name = "Matt"]
Sun May 13 14:29:57 2012 : DSAuth plugin: unsupported authen authority: recved ShadowHash;HASHLIST:<SALTED-SHA512,SMB-NT,CRAM-MD5,RECOVERABLE>, want ApplePasswordServer
Sun May 13 14:29:57 2012 : sent [CHAP Success id=0x11 "S=275C80AAE3A93F8EAEBCC5D14D79D9692DC925AD M=Access granted"]
Sun May 13 14:29:57 2012 : CHAP peer authentication succeeded for Matt
Sun May 13 14:29:57 2012 : DSAccessControl plugin: User 'Matt' authorized for access
Sun May 13 14:29:57 2012 : MPPE required, but keys are not available. Possible plugin problem?
Sun May 13 14:29:57 2012 : sent [LCP TermReq id=0x2 "MPPE required but not available"]
Sun May 13 14:29:57 2012 : Connection terminated.
Sun May 13 14:29:57 2012 : Connect time 0.0 minutes.
Sun May 13 14:29:57 2012 : Sent 0 bytes, received 0 bytes.
Sun May 13 14:29:57 2012 : PPTP disconnecting...
Sun May 13 14:29:57 2012 : PPTP disconnected

Well, it's been a few days and with no response I thought I'd look for another solution. I've been trying this software called iVPN, apparently it's like a front-end to OS X's built-in VPN server. Anyway, I disabled the VPN Server from the Server app, turned on iVPN and was VPN-ing from my iPhone over 3G in notime. It's a great app, though it kinda ***** that the server can't do what it's built to do. Since VPN was the big reason I got Server in the first place, I'll probably uninstall it and stick with OS X's built-in file sharing and iVPN.

Setting up VPN Server fails in Windows 8.1

Hello Folks
I'm trying to set up VPN server in my Windows 8.1 box to receive incoming connections. It fails at the last step (http://www.diaryofaninja.com/blog/2012/09/11/setting-up-a-vpn-server-on-windows-7-or-windows-8-ndash-secure-your-internet-use-while-away)
of the process (Allow Access) with the following error. I binged a lot but none of the trouble shooting mechanisms worked for me. I made sure that concerned service (Routing and Remote Access) can be started and stopped manually. Also, the same step works
in Windows 7.
Please see attached for error details.
Highly appreciate any help for fixing the issue.
Cheers
Manohar

Hi Manooh,
Besides disabling IP v6, try reset the TCP/IP in the way below:
Open the command line windows as an administrator and type the command “nets hint ip reset” hit enter, or you can try the fix it below:
http://support.microsoft.com/kb/299357
We usually modify the default RDP port 3389 to another value, if you followed this too, you should add an port exception through a firewall in the way below:
1.Open Windows Firewall
2.In the left pane, click Advanced settings.
3.In the Windows Firewall with Advanced Security dialog box, in the left pane, click Inbound Rules, and then, in the right pane, click New Rule.
4. Choose “port” and input the port number as allowed to connect.
Regards
Wade Liu
TechNet Community Support

How to start VPN Server with PPTP + How to backup Addressbook Server

Hey people,
I currently have Lion Server running on my mac mini server, it was upgraded to Lion (server) from Snow Leopard server.
Now i have 2 issues i'd like to address and ask your help for.
1. VPN Server on Lion Server.
I have had the VPN server running on Snow Leopard server without a problem, however, since my Lion upgrade it just isn't working with PPTP anymore.
I did read alot of discussions here and also read that you can configure it through the terminal using the serveradmin tool.
I have followed the instructions to get PPTP enabled, but it just isnt listening on the correct port, i don't see anything running nor can i connect from my Lion client to the server (i get server not responding).
Does anyone experiece the same problem? or know how to solve this?
2. Addressbook Server on Lion Server.
I have a few network users on my system, they use the Addressbook server through their iphone/ipad.
I don't know how to backup their contacts they added in the server, is there a way to backup the data?
I have already tried to export the user using the Workgroup Manager, but when i look in the file, i don't see any additional info other then the user settings.
I have been thinking of reinstalling the server to a complete fresh Lion only installation instead of the current upgraded Lion from Snow Leopard, that's why i need to backup the info.
Time Machine backups of an upgraded Snow Leopard Server to Lion Server won't work on a fresh Lion Server installation, i have always had the problem that it can't read the data for some reason.
Anyone know a solution for these 2 issues?

Hi,
In your base module MANIFEST.MF include Rest module in ATG-Required.
It like,
ATG-Required: DCS B2CCommerce WebUI Rest
Hope it will work for you.
Regrads
Kumaresh Babu A

VPn Server issue

Similar Messages

Maybe you are looking for