VPN service module with EFM
Dears,
we are already user VPN module in our chassis 6500 where all communication lines are terminated.
now we will using EFM line , but i am not sure how to cahnage configuration related to it.
Hello,
You will need both. The 7600-SSC-400 is the carrier module of the SPA-IPSec-2G.
There is more information on this via the following link:
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/6500series/76ovwvpn.html
Warm Regards,
Rose
Similar Messages
-
VPN service module choice 7600-SSC-400 vs. SPA-IPSEC-2G
Need to decide between the two VPN service module: 7600-SSC-400 and SPA-IPSEC-2G for a 6509 sup 720 3bxl. Not sure what is the difference and couldnt find too much info just searching the internet. What would be the benefits of one or another?
Hello,
You will need both. The 7600-SSC-400 is the carrier module of the SPA-IPSec-2G.
There is more information on this via the following link:
http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/6500series/76ovwvpn.html
Warm Regards,
Rose -
Hi All,
we have a VPN service module that doesn't support AES 256 bits. is there a way to overcome this limitation by uploading a key? how can we do it if feasible?
thanks
Jeanif you require aes you need the newer VPN SPA.
http://www.cisco.com/en/US/prod/collateral/routers/ps368/product_data_sheet0900aecd8027c9ee_ps8768_Products_Data_Sheet.html
(assuming you have a 6500/7600...but you didn't state exactly what you have) -
ASA Service Module with Packeer
I have a customer about to install an ASASM in a 6800 switch. Their previous setup was an ASA 5520 connected to 4500 core switch with a Blue Coat Packet Shaper sitting between the inside interface of the ASA 5520 and 4500.
With the ASASM backplane connected to 6800, it seems impossible to direct the inside traffic to a physical port on the switch, then through the packet shaper, and then back into switch.
I do know that the packet shaper can monitor the traffic from the inside interface using port mirroring, but the customer would loose the ability to actually shape Internet traffic.
I have a TAC case open, and they currently trying to figure out if this is possible. I am asking here to see if anyone has already attempted a scenario like this.
Thanks.Hi Nick,
Take a Look here.
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/virtual_switching_systems.html#wp1053927
Gereinigt
Michael
Sent from Cisco Technical Support iPad App -
AR invoice issued from Service module with approval procedures
When an AR invoice is issued from Service Call tab, due to the reason that we require approval, when the invoice is approved and added, the AR invoice is not captured in service call tab as a linkage. Is this the limitation in Business one? Any ideas about how to resolve this issue?
hi,
It may be due to application error,
Check this Note 1052012 - Docs that need approval cannot be created from service call
[https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1052012]
Jeyakanthan -
[cisco VPN] Can't build kernel module with 2.6.9-ARCH
I need to setup a vpn tunnel to my university in order to gain acces to their resources and be able to surf when I am on the campus. With 2.6.8.1 I used the Cisco VPN client 4.0.5 k9. After my upgrade to 2.6.9 I had to rebuild the module, but now it fails to build. Anyone knows how to solve this? Or does anyone know another vpn client that is compatible with Cisco. This piece of software is essential to me. Please help. Here is the output:
Cisco Systems VPN Client Version 4.0.5 (Rel) Linux Installer
Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin] /usr/bin
Automatically start the VPN service at boot time [yes] no
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
For RedHat 6.x users these files are installed in /usr/src/linux by default
For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default
Directory containing linux kernel source code [/lib/modules/2.6.9-ARCH/build]
* Binaries will be installed in "/usr/bin".
* Modules will be installed in "/lib/modules/2.6.9-ARCH/CiscoVPN".
* The VPN service will *NOT* be started automatically at boot time.
* Kernel source from "/lib/modules/2.6.9-ARCH/build" will be used to build the module.
Is the above correct [y] y
Making module
make -C /lib/modules/2.6.9-ARCH/build SUBDIRS=/home/luk/sources/vpnclient modules
make[1]: Entering directory `/usr/src/linux-2.6.9-ARCH'
CC [M] /home/luk/sources/vpnclient/interceptor.o
/home/luk/sources/vpnclient/interceptor.c: In function `add_netdev':
/home/luk/sources/vpnclient/interceptor.c:59: sorry, unimplemented: inlining failed in call to 'supported_device': function body not available
/home/luk/sources/vpnclient/interceptor.c:245: sorry, unimplemented: called from here
make[2]: *** [/home/luk/sources/vpnclient/interceptor.o] Error 1
make[1]: *** [_module_/home/luk/sources/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-2.6.9-ARCH'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".I modified the pkgbuild posted here by someone (thank you!) so it includes all relevant files (meaning also vpnc-connect and vpnc-disconnect and vpnc.conf).
pkgname=vpnc
pkgver=0.2
pkgrel=1
pkgdesc="Client for Cisco3000 VPN Concentrator"
url="http://www.unix-ag.uni-kl.de/~massar/vpnc/"
license="GPL"
depends=(libgcrypt)
source=(http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.2-rm+zomb.1.tar.gz)
md5sums=(ded67de747874c4245ed8405146dc94a)
build() {
cd $startdir/src/vpnc-0.2-rm+zomb.1
# We want the CFLAGS specified in makepkg.conf to be used
mv Makefile Makefile.old
sed -e 's/-W -Wall -O -g/$(MYCFLAGS)/g' -e 's/LDFLAGS=-g /LDFLAGS=/g' Makefile.old > Makefile
export MYCFLAGS=$CFLAGS
make
install -d $startdir/pkg/usr/sbin
install vpnc $startdir/pkg/usr/sbin
install vpnc-connect $startdir/pkg/usr/sbin
install vpnc-disconnect $startdir/pkg/usr/sbin
install -d $startdir/pkg/etc
install vpnc.conf $startdir/pkg/etc
Guess what, it works
I can reproduce my steps.
- makepkg
- pacman -A vpnc-xxxxxx.tar.gz
- add tun to the daemons array in rc.conf
- Modify /etc/vpnc.conf
- vpnc-connect -
XML Publisher with Service Module - Service Request Reports -- URGENT
Hi all ... any pointers/help/guidance with the problem listed below would be much appreciated.
I'm working in the context of the Oracle Service Module & Service Request Reports.
I'm required to configure the XML Publisher Responsibility seeded functionality with the service module reports.
Listed below are the two reporting requirements that I'm considering , corresponding to the following seeded XMLP Responsibility seeded components:
(I'm quoting an extract from the Oracle TeleService Implementation & User Guide here).
Detailed Report
Data Definition: Service Request Detail Definition (CS_SR_DETAIL_DEF)
Corresponding Template: Service Request Detail Report Template (CS_SR_DETAIL_TMP.en)
Template Description: Includes all of the available service request attributes including charges, the two descriptive flexfields, and extensible attributes.
Summary Report
Data Definition: Service Request Summary Definition (CS_SR_SUMMARY_DEF)
Corresponding Template: Service Request Summary Report Template (CS_SR_SUMMARY_TMP_en)
Template Description: Includes a subset of the detailed report attributes including the same charges information as the detailed report.
When I log into the EBS >> XML Publisher Administrator Responsibility >> Service Application ... I find these seeded XMLP components, together with the preview data, downloadable templates & sample output.
The question is:
Where (responsibility/application/navigation/etc.) do I find the seeded EBS Service Reports to provide the expected XML input to the seeded XMLP Service Request Data Definitions & Templates????
Notes ...
I have found the following two reports, under the Service Application in EBS, set their output type to XML and viewed the output of the submitted request:
- Service Request Detail Report
- Service Request Summary Report
... but each of these two reports produce XML output of a different data model/structure to that expected by each of the corresponding seeded XMLP data-definitions/templates.
Additionally, I cannot find any corresponding concurrent program definitions on the system with the same SHORT-NAME/CODE as the seeded XMLP data definitions themselves i.e. CS_SR_DETAIL_DEF and CS_SR_SUMMARY_DEF.
Are the necessary reports not actually seeded within EBS? Do the seeded XMLP data definitions & templates require development of new Concurrent Programs from scratch to access the database tables and provide the necessary data/input, or am I missing something here??I am sure you found a solution to your problem. If not, to give a pointer to this issue, I guess these reports are gererated right from the service request screen and this definition is used there.This report can be generated from several places based on where you are within SR scree.
Thanks
Nagamohan -
Can log into Yosemite server (4.0) VPN service with a Mavericks client, but not Yosemite client
Sever Info:
Yosemite Server 4.0 running on a late 2009 Mac Mini with 8 GB RAM with vpnd service enabled
The server was upgraded to Yosemite - not clean install - this may not matter (see below)
Airport extreme router with standard VPN UDP ports for L2TP forwarded to server (500, 1701, 4500)
Client info:
MB Air 13" early 2014 with 8 GB RAM
Yosemite
Mavericks 10.9.5 running as a Parallels virtual machine (don't ask - I need it to run an app for work that is not yet compatible with Yosemite)
OD service is NOT running - no VPN connections ever occurred from ANY client with this service running - OD is not needed in my case fortunately
With the OD service off, I can connect via the Mavericks virtual machine just fine, but not with Yosemite. With Yosemite, the ppp connection appears to occur, but server config requests appear to fall on deaf ears (client side doesn't appear to respond) until the connection times out. Can't figure out what triggers the client response to a server config request. Client side complains about no route to host and IP addresses don't get assigned to the connection.
The connection happens successfully in an eyeblink with the Mavericks client. Same username/password/shared secret in both instances.
Tried a generated .vpnconfig from the server, this also did not work.
It's possible that it is an auth problem, but can't figure out how the process occurs or what may be going wrong. There does not seem to be an obvious way to increase the granularity of the logging such that it might give other hints - at least that I can find. I found plenty of references to VPN issues when people upgraded from Mountain Lion to Mavericks as well as work arounds for this. I tried the most promising looking of those - no love. I reverted everything back to stock install since I could at least connect with Mavericks.
If log entries would be helpful, they are included below. I've stared at them long enough - perhaps a new set of eyes can provide a hint.
In addition, I can find no documentation regarding the VPN service in Yosemite server so as to get a clue as to whether there have been changes in racoon since Mavericks.
Thanks in advance for any suggestions. I would be glad to supply any other info needed for an accurate diagnosis .
Pat
==
Regarding the Yosemite client connection in the Yosemite server VPN Service log:
2014-10-21 12:18:30 MDT
Incoming call... Address given to client = 192.168.1.228
Tue Oct 21 12:18:30 2014 : Directory Services Authentication plugin initialized
Tue Oct 21 12:18:30 2014 : Directory Services Authorization plugin initialized
Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:18:30 2014 : L2TP incoming call in progress from 'my.dotted.quad.address'...
Tue Oct 21 12:18:30 2014 : L2TP received SCCRQ
Tue Oct 21 12:18:30 2014 : L2TP sent SCCRP
Tue Oct 21 12:18:30 2014 : L2TP received SCCCN
Tue Oct 21 12:18:30 2014 : L2TP received ICRQ
Tue Oct 21 12:18:30 2014 : L2TP sent ICRP
Tue Oct 21 12:18:30 2014 : L2TP received ICCN
Tue Oct 21 12:18:30 2014 : L2TP connection established.
Tue Oct 21 12:18:30 2014 : using link 0
Tue Oct 21 12:18:30 2014 : Using interface ppp0
Tue Oct 21 12:18:30 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 12:18:30 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:33 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:36 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:39 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:42 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:45 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:48 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:51 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:54 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:18:57 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
Tue Oct 21 12:19:00 2014 : LCP: timeout sending Config-Requests
Tue Oct 21 12:19:00 2014 : Connection terminated.
Tue Oct 21 12:19:00 2014 : L2TP disconnecting...
Tue Oct 21 12:19:00 2014 : L2TP sent CDN
Tue Oct 21 12:19:00 2014 : L2TP sent StopCCN
Tue Oct 21 12:19:00 2014 : L2TP disconnected
2014-10-21 12:19:00 MDT
--> Client with address = 192.168.1.228 has hungup
==
Client side log for this connection using the Yosemite client:
Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 14:32:08 2014 : L2TP connecting to server 'myserver.com' (my.dotted.quad.address)...
Tue Oct 21 14:32:08 2014 : IPSec connection started
Tue Oct 21 14:32:09 2014 : IPSec connection established
Tue Oct 21 14:32:10 2014 : L2TP connection established.
Tue Oct 21 14:32:10 2014 : L2TP set port-mapping for en0, interface: 4, protocol: 0, privatePort: 0
Tue Oct 21 14:32:10 2014 : Using interface ppp0
Tue Oct 21 14:32:10 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
Tue Oct 21 14:32:25 2014 : write: No route to host
Tue Oct 21 14:32:25 2014 : write: Host is down
Tue Oct 21 14:32:28 2014 : write: Host is down
Tue Oct 21 14:32:28 2014 : write: Host is down
Tue Oct 21 14:32:31 2014 : write: Host is down
Tue Oct 21 14:32:31 2014 : write: Host is down
Tue Oct 21 14:32:34 2014 : write: Host is down
Tue Oct 21 14:32:34 2014 : write: Host is down
Tue Oct 21 14:32:37 2014 : write: Host is down
Tue Oct 21 14:32:37 2014 : write: Host is down
Tue Oct 21 14:32:40 2014 : LCP: timeout sending Config-Requests
Tue Oct 21 14:32:40 2014 : Connection terminated.
Tue Oct 21 14:32:40 2014 : L2TP disconnecting...
Tue Oct 21 14:32:40 2014 : L2TP error sending CDN (Host is down)
Tue Oct 21 14:32:40 2014 : L2TP clearing port-mapping for en0
Tue Oct 21 14:32:40 2014 : L2TP disconnected
==
Pertinent client side log for connection of Mavericks client to Yosemite server:
Tue Oct 21 13:29:13 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
Tue Oct 21 13:29:21 2014 : local IP address 192.168.1.229
Tue Oct 21 13:29:21 2014 : remote IP address 192.168.1.2
Tue Oct 21 13:29:21 2014 : primary DNS address 192.168.1.2
Tue Oct 21 13:29:21 2014 : secondary DNS address 8.8.8.8
Tue Oct 21 13:29:21 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 10.0.1.38), current interface setting (name: ppp0, family: PPP, address: 192.168.1.229, subnet: 255.255.255.0, destination: 192.168.1.2).
Tue Oct 21 13:29:21 2014 : Committed PPP store
Tue Oct 21 13:29:21 2014 : Committed PPP store
Tue Oct 21 13:52:32 2014 : [DISCONNECT]
Tue Oct 21 13:52:32 2014 : Hangup (SIGHUP)
Tue Oct 21 13:52:32 2014 : Connection terminated.
Tue Oct 21 13:52:32 2014 : Connect time 23.4 minutes.
Tue Oct 21 13:52:32 2014 : Sent 2674664 bytes, received 10680854 bytes.
Tue Oct 21 13:52:32 2014 : L2TP disconnecting...
Tue Oct 21 13:52:32 2014 : L2TP clearing port-mapping for en0
Tue Oct 21 13:52:32 2014 : L2TP disconnected
==
Regarding the Mavericks client connection in the Yosemite server VPN Service log:
2014-10-21 12:09:48 MDT Incoming call... Address given to client = 192.168.1.226
Tue Oct 21 12:09:48 2014 : Directory Services Authentication plugin initialized
Tue Oct 21 12:09:48 2014 : Directory Services Authorization plugin initialized
Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
Tue Oct 21 12:09:48 2014 : L2TP incoming call in progress from ‘my.dotted.quad.address’…
Tue Oct 21 12:09:48 2014 : L2TP received SCCRQ
Tue Oct 21 12:09:48 2014 : L2TP sent SCCRP
Tue Oct 21 12:09:48 2014 : L2TP received SCCCN
Tue Oct 21 12:09:48 2014 : L2TP received ICRQ
Tue Oct 21 12:09:48 2014 : L2TP sent ICRP
Tue Oct 21 12:09:49 2014 : L2TP received ICCN
Tue Oct 21 12:09:49 2014 : L2TP connection established.
Tue Oct 21 12:09:49 2014 : using link 0
Tue Oct 21 12:09:49 2014 : Using interface ppp0
Tue Oct 21 12:09:49 2014 : Connect: ppp0 <--> socket[34:18]
Tue Oct 21 12:09:49 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : lcp_reqci: returning CONFACK.
Tue Oct 21 12:09:49 2014 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
Tue Oct 21 12:09:49 2014 : sent [LCP EchoReq id=0x0 magic=0x4bc40d9f]
Tue Oct 21 12:09:49 2014 : sent [CHAP Challenge id=0x73 <074a110a5e0620296b1937345c34090e>, name = “myserver.private”]
Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoReq id=0x0 magic=0x71598937]
Tue Oct 21 12:09:49 2014 : sent [LCP EchoRep id=0x0 magic=0x4bc40d9f]
Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoRep id=0x0 magic=0x71598937]
Tue Oct 21 12:09:49 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
Tue Oct 21 12:09:54 2014 : CHAP peer authentication succeeded for somelocaluser
Tue Oct 21 12:09:54 2014 : DSAccessControl plugin: User 'somelocaluser' authorized for access
Tue Oct 21 12:09:54 2014 : sent [IPCP ConfReq id=0x1 <addr 192.168.1.2>]
Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfReq id=0x1]
Tue Oct 21 12:09:54 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-NAK
Tue Oct 21 12:09:54 2014 : sent [IPCP ConfNak id=0x1 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
Tue Oct 21 12:09:54 2014 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::021c:42ff:febf:bf66>]
Tue Oct 21 12:09:54 2014 : Unsupported protocol 0x8057 received
Tue Oct 21 12:09:54 2014 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 1c 42 ff fe bf bf 66]
Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x1 <route vers 16777216> <domain vers 16777216>]
Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfRej id=0x1 <route vers 16777216>]
Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfAck id=0x1 <addr 192.168.1.2>]
Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfAck id=0x1]
Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-ACK
Tue Oct 21 12:09:54 2014 : sent [IPCP ConfAck id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
Tue Oct 21 12:09:54 2014 : ipcp: up
Tue Oct 21 12:09:54 2014 : found interface en0 for proxy arp
Tue Oct 21 12:09:54 2014 : local IP address 192.168.1.2
Tue Oct 21 12:09:54 2014 : remote IP address 192.168.1.226
Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
Tue Oct 21 12:09:54 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.1.2), current interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x2 <domain vers 16777216>]
Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfAck id=0x2 <domain vers 16777216>]
Tue Oct 21 12:09:54 2014 : Received protocol dictionaries
Tue Oct 21 12:09:54 2014 : Committed PPP store
Tue Oct 21 12:09:54 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:09:54 2014 : rcvd [IP data <src addr 192.168.1.226> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Tue Oct 21 12:09:54 2014 : sent [IP data <src addr 192.168.1.2> <dst addr 192.168.1.226> <BOOTP Reply> <type ACK> <server id 0xc0a80102> <domain name "local">]
Tue Oct 21 12:09:57 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:00 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:03 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:06 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:09 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name private>
<domain: name local>]
Tue Oct 21 12:10:09 2014 : rcvd [LCP TermReq id=0x2 "User request"]
Tue Oct 21 12:10:09 2014 : LCP terminated by peer (User request)
Tue Oct 21 12:10:09 2014 : ipcp: down
Tue Oct 21 12:10:09 2014 : sent [LCP TermAck id=0x2]
Tue Oct 21 12:10:09 2014 : l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.1.2), deleted interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
Tue Oct 21 12:10:09 2014 : L2TP received CDN
Tue Oct 21 12:10:09 2014 : Connection terminated.
Tue Oct 21 12:10:09 2014 : Connect time 0.4 minutes.
Tue Oct 21 12:10:09 2014 : Sent 1003 bytes, received 646 bytes.
Tue Oct 21 12:10:09 2014 : L2TP disconnecting...
Tue Oct 21 12:10:09 2014 : L2TP disconnected
2014-10-21 12:10:09 MDT --> Client with address = 192.168.1.226 has hungup1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */ /;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:|suhel| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,Ex}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed. -
Does ASA Service Module on 6509-E support Remote Access VPN ?
I'm having a problem configuring Remote Access VPN (SSL, Anyconnect ect.) on ASA Service Module on 6509-E. Is this even supported or am i wasting my time trying to make something work which will not work in a first place :) ? Site-to-Site works without any problems.
Tech Info:
6509-E running SUP 2T 15.1(2)SY
ASA Module - WS-SVC-ASA-SM1 running image - asa912-smp-k8 & asdm-712
Licenses on ASA:
Encryption-DES - Enabled
Encryption-3DES-AES -Enabled
Thanks in Advance for support.Are you running multiple context mode?
If you are, remote access VPN is not supported in that case:
"Note Multiple context mode only applies to IKEv2 and IKEv1 site to site and does not apply to AnyConnect, clientless SSL VPN, the legacy Cisco VPN client, the Apple native VPN client, the Microsoft native VPN client, or cTCP for IKEv1 IPsec."
Reference. -
Function module for Create service order with reference to sales doc (RAS )
Hi All,
I have to create a service order (type SM03) with reference to sales document (doc type RAS, in other way it is called as repair order).
I have used function module 'ALM_ME_ORDER_CREATE' && 'CO_ZV_ORDER_POST' to create service order and its working fine but problem is that i am not able to create linking between repair order and service order.
Can anyone suggest me function module, BAPI to create service order with reference as sales document (RAS) so that all related details of sales document will automatically reflect to service order..
SumitTry this function module BAPI_ORDER_MAINTAIN. Just search with BAPI_ORDER* in SE37 you will get some more functions.
Regards
Kathirvel -
Service Module is trying to recover from error - Please help
HI Guys
I am currently installing a NM-AIR -WLC 6 wireless module in a 2811 and its giving me the follwing errors below and status
I have checked the troubleshooting pdf and says might be possible hardware error ,but before i go down that road would like to know if any of the engineers have solved this problem
Info about router and module is as follows
Router#service-module wlan-controller 1/0 status
Service Module is Cisco wlan-controller1/0
Service Module supports session via TTY line 66
Service Module is trying to recover from error
Service Module status is not available
Router#
Trying to reset Service Module wlan-controller1/0
*Mar 28 21:49:06.379: %LINEPROTO-5-UPDOWN: Line protocol on Interface wlan-controller1/0, changed state to down
*Mar 28 21:49:26.379: %LINEPROTO-5-UPDOWN: Line protocol on Interface wlan-controller1/0, changed state to up
Router#
Router#service-module wlan-controller 1/0 status
Service Module is Cisco wlan-controller1/0
Service Module supports session via TTY line 66
Service Module is trying to recover from reset/shutdown
Service Module status is not available
sh version
Router#sh ver
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T17, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 24-Jan-12 07:41 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)
Router uptime is 28 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-advipservicesk9-mz.124-15.T17.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory.
Processor board ID FCZ0932701R
2 FastEthernet interfaces
1 Serial(sync/async) interface
1 terminal line
1 Virtual Private Network (VPN) Module
1 cisco Wireless LAN Controller(s)
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Router#HI Guys
And it gets worse I am now getting the following error
Router#service-module wlan-controller 1/0 status
Service Module is Cisco wlan-controller1/0
Service Module supports session via TTY line 66
Service Module is failed
Service Module status is not available
regards Thags Govender -
APEX Listener 2.0 - RESTful Services Failure with 404 - Not Found
Versions used:
* APEX Listener 2.0.0.354.17.05
* Application Express 4.2.1.00.08
* Oracle Database 11.2.0.1
When testing the sample RESTful Service Module oracle.example.hr I always get 404 - Not Found page.
I followed the documentation to install and configure APEX 4.2 and the Listener 2.0. Everything in my APEX installation works fine except RESTful Services.
For example, when calling this RESTful Service:
http://company.com:45678/apex/DEV/xxuapex/hr/empinfo/
I get a 404 page.
The corresponding entry in url-mapping.xml is:
<pool base-path="/DEV" name="od01" workspace-id="xxuapex"/>
where xxuapex is the name of the schema as well as the workspace where the RESTful Service is installed.
Moreover, the corresponding od01.xml, od01_rt.xml and od01_al.xml in the conf directory seem correct.
Any help is greatly appreciated.
Thanks.
Eddie Awad.Hi Eddie,
+> try the other option base-url of the url-mapping+
I did. No change. Still getting 404.When active it should transform the 404 page into a detailed 404 with a description of what the error is. Just to be sure, this is activated in the defaults.xml file of the APEX Listener as: *<entry key="log.logging">true</entry>*.
You should then see a detailed 404 output in your browser of what's going wrong first of all.
+> Could you post your url-mapping.xml file?+
<?xml version="1.0" encoding="UTF-8"?>
<pool-config xmlns="http://xmlns.oracle.com/apex/pool-config">
<pool base-path="/DEV" name="od01" workspace-id="xxuapex"/>
<pool base-path="/TEST" name="ot01" workspace-id="xxuapex"/>
</pool-config>
Despite using the url mapping script, it didn't map mine correctly and had to edit it manually. It was the use of "apex" that got it to work for me:
*<pool base-path="/" name="apex" workspace-id="workspace-name-here" updated="2013-01-09T20:48:59.75Z"/>*
Nick. -
Setting up IPsec VPNs to use with Cisco Anyconnect
So I've been having trouble setting up vpns on our ASA 5510. I would like to use IPsec VPNs so that we don't have to worry about licensing issues, but from what I've read you can do this with and still use Cisco Anyconnect. My knowledge on how to set up VPNs especially in iOS verion 8.4 is limited so I've been using a combination of command line and ASDM.
I'm finally able to connect from a remote location but once I connect, nothing else works. From what I've read, you can use IPsec for client-to-lan connections. I've been using a preshared key for this. Documentation is limited on what should happen after you connect? Shouldn't I be able to access computers that are local to the vpn connection? I'm trying to set this up from work. If I VPN from home, shouldn't I be able to access all resources at work? I think because I've used the command line as well as ASDM I've confused some of the configuration. Plus I think some of the default policies are confusing me too. So I probably need a lot of help. Below is my current configuration with IP address altered and stuff that is completely non-related to vpns removed.
NOTE: We are still testing this ASA and it isn't in production.
Any help you can give me is much appreciated.
ASA Version 8.4(2)
hostname ASA
domain-name domain.com
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address 50.1.1.225 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
no nameif
security-level 100
ip address 192.168.1.1 255.255.255.0
boot system disk0:/asa842-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
same-security-traffic permit intra-interface
object network NETWORK_OBJ_192.168.0.224_27
subnet 192.168.0.224 255.255.255.224
object-group service VPN
service-object esp
service-object tcp destination eq ssh
service-object tcp destination eq https
service-object udp destination eq 443
service-object udp destination eq isakmp
access-list ips extended permit ip any any
ip local pool VPNPool 192.168.0.225-192.168.0.250 mask 255.255.255.0
no failover
failover timeout -1
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.224_27 NETWORK_OBJ_192.168.0.224_27 no-proxy-arp route-lookup
object network LAN
nat (inside,outside) dynamic interface
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 50.1.1.250 1
sysopt noproxyarp inside
sysopt noproxyarp outside
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ASA
crl configure
crypto ca server
shutdown
crypto ca certificate chain ASDM_TrustPoint0
certificate d2c18c4e
308201f3 3082015c a0030201 020204d2 c18c4e30 0d06092a 864886f7 0d010105
0500303e 3110300e 06035504 03130741 53413535 3130312a 30280609 2a864886
f70d0109 02161b41 53413535 31302e64 69676974 616c6578 7472656d 65732e63
6f6d301e 170d3131 31303036 31393133 31365a17 0d323131 30303331 39313331
365a303e 3110300e 06035504 03130741 53413535 3130312a 30280609 2a864886
f70d0109 02161b41 53413535 31302e64 69676974 616c6578 7472656d 65732e63
6f6d3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100b2
8acbe1f4 5aa19dc5 d3379bf0 f0e1177d 79b2b7cf cc6b4623 d1d97d4c 53c9643b
37f32caf b13b5205 d24457f2 b5d674cb 399f86d0 e6c3335f 031d54f4 d6ca246c
234b32b2 b3ad2bf6 e3f824c0 95bada06 f5173ad2 329c28f8 20daaccf 04c51782
3ca319d0 d5d415ca 36a9eaff f9a7cf9c f7d5e6cc 5f7a3412 98e71de8 37150f02
03010001 300d0609 2a864886 f70d0101 05050003 8181009d d2d4228d 381112a1
cfd05ec1 0f51a828 0748172e 3ff7b480 26c197f5 fd07dd49 01cd9db6 9152c4dc
18d0f452 50f5d0f5 4a8279c4 4c1505f9 f5e691cc 59173dd1 7b86de4f 4e804ac6
beb342d1 f2db1d1f 878bb086 981536cf f4094dbf 36c5371f e1a0db0a 75685bef
af72e31f a1c4a892 d0acc618 888b53d1 9b888669 70e398
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 10
console timeout 0
management-access inside
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
anyconnect profiles VPN disk0:/devpn.xml
anyconnect enable
tunnel-group-list enable
group-policy VPN internal
group-policy VPN attributes
wins-server value 50.1.1.17 50.1.1.18
dns-server value 50.1.1.17 50.1.1.18
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
default-domain value digitalextremes.com
webvpn
anyconnect profiles value VPN type user
always-on-vpn profile-setting
username administrator password xxxxxxxxx encrypted privilege 15
username VPN1 password xxxxxxxxx encrypted
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
address-pool (inside) VPNPool
address-pool VPNPool
authorization-server-group LOCAL
default-group-policy VPN
tunnel-group VPN webvpn-attributes
group-alias VPN enable
tunnel-group VPN ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
class-map ips
match access-list ips
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
class ips
ips inline fail-open
class class-default
user-statistics accountingHi Marvin, thanks for the quick reply.
It appears that we don't have Anyconnect Essentials.
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5510 Security Plus license.
So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license? -
I have what I believe to be a unique need;
I have a MacPro (1,1) running Lion with Server app.
I require that this particular machine be connected as a client to a VPN server, while at the same time acting as a VPN server for my network.
The PPTP connection configuration is such that "Send all traffic over VPN connection" is checked.
If PPTP client is NOT connected, I can connect to Lion as VPN server. As soon as I make the connection from Lion as a client, I can no longer
connect to Lion VPN server.
I understand this is because I am forcing all traffic out the virtual interface (tun0) and eth0 is no longer listening on the local network.
1. Is it possible to bind the VPN client (on Lion Server) to a particular interface? If I could tell the PPTP client to only use eth1 as the interface of choice, my assumption would be that eth0 would then be free to accept incoming connections.
2. Is it possible to bind the VPN service (on Lion Server) to a particular interface? if I could tell the vpn serviec to only listen on eth1, and in turn tell the PPTP client to NOT communicate on eth1 but only eth0 then perhaps I could separate the communications?
In my head, it seems as though both of the above options would be required in order to use Lion as both a VPN server and VPN client
Any and all help appreciated.This is a standard facet of most VPNs - the problem lies in your NAT router since both clients appear to come from the same IP address as far as the VPN server is concerned, and the router can't separate out the traffic.
There are a couple of solutions.
First, the built-in VPN server supports L2TP and PPTP protocols. You should be able to connect one system under each protocol, so that gets your two machines connected.
Second, you can replace your NAT router with one that supports multiple VPN clients (often termed 'VPN passthrough').
Third, setup a site-to-site tunnel so that your entire LAN is connected to the VPN (this saves you from having to run a separate VPN client on each machine, but is typically only worth it when you have more machines). -
Lion 10.7.2 VPN service not working
Hi,
I have a clean installation of 10.7.2 on a Mac Pro which is not able to provide VPN service. Here's what is configured:
*OD Master - users and groups in place
*firewall active with allow rules for all necessary VPN ports (500, 1701, 4500)
*port forwarding on router to server IP address of 500, 1701 and 4500
*pre-shared key in place
*VPN server turned on
I spent over an hour on the phone with Apple Enterprise Support and they finally conceded "the engineers have informed us that there is a bug with the VPN service and that it is being looked at currently. It will hopefully be addressed in the pending OS update."
Steps to reproduce:
1. client is configured with approprate IP address, username, password and PSK
2. client attempts to connect
3. server's VPN log which should be in /var/log/ppp/vpnd.log is not populating with any new data, but the top-level "all messages" in console is showing a slew of information. Here is what is displaying:
12/4/11 8:42:41.340 PM racoon Connecting.
12/4/11 8:42:41.340 PM racoon IPSec Phase1 started (Initiated by peer).
12/4/11 8:42:41.340 PM racoon IKE Packet: receive success. (Responder, Main-Mode message 1).
12/4/11 8:42:41.341 PM racoon IKE Packet: transmit success. (Responder, Main-Mode message 2).
12/4/11 8:42:41.400 PM racoon IKE Packet: receive success. (Responder, Main-Mode message 3).
12/4/11 8:42:41.423 PM racoon IKE Packet: transmit success. (Responder, Main-Mode message 4).
12/4/11 8:42:44.297 PM racoon IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:42:47.300 PM racoon IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:42:50.303 PM racoon IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:43:02.316 PM racoon IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:43:17.332 PM racoon IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:43:35.350 PM racoon IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:43:56.373 PM racoon IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:44:20.399 PM racoon IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:44:47.428 PM racoon IKE Packet: transmit success. (Phase1 Retransmit).
All that is displaying in the /var/log/ppp/vpnd.log is:
2011-12-04 19:39:29 EST Loading plugin /System/Library/Extensions/L2TP.ppp
2011-12-04 19:39:29 EST Listening for connections...
2011-12-04 19:49:36 EST terminating on signal 15
#End-Date: 2011-12-04 19:49:36 EST
#Start-Date: 2011-12-04 19:49:38 EST
#Fields: date time s-comment
2011-12-04 19:49:38 EST Loading plugin /System/Library/Extensions/L2TP.ppp
2011-12-04 19:49:38 EST Listening for connections...
2011-12-04 20:04:13 EST terminating on signal 15
#End-Date: 2011-12-04 20:04:13 EST
#Start-Date: 2011-12-04 20:04:30 EST
#Fields: date time s-comment
2011-12-04 20:04:30 EST Loading plugin /System/Library/Extensions/L2TP.ppp
2011-12-04 20:04:30 EST Listening for connections...
I am hoping that this comes down to a bad port forwarding issue. Does anything seen in the above logs indicate that to you?
What would my next step be for trying to repair the VPN service? I want to avoid a reinstall if possible.
Thanks
PeteOk, so, the best FIRST test is to try from the local lan, same lan as the Lion server. L2TP works fine for me, PPTP definitely has a bug. You can configure the VPN connection in your network system preferences on the client machine. Just put in your local server IP.
The idea here is to first make sure VPN works on the LAN (which is useless of course but great for troubleshooting), once it does, THEN you can go to the next step and troubleshoot the remote connection.
Maybe you are looking for
-
PLEASE HELP Me Choose the Perfect dv7t Quad Specs
am customizing an HP Pavilion dv7t quad edition notebook PC. I have a few choices to make. Money is not really a problem, but I don't really want to spend an extra $150 if the difference for the price is utterly minimal. I would really appreciate you
-
Random slow down wifi connection on yosemite.
Hi, I recently bought a MacBook Pro Retina Mid 2014, since it came with Maveriks pre-installed, I updated it to Yosemite right away. When I run a Speed test (Yosemite 10.10.1), it allways happends this to me: This down marked by the red arrow, is wh
-
I have two older macs running Mountain Lion that have been upgraded over the years from Leopard. They have continued to be able to print to a Canon IP5000 and use a driver that is fully functional. On the new MacBook Pro, the printer is found, but no
-
Iphone does not appear in itunes when connected to XP computer
I have the latest version of itunes and iphone software. When I connect my iphone 3GS through a USB to my computer (windows XP), the computer recognises the device as a hard drive in "my computer" and I can import photos. However Itunes when opened u
-
Hi, I am using DI server to create service calls. The cardcode = M&B. When i try to assign to tags ,<Cstmrcode>M&B</Cstmrcode> it gives an error. So i replaced "&" with '&". This time im getting an error that says "No matching record found". Any solu