VPN users - mac server

Hello to all!
First of all I must tell you that I am new to Osx server administration. Well, i tried to enable vpn service for the users of my network. So, i enableb the service, using PPTP. I also assigned vpn access to the users that I want and I try to access, but with no luck. The problem is that "user authentication failed" (I put the right credentials so this is not the problem).
So next, I tried another app to make the vpn, work. The app is called easyVPN. There, I created 5 users and tried to access, and I was connected. Then I closed easyVPN and enabled the VPN service of OSX server, and I accessed with the credentials that I had put inside easyVPN.
But I dont want this. I want the local users that acces vpn service to be configured through the server configurator. Could you please help me?
Thank you in advance.

This is absolutely expected. The VPN protocol doesn't account for multiple VPN connections from the same IP address.
Some NAT routers deal with it better than others (somehow they manage to keep track of the connections and allow multiple users to connect) but many don't. It isn't easy to predict whether any particular router supports this or not.
The best solution to your problem is to implement a site-to-site VPN - that way everyone on the remote network shares a single VPN connection managed by the router and you don't have multiple VPN connections coming from the same IP.

Similar Messages

Can not establish L2TP connection to Mac Server via VPN

Hi,
I am asking for some help on this VPN Problem:
since yesterday I have a new Mac mini Server running OS X 10.9.3 and Server Software 3.1.2 - my goal is to reach some deivces in my home network from outside, mainly with the iPhone or iPad.
Dyn.org
I registered with Dyn.com a hostname using my outside IP Address. Server Type: Host with IP Address and used the IP Address presented to me in the stup wizard. This one is shown as active and when I ping or Lookup the Host Name it is responding - so I think I am fine here.
Mac Mini Server
Next I have setup a user on the server who can use VPN. Next I have setup the VPN service with L2TP, using the Host name von dyn.org, a nice shared secret, IP range 10.0.1.190 to 10.0.1.199, DNS 10.0.1.1, no routs.
I exported this as config file to my iPhone.
The VPN Protocol in the Server says, it is listening for connections.
When I turn on VPN on the iPhone it replies always L2TP-VPN-Server has not answered.
AirPort Extreme
The AirPort Extreme is configured by the Server with Ports 500, 1701, 4500 and the Mac Server 10.0.1.26 as Privat IP Address.
The Internet Tab shows Router and DNS as 192.168.211.1 and IPv4 Address as 192.168.211.109
I actually do not understand why I have a 192.168.xxx.xxx DNS and router entry while I have the Privat Network on 10.0.1.xxx
The Protocol for VPN just says nothing at all, besides that it is listening. I guess something is blocking the connection to the server.
By looking at my above configutation - what am I doing wrong? Why do I get this L2TP-VPN-Server error message? I changed the password for the user to be sure I am not miss spelling it. Did not help.
Any idea?
Thank you for your support!
Regards
Klaus-Martin

According to your IP addresses you listed, you might have two devices that are trying to create a NATed network (one in the 10.0.0.0/8 and 192.168.0.0/16 networks). Can you list what devices you have between your server and the Internet?
I'm going to take a guess that you have a router/modem prodived by your ISP, and this is going to give you a 192.168.211.0/24 network (since it set up as a router to provide its own network). You then plugged an Airport into this router and configured it to set up its own wireless network on its own subnet (10.0.1.0/24). The server is on this network, sees the Airport (and lets you configure it). So while your hostname points to your external address (which is good), it's just that external address is the WAN side of the modem/router and not the Airport. I think your network is set up like this: Internet --> ISP modem --> Airport --> Server. If this is the case, you need to set up the ISP modem/router to port forward L2TP ports to your Airport (which in turn, port forward to your server). Or you could set your ISP modem/router into bridge mode and have the Airport dial the connection to the ISP (more complicated).
Have you tried VPN from the local network, say put the phone on wifi and make sure that works? This would be a quick test to make sure the phone and server are set up properly.
Also, have you tried port scanning your host from a computer outside your network, like from an iPhone on celluar? That would help you determine if you have routing configured properly for the L2TP VPN ports.

Need help with network user accounts on Mac server App on Yosemite, any tips?

I've been trying to set up a small network with the Server app on Yosemite. I don't want to do anything crazy with the server, I'd just like to know how I can set up network user accounts so that they can login from other Mac computers on the same network. I already have Open directory set up, the Macs that will be used on the network with the server have already been joined to the server under login options. I have created the network user account, I have also joined the user account to a group that I created. When I try to login to the network account from one of the Macs, it doesn't work. I'm pretty rookie with Mac server, can anyway give me any pointers of what I should be doing? Or if I am doing something wrong. Thanks guys.

The most important step, once you've got Open Directory and DNS set up, with Local Network Users set up in Server.app, is to make sure that all client Macs are using the server's IP address as the primary DNS server in System Preferences > Network, and that they have joined the Network server in System Preferences > Users and Groups > Login Options.
Having said all that, I have just spent hours setting this all up only to find out that Mail doesn't currently work with Network Homes in 10.10.3 / Server.app 4.1.
I will be hoping that Apple recognise the bug, and put out a fix soon.

Setting disk quota on Mac server for Active Directory users

I'm having trouble setting disk quotas for Active Directory users with home folders on our Mac server.
I've enabled disk quotas on the disk I'm putting home folders on, and I can set disk quotas for local users on the server just fine. But it doesn't seem to work for Active Directory users. I've tried setting disk quotas via Workgroup Manager and via the command line using edquota. But when I use the repquota command there is no quota entry for the AD user. I've run quotacheck and that didn't help either.
I also understand there's a setquota command but there's no man page on how that works.
Has anyone got disk quota for AD users working.
Better still has someone got a shell or perl script for setting quotas they could post.
Thanks
- Cameron

sorry.. I am soooooo stupid... I have to activate "File Sharing" as well.. for the user everything was already pre-activated, not for the AD users, I just saw the Time Machine checkbox grayed out ...

Mac user prompted for password for Mac server shares at every login

I have a client that uses Mac machines. The server is also Mac server.
The machines are not in a domain/realm, so each machine has its own user database including the server.
The user connects to a share on the server, where she is set up with the same user name and password as on her local Mac for convenience.
When you connect to the share the first time, you are prompted to provide the credentials, and you can select to save this password in Keychain. We selected YES, remember this password in my Keychain.
However, at every login, she has to provide credentials to connect to the share again.
Any ideas why keychain is not remembering this login so that she can re-connect to the share (it is set as a Login Item) seamlessly?
Thank you,
Sandra

Unix shortnames can be viewed/set on the client computers by opening system preferences, going to users & groups, Right-Clicking on a user, and opening the "Advanced Options..." pane. In the field that says "Account Name:" is the UNIX shortname that the system assigned o that user when their account was originally created.
DO NOT CHANGE THE USER'S SHORTNAME HERE. All kinds of bad things will happen. Once it is established (as your original post suggests), you don't want to change it.
What you can do is on your server, in the users & groups sharing preferences, establish server accounts for your users that have identical shortnames to the ones they already have assigned on their individual macs.

User accounts disappeared from Mac Server

My company uses a Mac Server OS X v10.7.5 which we store all our files on and staff connect to it using a mapped drive (B:). This afternoon we stopped being able to connect, we rebooted the server like we normally do, however, when it came back online all of the user accounts have disappeared leaving only our admin account!
All of our files and folders are still there, it's just the user accounts used for accessing these folders that seem to have disappeared.
Coincidently, the + sign under the Users section is greyed out in server.app so I'm having to use Workgroup Manager to add new users. I've tried doing this for myself and given my user account access to the folders that I need however, when I try to map the B: it doesn't recognise my server credentials any more.
Basically, at the moment, no one can access any files or folders so I'm really hoping that someone has an answer on how to either restore the missing user accounts (if that's possible) or how to set up the user accounts so that we can access the files again.
Thanks in advance for any help.

From what I found out it was to do with corrupted Open Directory file, if you've previously archived the Open Directory (through Server Admin) you can restore a previous version or, as we had to do, copied all the server files to an external hard drive and restore from Time Machine, we did it for a point a week ago when it was working and all the user profiles came back.
If you don't already know how to do that, restart the server but hold down the cmd and R (command key and R key) at the same time until it gives you a screen with a list of restore options, select Restore from Time Machine Backup and select a date from a few days ago or whenever you knew it was working fine, depending on the size of the files on your server it can take a couple of hours to do this. Then copy the files from the hard drive back on to the server so youy have the latest versions again.
After it had done this all the user profiles were restored with passwords and groups etc..., if you do remove and restore the files then you may need to re-do any file access permissions but other than that it should be back to how it was before.
Hope this helps and I've explained the process ok.

HT200234 Speed up user log in to Mac Server Pro

I have a mac server pro and 31 imacs. When several users log in at the same time, it some take up to 3 minutes to logi n to the server.How can I speed up user login time?

It sounds like your using network home directories. With this setup all the users files are stored on the server, this means when they login a lot of files have to be sent over the network, it is particularly bad if your using Apple Mail which then has to open and check many email messages - each of which is another file to be transferred.
Therefore there are two aspects that affect speed, the first is the network connection speed, you want your server to be on at least a 1Gbps Ethernet connection, if you then have say three computers using it at the same time, and these computers also have 1Gbps Ethernet connections they would actually get an affective 333Mbps speed i.e. a third each. If your server only has a 100Mbps connection then the users would get a third of that i.e. 33Mbps. It is possible to in theory join together multiple 1Gbps links to make a 2 or 4 or even 8Gbps connection this requires a suitable network switch that supports 802.3ad aka. LACP.
As you can probably already see, if you had ten computers connecting to the server at the same time then the speed each effectively sees is even slower.
The other speed constraint is typically the storage being used by the server, if this is hard disks then using a high-end RAID system or even SSD flash memory storage also in a high-end RAID solution would speed things up. In the PC world it is common these days to have one very highly specified server with equally highly specified (and expensive) storage, in the Mac world were we have no 'real' servers any more people have been trying to get away with what is effectively an ordinary desktop computer and as you are finding it is not really up to the job.
Note: With a high-end RAID system you would also need to use an interface other than USB or FireWire both of which in such situations are actually considered 'slow'. We are talking here about FDDI at 8 or even 16Gbps compared to FireWire at 800Mbps.
Sadly there is also some truth to the fact that OS X is far more greedy for network bandwidth than Windows, not only will you see the problem you have, but it is even worse even for a single user when they remotely try and access a file server
The somewhat good news is that once the users are logged in and the initial traffic has subsided then things do generally settle down and feel ok, the problem is the initial hit as everyone starts up, this has been problem in particular for schools with classrooms of computers all starting at the same time.

Steps needed to properly setup L2TP VPN in Mac OS X Server 10.6

I've been spending hours configuring my network and cannot get my L2TP VPN to connect both inside and outside my network. I am guessing I am having an IP conflict as every time I try to make a connection I get an error message of "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your administrator"
In my AEBS I have my beginning DHCP address as 10.0.1.1 and ending at 10.0.1.100. In my VPN config under Server Preferences I am asked for a range of IPs to assign for the VPN where I select 10.0.1.101 and end at 10.0.1.105. Am I doing something wrong? Can somebody list the proper steps to get this going ok?
Thanks again for the great support.

If you enable the extended logging using the following commands you will get all the details you are after in the radius log.
$ sudo radiusconfig -setconfig log_auth yes
$ sudo radiusconfig -setconfig logauthgoodpass yes
$ sudo radiusconfig -setconfig logauthbadpass yes
In the log you will then see entries like this
Auth: Login OK: [002500xxxxxx/password] (from client Airport BaseStation port 0 cli 00-25-00-xx-xx-xx)
where 'Airport BaseStation' will be the name of your access point as defined in the RADIUS server admin section.
Charlie at ewhizz d0t net
ewhizz dot net

Newbie - Can I set up XP users to connect to Mac Server for their login det

Hi
Thanks for reading this. I have set up a Mac Pro as a server and am using it as a file server and also for ftp backup. What I would also like to do is to have the mac pro act as a domain controller for the xp machines. Basically when they turn their machines on in the morning they log on to the mac server and get their details from the mac.
Thanks for any help and happy new year to all Mac folks. Looking forward to the Tablet!
Rich

We likely wouldn't be a good fit for this. You'll likely have to build a custom application (developer doing coding) to support your use case.
Randy

TS2998 mini mac server Mail App keeps freezing for all users.

not an email or password or ISP problem, an issue with the machine.
mini mac server late 2011
moountian lion operating system.
all was ok until about a month ago when this issue develops.
cant investigate because the program freezes, but only on this machine
any ideas?

FWIW I've been struggling with this for a long time across many computers. Almost reliably when I look at my aggregate Inbox I see messages including new messages in my Exchange account's inbox, but when I click on the Exchange Inbox I would see nothing. Then I would have to quit and restart Mail and the box would show up.
Irregularly I would also occasionally get into a situation where all new messages received in the Exchange account would show no content when selected. When this happened in the past I would have to go through a separate webmail interface to read them.
This week I experienced a new wonder where the account was online and appeared to Synchronize OK, but I stopped getting new messages. Reboot, offline/online, disable/enable account: none of these fixed it.
Finally I just found a workaround: by modifying the account to store no messages on the computer, and then restarting mail, it was forced to ask the server for the messages again. Minutes of synching later and I'm back up to speed. I've turned local message storage back on again, because I doubt I can live without it, but it might help solve someone else's problems.

Remote Connecting a PC to a Mac Server

The Mac Server we've purchased for our company has been working great. Our employees can easily access files by remote connecting from home using their Macs.
But we have employees that also use PCs from home and I have been unable to figure out how to get them connected remotely. I've searched the internet and have read the entire Mac OSX Server training book I bought without any luck.
I'd like the share points to show up as network drives, just as they do when connecting locally.
Please help!!
Thanks in advance for looking this over.

I've been struggling with this for weeks. My provider blocks port 139 which is reserved for SMB. VPN won't help because my PC users are outside the server local network...which uses port 139 that is blocked by my provider.
The way I see it, there are two ways for windows users to get access to a Mac OS X Server
1) move all your files to the folder that serves WebDAV (/Library/WebServer/Documents) and let your Windows users connect via WebDAV. This means all of your files have to be in this folder. I find this very cumbersome but probably necessary.
2) remap your port to provide SMB on another port besides 139. Apple Enterprise Support says this is pretty involved and they won't support it unless I go with a higher-priced service plan.
I'm trying to find a third solution such as using another protocol (NTP, AFP for Windows??) that will allow Windows users outside my local network to connect to my server.

How to set up VPN using MAC OSX 10.4.11, Please help I need someone to help me set up VPN using regular DSL connection on my home so someone can help me troubleshoot my XSAN system remotely. THANKS

Hello,
I'm having trouble setting up a VPN using MAC OSX 10.4.11 Server. I have and XSAN system and one of my volumes has been down for quite a while now. There is a very kind MAC IT professional that is willing to help be troubleshoot my system but he needs to be able to access my system remotely. I am able to connect the MDC to DSL but I haven't been able to set up the VPN. Please help, this is an emergency. Thanks!
Marco

have you forwared the ports on your router? Why not let him in via teamviewer? its free and mac compatable

What are the best practices to migrate VPN users for Inter forest mgration?

What are the best practices to migrate VPN users for Inter forest mgration?

It depends on a various factors. There is no "generic" solution or best practice recommendation. Which migration tool are you planning to use?
Quest (QMM) has a VPN migration solution/tool.
ADMT - you can develop your own service based solution if required. I believe it was mentioned in my blog post.
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
Blogs: Blogs
Twitter: Twitter
LinkedIn: LinkedIn
Facebook: Facebook
Microsoft Virtual Academy:
Microsoft Virtual Academy
This posting is provided AS IS with no warranties, and confers no rights.

Windows 7 (Client) map a network drive VPN Snow Leopard Server

Hi,
I have a Mac Mini Snow Leopard Server and are using a VPN service.
My services on the mac os x sls server are: AFP, DNS, Firewall, Open Directory, SMB and VPN.
I can connect the VPN from Mac clients and Windows 7 clients, but I can only map a network drive/share point on Mac´s.
On Windows 7 I get an error: path or name not found ( I am sure using the correct path, same from Mac client that works).
When I am using my internal network LAN I can map a network drive using Windows 7 and Mac but outside over a VPN not (only Mac works).
The only service, at this moment, that I need is File Sharing outside my network LAN using a VPN.
How can I map a network drive from a Windows 7 client using a VPN, is there any Firewall rules / SMB rules / File Sharing rules that I missed on the server side?
Thank You.

I really don't know what are going wrong with my settings. As you said/write it must be an easy setup.
I'm using a Time Capsule and used the Server app to add VPN to the port forwarding also.
When I am connected thru the VPN I tried to ping the Server IP and got no answer from it, from W7 client!?
My Mac's are just working fine with AFP and SMB share points thru the VPN.
I think I have missed some settings from the SMB or Firewall services for VPN with W7 client's or it is a Windows issue.....

L2TP and fixed Framed IP Address for VPN user

Hi,
I have a running L2TP/IPsec VPN setup with authentification against a radius server (freeradius2 witch mysql). I would like to have some of my VPN users get a fixed IP address instead of the dynamically assigned IP Pool.
The radius server is returning the correct parameters, I think.
I hope someone can help me.
It´s a Cisco 892 Integrated Service Router.
Router Config:
=============================================================
Current configuration : 8239 bytes
! Last configuration change at 10:44:26 CEST Fri Mar 30 2012 by root
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
hostname vpngw2
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
logging buffered 51200 warnings
enable secret 5 secret
aaa new-model
aaa authentication login default local group radius
aaa authentication login userauthen local group radius
aaa authentication ppp default group radius local
aaa authorization exec default local
aaa authorization network groupauthor local
aaa accounting delay-start
aaa accounting update newinfo
aaa accounting exec default
action-type start-stop
group radius
aaa accounting network default
action-type start-stop
group radius
aaa accounting resource default
action-type start-stop
group radius
aaa session-id common
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip domain name aspect-online.de
ip name-server 10.28.1.31
ip inspect WAAS flush-timeout 10
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip cef
no ipv6 cef
virtual-profile if-needed
multilink bundle-name authenticated
async-bootp dns-server 10.28.1.31
async-bootp nbns-server 10.28.1.31
vpdn enable
vpdn authen-before-forward
vpdn authorize directed-request
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
license udi pid -K9 sn FCZ
username root password 7 secret
ip ssh source-interface FastEthernet8
ip ssh version 2
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key mykey address 0.0.0.0         no-xauth
crypto ipsec transform-set configl2tp esp-3des esp-sha-hmac
mode transport
crypto dynamic-map config-map-l2tp 10
set nat demux
set transform-set configl2tp
crypto map vpnl2tp 10 ipsec-isakmp dynamic config-map-l2tp
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
interface FastEthernet0
no ip address
spanning-tree portfast
interface FastEthernet1
no ip address
spanning-tree portfast
<snip>
interface FastEthernet7
no ip address
spanning-tree portfast
interface FastEthernet8
ip address 10.28.1.97 255.255.255.0
ip access-group vpn_to_lan out
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface Virtual-Template1
ip unnumbered GigabitEthernet0
ip access-group vpn_to_inet_lan in
ip nat inside
ip virtual-reassembly in
peer default ip address pool l2tpvpnpool
ppp encrypt mppe 128
ppp authentication chap
interface GigabitEthernet0
description WAN Port
ip address x.x.x.39 255.255.255.0
ip access-group from_inet in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map vpnl2tp
interface Vlan1
no ip address
shutdown
ip local pool l2tpvpnpool 192.168.252.3 192.168.252.199
ip local pool remotepool 192.168.252.240 192.168.252.243
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat log translations syslog
ip nat inside source route-map natmap interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.33
ip access-list extended from_inet
<snip>
ip access-list extended nat_clients
permit ip 192.168.252.0 0.0.0.255 any
ip access-list extended vpn_to_inet_lan
<snip>
ip access-list extended vpn_to_lan
<snip>
deny   ip any any log-input
logging trap debugging
logging facility local2
logging 10.28.1.42
no cdp run
route-map natmap permit 10
match ip address nat_clients
radius-server attribute 8 include-in-access-req
radius-server host 10.27.1.228 auth-port 1812 acct-port 1813
radius-server key 7 mykey
radius-server vsa send accounting
radius-server vsa send authentication
control-plane
mgcp profile default
banner login ^C
Hostname: vpngw2
Model: Cisco 892 Integrated Service Router
Description: L2TP/IPsec VPN Gateway with Radius Auth
^C
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
=============================================================
User Config in Radius (tying multiple attributes):
=============================================================
Attribute          | op | Value
Service-Type       | = | Framed-User
Cisco-AVPair       | = | vpdn:ip-addresses=192.168.252.220
Framed-IP-Address | := | 192.168.252.221
Cisco-AVPair       | = | ip:addr-pool=remotepool
=============================================================
Debug Log from freeradius2:
=============================================================
rad_recv: Access-Request packet from host 10.28.1.97 port 1645, id=7, length=100
        Framed-Protocol = PPP
        User-Name = "me1"
        CHAP-Password = 0x01b8b897de00317a75c68ee9ce473cf8b8
        Connect-Info = "100000000"
        NAS-Port-Type = Sync
        NAS-Port = 10007
        NAS-Port-Id = "Uniq-Sess-ID7"
        Service-Type = Framed-User
        NAS-IP-Address = 10.28.1.97
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "me1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql]   expand: %{User-Name} -> me1
[sql] sql_set_user escaped user --> 'me1'
rlm_sql (sql): Reserving sql socket id: 4
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'me1'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'me1'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'me1'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "me1" with CHAP password
[chap] Using clear text password "test" for user me1 authentication.
[chap] chap user me1 authenticated succesfully
++[chap] returns ok
Login OK: [me1/<CHAP-Password>] (from client vpngw2 port 10007)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 7 to 10.28.1.97 port 1645
        Framed-Protocol = PPP
        Framed-Compression = Van-Jacobson-TCP-IP
        Framed-IP-Address := 192.168.252.221
        Cisco-AVPair = "vpdn:ip-addresses=192.168.252.220"
        Service-Type = Framed-User
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.28.1.97 port 1646, id=19, length=213
        Acct-Session-Id = "00000011"
        Tunnel-Type:0 = L2TP
        Tunnel-Medium-Type:0 = IPv4
        Tunnel-Server-Endpoint:0 = "x.x.x.39"
        Tunnel-Client-Endpoint:0 = "x.x.x.34"
        Tunnel-Assignment-Id:0 = "L2TP"
        Tunnel-Client-Auth-Id:0 = "me1"
        Tunnel-Server-Auth-Id:0 = "vpngw2"
        Framed-Protocol = PPP
        Framed-IP-Address = 192.168.252.9
        User-Name = "me1"
        Cisco-AVPair = "connect-progress=LAN Ses Up"
        Acct-Authentic = RADIUS
        Acct-Status-Type = Start
        Connect-Info = "100000000"
        NAS-Port-Type = Sync
        NAS-Port = 10007
        NAS-Port-Id = "Uniq-Sess-ID7"
        Service-Type = Framed-User
        NAS-IP-Address = 10.28.1.97
        Acct-Delay-Time = 0
# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 10007,Client-IP-Address = 10.28.1.97,NAS-IP-Address = 10.28.1.97,Acct-Session-Id = "00000011",User-Name = "me1"'
[acct_unique] Acct-Unique-Session-ID = "1fdd95abea6cfac2".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "me1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 10.28.1.97
[detail]        expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radius/radacct/10.28.1.97/detail-20120330
[detail] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/10.28.1.97/detail-20120330
[detail]        expand: %t -> Fri Mar 30 11:20:07 2012
++[detail] returns ok
++[unix] returns ok
[radutmp]       expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp]       expand: %{User-Name} -> me1
++[radutmp] returns ok
[sql]   expand: %{User-Name} -> me1
[sql] sql_set_user escaped user --> 'me1'
[sql]   expand: %{Acct-Delay-Time} -> 0
[sql]   expand:            INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime, acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> me1
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 19 to 10.28.1.97 port 1646
Finished request 1.
Cleaning up request 1 ID 19 with timestamp +53
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.28.1.97 port 1646, id=20, length=407
        Acct-Session-Id = "00000011"
        Tunnel-Type:0 = L2TP
        Tunnel-Medium-Type:0 = IPv4
        Tunnel-Server-Endpoint:0 = "x.x.x.39"
        Tunnel-Client-Endpoint:0 = "x.x.x.34"
        Tunnel-Assignment-Id:0 = "L2TP"
        Tunnel-Client-Auth-Id:0 = "me1"
        Tunnel-Server-Auth-Id:0 = "vpngw2"
        Framed-Protocol = PPP
        Framed-IP-Address = 192.168.252.9
        Cisco-AVPair = "ppp-disconnect-cause=Received LCP TERMREQ from peer"
        User-Name = "me1"
        Acct-Authentic = RADIUS
        Cisco-AVPair = "connect-progress=LAN Ses Up"
        Cisco-AVPair = "nas-tx-speed=100000000"
        Cisco-AVPair = "nas-rx-speed=100000000"
        Acct-Session-Time = 5
        Acct-Input-Octets = 5980
        Acct-Output-Octets = 120
        Acct-Input-Packets = 47
        Acct-Output-Packets = 11
        Acct-Terminate-Cause = User-Request
        Cisco-AVPair = "disc-cause-ext=PPP Receive Term"
        Acct-Status-Type = Stop
        Connect-Info = "100000000"
        NAS-Port-Type = Sync
        NAS-Port = 10007
        NAS-Port-Id = "Uniq-Sess-ID7"
        Service-Type = Framed-User
        NAS-IP-Address = 10.28.1.97
        Acct-Delay-Time = 0
# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 10007,Client-IP-Address = 10.28.1.97,NAS-IP-Address = 10.28.1.97,Acct-Session-Id = "00000011",User-Name = "me1"'
[acct_unique] Acct-Unique-Session-ID = "1fdd95abea6cfac2".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "me1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 10.28.1.97
[detail]        expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radius/radacct/10.28.1.97/detail-20120330
[detail] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/10.28.1.97/detail-20120330
[detail]        expand: %t -> Fri Mar 30 11:20:12 2012
++[detail] returns ok
++[unix] returns ok
[radutmp]       expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp]       expand: %{User-Name} -> me1
++[radutmp] returns ok
[sql]   expand: %{User-Name} -> me1
[sql] sql_set_user escaped user --> 'me1'
[sql]   expand: %{Acct-Input-Gigawords} ->
[sql]   ... expanding second conditional
[sql]   expand: %{Acct-Input-Octets} -> 5980
[sql]   expand: %{Acct-Output-Gigawords} ->
[sql]   ... expanding second conditional
[sql]   expand: %{Acct-Output-Octets} -> 120
[sql]   expand: %{Acct-Delay-Time} -> 0
[sql]   expand:            UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}' ->            UPDATE radacct SET              acctstoptime       = '2012-03-30 11:20:12',              acctsessiontime    = '5',              acctinputoctets    = '0' << 32 |                                   '5980',              acctoutputoctets   = '0' << 32 |
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> me1
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 20 to 10.28.1.97 port 1646
Finished request 2.
Cleaning up request 2 ID 20 with timestamp +58
Going to the next request
Waking up in 0.1 seconds.
Cleaning up request 0 ID 7 with timestamp +53
Ready to process requests.
=============================================================
Log From Cisco Router:
=============================================================
Mar 30 11:20:07 vpngw2 1217: Mar 30 09:21:51.414: RADIUS/ENCODE(00000015):Orig. component type = VPDN
Mar 30 11:20:07 vpngw2 1218: Mar 30 09:21:51.414: RADIUS: DSL line rate attributes successfully added
Mar 30 11:20:07 vpngw2 1219: Mar 30 09:21:51.414: RADIUS(00000015): Config NAS IP: 0.0.0.0
Mar 30 11:20:07 vpngw2 1220: Mar 30 09:21:51.414: RADIUS(00000015): Config NAS IPv6: ::
Mar 30 11:20:07 vpngw2 1221: Mar 30 09:21:51.414: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
Mar 30 11:20:07 vpngw2 1222: Mar 30 09:21:51.414: RADIUS/ENCODE(00000015): acct_session_id: 17
Mar 30 11:20:07 vpngw2 1223: Mar 30 09:21:51.414: RADIUS(00000015): sending
Mar 30 11:20:07 vpngw2 1224: Mar 30 09:21:51.418: RADIUS/ENCODE: Best Local IP-Address 10.28.1.97 for Radius-Server 10.27.1.228
Mar 30 11:20:07 vpngw2 1225: Mar 30 09:21:51.418: RADIUS(00000015): Send Access-Request to 10.27.1.228:1812 id 1645/7, len 100
Mar 30 11:20:07 vpngw2 1226: Mar 30 09:21:51.418: RADIUS: authenticator DE 5F 2E 3E EF BF 50 F4 - 49 C3 4F BE 1A 66 72 22
Mar 30 11:20:07 vpngw2 1227: Mar 30 09:21:51.418: RADIUS: Framed-Protocol     [7]   6   PPP                       [1]
Mar 30 11:20:07 vpngw2 1228: Mar 30 09:21:51.418: RADIUS: User-Name           [1]   5   "me1"
Mar 30 11:20:07 vpngw2 1229: Mar 30 09:21:51.418: RADIUS: CHAP-Password       [3]   19 *
Mar 30 11:20:07 vpngw2 1230: Mar 30 09:21:51.418: RADIUS: Connect-Info        [77] 11 "100000000"
Mar 30 11:20:07 vpngw2 1231: Mar 30 09:21:51.418: RADIUS: NAS-Port-Type       [61] 6   Sync                      [1]
Mar 30 11:20:07 vpngw2 1232: Mar 30 09:21:51.418: RADIUS: NAS-Port            [5]   6   10007
Mar 30 11:20:07 vpngw2 1233: Mar 30 09:21:51.418: RADIUS: NAS-Port-Id         [87] 15 "Uniq-Sess-ID7"
Mar 30 11:20:07 vpngw2 1234: Mar 30 09:21:51.418: RADIUS: Service-Type        [6]   6   Framed                    [2]
Mar 30 11:20:07 vpngw2 1235: Mar 30 09:21:51.418: RADIUS: NAS-IP-Address      [4]   6   10.28.1.97
Mar 30 11:20:07 vpngw2 1236: Mar 30 09:21:51.418: RADIUS(00000015): Sending a IPv4 Radius Packet
Mar 30 11:20:07 vpngw2 1237: Mar 30 09:21:51.418: RADIUS(00000015): Started 5 sec timeout
Mar 30 11:20:07 vpngw2 1238: Mar 30 09:21:51.422: RADIUS: Received from id 1645/7 10.27.1.228:1812, Access-Accept, len 85
Mar 30 11:20:07 vpngw2 1239: Mar 30 09:21:51.422: RADIUS: authenticator 25 CD 93 D5 78 2C F4 4F - F2 66 2C 45 8D D4 E1 16
Mar 30 11:20:07 vpngw2 1240: Mar 30 09:21:51.422: RADIUS: Framed-Protocol     [7]   6   PPP                       [1]
Mar 30 11:20:07 vpngw2 1241: Mar 30 09:21:51.422: RADIUS: Framed-Compression [13] 6   VJ TCP/IP Header Compressi[1]
Mar 30 11:20:07 vpngw2 1242: Mar 30 09:21:51.422: RADIUS: Framed-IP-Address   [8]   6   192.168.252.221
Mar 30 11:20:07 vpngw2 1243: Mar 30 09:21:51.422: RADIUS: Vendor, Cisco       [26] 41
Mar 30 11:20:07 vpngw2 1244: Mar 30 09:21:51.422: RADIUS:   Cisco AVpair       [1]   35 "vpdn:ip-addresses=192.168.252.220"
Mar 30 11:20:07 vpngw2 1245: Mar 30 09:21:51.422: RADIUS: Service-Type        [6]   6   Framed                    [2]
Mar 30 11:20:07 vpngw2 1246: Mar 30 09:21:51.426: RADIUS(00000015): Received from id 1645/7
Mar 30 11:20:07 vpngw2 1247: Mar 30 09:21:51.438: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
Mar 30 11:20:07 vpngw2 1248: Mar 30 09:21:51.442: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
Mar 30 11:20:07 vpngw2 1249: Mar 30 09:21:51.478: RADIUS/ENCODE(00000015):Orig. component type = VPDN
Mar 30 11:20:07 vpngw2 1250: Mar 30 09:21:51.478: RADIUS(00000015): Config NAS IP: 0.0.0.0
Mar 30 11:20:07 vpngw2 1251: Mar 30 09:21:51.478: RADIUS(00000015): Config NAS IPv6: ::
Mar 30 11:20:07 vpngw2 1252: Mar 30 09:21:51.478: RADIUS(00000015): sending
Mar 30 11:20:07 vpngw2 1253: Mar 30 09:21:51.478: RADIUS/ENCODE: Best Local IP-Address 10.28.1.97 for Radius-Server 10.27.1.228
Mar 30 11:20:07 vpngw2 1254: Mar 30 09:21:51.478: RADIUS(00000015): Send Accounting-Request to 10.27.1.228:1813 id 1646/19, len 213
Mar 30 11:20:07 vpngw2 1255: Mar 30 09:21:51.478: RADIUS: authenticator 1B E0 A3 DF 16 7F F1 8D - E5 7F BD 88 50 01 73 53
Mar 30 11:20:07 vpngw2 1256: Mar 30 09:21:51.478: RADIUS: Acct-Session-Id     [44] 10 "00000011"
Mar 30 11:20:07 vpngw2 1257: Mar 30 09:21:51.478: RADIUS: Tunnel-Type         [64] 6   00:
Mar 30 11:20:07 vpngw2 1258: L2TP                   [3]
Mar 30 11:20:07 vpngw2 1259: Mar 30 09:21:51.478: RADIUS: Tunnel-Medium-Type [65] 6   00:IPv4                   [1]
Mar 30 11:20:07 vpngw2 1260: Mar 30 09:21:51.478: RADIUS: Tunnel-Server-Endpoi[67] 16 "x.x.x.39"
Mar 30 11:20:07 vpngw2 1261: Mar 30 09:21:51.478: RADIUS: Tunnel-Client-Endpoi[66] 16 "x.x.x.34"
Mar 30 11:20:07 vpngw2 1262: Mar 30 09:21:51.478: RADIUS: Tunnel-Assignment-Id[82] 6   "L2TP"
Mar 30 11:20:07 vpngw2 1263: Mar 30 09:21:51.478: RADIUS: Tunnel-Client-Auth-I[90] 5   "me1"
Mar 30 11:20:07 vpngw2 1264: Mar 30 09:21:51.478: RADIUS: Tunnel-Server-Auth-I[91] 8   "vpngw2"
Mar 30 11:20:07 vpngw2 1265: Mar 30 09:21:51.478: RADIUS: Framed-Protocol     [7]   6   PPP                       [1]
Mar 30 11:20:07 vpngw2 1266: Mar 30 09:21:51.478: RADIUS: Framed-IP-Address   [8]   6   192.168.252.9
Mar 30 11:20:07 vpngw2 1267: Mar 30 09:21:51.478: RADIUS: User-Name           [1]   5   "me1"
Mar 30 11:20:07 vpngw2 1268: Mar 30 09:21:51.478: RADIUS: Vendor, Cisco       [26] 35
Mar 30 11:20:07 vpngw2 1269: Mar 30 09:21:51.478: RADIUS:   Cisco AVpair       [1]   29 "connect-progress=LAN Ses Up"
Mar 30 11:20:07 vpngw2 1270: Mar 30 09:21:51.478: RADIUS: Acct-Authentic      [45] 6   RADIUS                    [1]
Mar 30 11:20:07 vpngw2 1271: Mar 30 09:21:51.482: RADIUS: Acct-Status-Type    [40] 6   Start                     [1]
Mar 30 11:20:07 vpngw2 1272: Mar 30 09:21:51.482: RADIUS: Connect-Info        [77] 11 "100000000"
Mar 30 11:20:07 vpngw2 1273: Mar 30 09:21:51.482: RADIUS: NAS-Port-Type       [61] 6   Sync                      [1]
Mar 30 11:20:07 vpngw2 1274: Mar 30 09:21:51.482: RADIUS: NAS-Port            [5]   6   10007
Mar 30 11:20:08 vpngw2 1275: Mar 30 09:21:51.482: RADIUS: NAS-Port-Id         [87] 15 "Uniq-Sess-ID7"
Mar 30 11:20:08 vpngw2 1276: Mar 30 09:21:51.482: RADIUS: Service-Type        [6]   6   Framed                    [2]
Mar 30 11:20:08 vpngw2 1277: Mar 30 09:21:51.482: RADIUS: NAS-IP-Address      [4]   6   10.28.1.97
Mar 30 11:20:08 vpngw2 1278: Mar 30 09:21:51.482: RADIUS: Acct-Delay-Time     [41] 6   0
Mar 30 11:20:08 vpngw2 1279: Mar 30 09:21:51.482: RADIUS(00000015): Sending a IPv4 Radius Packet
Mar 30 11:20:08 vpngw2 1280: Mar 30 09:21:51.482: RADIUS(00000015): Started 5 sec timeout
Mar 30 11:20:08 vpngw2 1281: Mar 30 09:21:51.486: RADIUS: Received from id 1646/19 10.27.1.228:1813, Accounting-response, len 20
Mar 30 11:20:08 vpngw2 1282: Mar 30 09:21:51.486: RADIUS: authenticator 73 5E 95 46 5B 57 B1 4A - 44 4F 7C 71 F0 26 AA A4
Mar 30 11:20:12 vpngw2 1283: Mar 30 09:21:56.282: RADIUS/ENCODE(00000015):Orig. component type = VPDN
Mar 30 11:20:12 vpngw2 1284: Mar 30 09:21:56.282: RADIUS(00000015): Config NAS IP: 0.0.0.0
Mar 30 11:20:12 vpngw2 1285: Mar 30 09:21:56.282: RADIUS(00000015): Config NAS IPv6: ::
Mar 30 11:20:12 vpngw2 1286: Mar 30 09:21:56.282: RADIUS(00000015): sending
Mar 30 11:20:12 vpngw2 1287: Mar 30 09:21:56.282: RADIUS/ENCODE: Best Local IP-Address 10.28.1.97 for Radius-Server 10.27.1.228
Mar 30 11:20:12 vpngw2 1288: Mar 30 09:21:56.286: RADIUS(00000015): Send Accounting-Request to 10.27.1.228:1813 id 1646/20, len 407
Mar 30 11:20:12 vpngw2 1289: Mar 30 09:21:56.286: RADIUS: authenticator 26 7A 27 91 EB 3F 34 C6 - DB 2D 88 F8 B1 A4 C1 12
Mar 30 11:20:12 vpngw2 1290: Mar 30 09:21:56.286: RADIUS: Acct-Session-Id     [44] 10 "00000011"
Mar 30 11:20:12 vpngw2 1291: Mar 30 09:21:56.286: RADIUS: Tunnel-Type         [64] 6   00:
Mar 30 11:20:12 vpngw2 1292: L2TP                   [3]
Mar 30 11:20:12 vpngw2 1293: Mar 30 09:21:56.286: RADIUS: Tunnel-Medium-Type [65] 6   00:IPv4                   [1]
Mar 30 11:20:12 vpngw2 1294: Mar 30 09:21:56.286: RADIUS: Tunnel-Server-Endpoi[67] 16 "x.x.x.39"
Mar 30 11:20:12 vpngw2 1295: Mar 30 09:21:56.286: RADIUS: Tunnel-Client-Endpoi[66] 16 "x.x.x.34"
Mar 30 11:20:12 vpngw2 1296: Mar 30 09:21:56.286: RADIUS: Tunnel-Assignment-Id[82] 6   "L2TP"
Mar 30 11:20:12 vpngw2 1297: Mar 30 09:21:56.286: RADIUS: Tunnel-Client-Auth-I[90] 5   "me1"
Mar 30 11:20:12 vpngw2 1298: Mar 30 09:21:56.286: RADIUS: Tunnel-Server-Auth-I[91] 8   "vpngw2"
Mar 30 11:20:12 vpngw2 1299: Mar 30 09:21:56.286: RADIUS: Framed-Protocol     [7]   6   PPP                       [1]
Mar 30 11:20:12 vpngw2 1300: Mar 30 09:21:56.286: RADIUS: Framed-IP-Address   [8]   6   192.168.252.9
Mar 30 11:20:12 vpngw2 1301: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 59
Mar 30 11:20:12 vpngw2 1302: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   53 "ppp-disconnect-cause=Received LCP TERMREQ from peer"
Mar 30 11:20:12 vpngw2 1303: Mar 30 09:21:56.286: RADIUS: User-Name           [1]   5   "me1"
Mar 30 11:20:12 vpngw2 1304: Mar 30 09:21:56.286: RADIUS: Acct-Authentic      [45] 6   RADIUS                    [1]
Mar 30 11:20:12 vpngw2 1305: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 35
Mar 30 11:20:12 vpngw2 1306: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   29 "connect-progress=LAN Ses Up"
Mar 30 11:20:12 vpngw2 1307: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 30
Mar 30 11:20:12 vpngw2 1308: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   24 "nas-tx-speed=100000000"
Mar 30 11:20:12 vpngw2 1309: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 30
Mar 30 11:20:12 vpngw2 1310: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   24 "nas-rx-speed=100000000"
Mar 30 11:20:12 vpngw2 1311: Mar 30 09:21:56.286: RADIUS: Acct-Session-Time   [46] 6   5
Mar 30 11:20:12 vpngw2 1312: Mar 30 09:21:56.286: RADIUS: Acct-Input-Octets   [42] 6   5980
Mar 30 11:20:12 vpngw2 1313: Mar 30 09:21:56.286: RADIUS: Acct-Output-Octets [43] 6   120
Mar 30 11:20:12 vpngw2 1314: Mar 30 09:21:56.286: RADIUS: Acct-Input-Packets [47] 6   47
Mar 30 11:20:12 vpngw2 1315: Mar 30 09:21:56.286: RADIUS: Acct-Output-Packets [48] 6   11
Mar 30 11:20:12 vpngw2 1316: Mar 30 09:21:56.286: RADIUS: Acct-Terminate-Cause[49] 6   user-request              [1]
Mar 30 11:20:12 vpngw2 1317: Mar 30 09:21:56.286: RADIUS: Vendor, Cisco       [26] 39
Mar 30 11:20:12 vpngw2 1318: Mar 30 09:21:56.286: RADIUS:   Cisco AVpair       [1]   33 "disc-cause-ext=PPP Receive Term"
Mar 30 11:20:12 vpngw2 1319: Mar 30 09:21:56.286: RADIUS: Acct-Status-Type    [40] 6   Stop                      [2]
Mar 30 11:20:12 vpngw2 1320: Mar 30 09:21:56.286: RADIUS: Connect-Info        [77] 11 "100000000"
Mar 30 11:20:12 vpngw2 1321: Mar 30 09:21:56.286: RADIUS: NAS-Port-Type       [61] 6   Sync                      [1]
Mar 30 11:20:12 vpngw2 1322: Mar 30 09:21:56.286: RADIUS: NAS-Port            [5]   6   10007
Mar 30 11:20:12 vpngw2 1323: Mar 30 09:21:56.286: RADIUS: NAS-Port-Id         [87] 15 "Uniq-Sess-ID7"
Mar 30 11:20:12 vpngw2 1324: Mar 30 09:21:56.286: RADIUS: Service-Type        [6]   6   Framed                    [2]
Mar 30 11:20:12 vpngw2 1325: Mar 30 09:21:56.286: RADIUS: NAS-IP-Address      [4]   6   10.28.1.97
Mar 30 11:20:12 vpngw2 1326: Mar 30 09:21:56.286: RADIUS: Acct-Delay-Time     [41] 6   0
Mar 30 11:20:12 vpngw2 1327: Mar 30 09:21:56.286: RADIUS(00000015): Sending a IPv4 Radius Packet
Mar 30 11:20:12 vpngw2 1328: Mar 30 09:21:56.286: RADIUS(00000015): Started 5 sec timeout
Mar 30 11:20:12 vpngw2 1329: Mar 30 09:21:56.294: RADIUS: Received from id 1646/20 10.27.1.228:1813, Accounting-response, len 20
Mar 30 11:20:12 vpngw2 1330: Mar 30 09:21:56.294: RADIUS: authenticator E1 09 A6 6D 91 C6 B1 B3 - 78 00 FF 4F 25 32 C6 B5
Mar 30 11:20:12 vpngw2 1331: Mar 30 09:21:56.406: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
Mar 30 11:20:12 vpngw2 1332: Mar 30 09:21:56.410: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
=============================================================

I found the failure.
In the cisco config it must be
aaa authorization network default group radius local
not
aaa authorization network groupauthor local

VPN users - mac server

Similar Messages

Maybe you are looking for