Windows Mobile 5.0 L2TP/IPSec native VPN to 3030
Has anyone successfully setup a VPN using the built in VPN client in Windows Mobile 5.0 to a Cisco 3030? I am running into problems but have no idea why. I followed chapter 13 of "The Complete Cisco VPN Configuration Guide" from Cisco Press, to configure the L2TP/IPSec for Windows Client software, but still no luck. I would much rather use the native software from Windows Mobile rather than purchase a 3rd party app. Any help or reference's are greatly appreciated. Thanks in advance!
Windows Mobile user 5.0 doesnt work with cisoc 3030. Mobile client requests a domain name on the credentials, which seems to be as "not valid" on the concentrator.
Similar Messages
-
Looking for help to set up l2tp Ipsec vpn on asa 5055
I am trying to set up a L2tp Ipsec vpn on asa 5055 and I am using windows 8.1 build in VPN client to connect to it. I got the following error. Anyone has experence please help.
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, All IPSec SA proposals found unacceptable!
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending notify message
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing blank hash payload
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing ipsec notify payload for msg id 1
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing qm hash payload
Apr 17 22:48:21 [IKEv1]IP = 209.171.88.81, IKE_DECODE SENDING Message (msgid=6a50f8f9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, QM FSM error (P2 struct &0xad6946b8, mess id 0x1)!
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE QM Responder FSM error history (struct &0xad6946b8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2,
EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2,
EV_COMP_HASH
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending delete/delete with reason message
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, Removing peer from correlator table failed, no match!
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE SA MM:d8870fa5 rcv'd Terminate: state MM_ACTIVE flags 0x00000042, refcnt 1, tuncnt 0
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE SA MM:d8870fa5 terminating: flags 0x01000002, refcnt 0, tuncnt 0
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending delete/delete with reason message
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing blank hash payload
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing IKE delete payload
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing qm hash payload
Apr 17 22:48:21 [IKEv1]IP = 209.171.88.81, IKE_DECODE SENDING Message (msgid=232654dc) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, Session is being torn down. Reason: Phase 2 Mismatch
I am new to this so I don't know what I should do next. ThanksHere it is. Thanks.
CL-T179-12IH# show run crypto
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint vpn
enrollment self
subject-name CN=174.142.90.17
crl configure
crypto ca trustpool policy
crypto ca certificate chain vpn
certificate 2d181c55
308201ff 30820168 a0030201 0202042d 181c5530 0d06092a 864886f7 0d010105
05003044 31163014 06035504 03130d31 37342e31 34322e39 302e3137 312a3028
06092a86 4886f70d 01090216 1b434c2d 54313739 2d313249 482e7072 69766174
65646e73 2e636f6d 301e170d 31353034 31363033 31393439 5a170d32 35303431
33303331 3934395a 30443116 30140603 55040313 0d313734 2e313432 2e39302e
3137312a 30280609 2a864886 f70d0109 02161b43 4c2d5431 37392d31 3249482e
70726976 61746564 6e732e63 6f6d3081 9f300d06 092a8648 86f70d01 01010500
03818d00 30818902 818100bf 797d1cc1 cfffc634 8c3b2a4b ce27b1c9 3fc3e026
4f6cd8f4 c9675aca b5176cef 7f3df142 35ba4e15 2613d34c 91bb5da3 14b34b6c
71e4ff44 f129046f 7f91e73f 2c9d42f9 93001559 ea6c71c1 1a848073 15da79f7
a41081ee b4cd3cc3 baa7a272 3a5fb32d 66dedee6 5994d4b2 ad9d7489 44ec9eb9
44038a2a 817e935f 1bb7ad02 03010001 300d0609 2a864886 f70d0101 05050003
8181002c 6cee9ae7 a037698a 5690aca1 f01c87db 04d9cbc6 65bda6dc a17fc4b6
b1fd419e 56df108f b06edfe6 ab5a5eb3 5474a7fe 58970da3 23e6bc6e 36ab8f62
d5c442bf 43581eb3 26b8cf26 6a667a8b ddd25a73 a094f0d0 65092ff8 d2a644d8
3d7da7ca efeb9e2f 84807fdf 0cf3d75e bcb65ba4 7b51cb49 f912f516 f95b5d86
da0e01
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint vpn
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400 -
Is there a limit to the number of concurrent L2TP/IPSec VPN connections in Snow Leopard
Hi,
I'm currently running an L2TP/IPSec service from a Snow Leopard server VM running on the latest version of Lion Server ( Had loads of issues with Lion VPN connectivity from outside our network when I first upgraded the physical server to Lion. quickest way to get the service back was to run an S/L VM. I know that there have been some changes to Lion in the VPN area, but this works... sort of;;;)
I've got an IP address pool of 20 addresses confgured as this is only for ICT staff members. Each user has a local userid/password on the S/L server. For me, things just work.
iPhone, iPad, OS X lion client they all work and I've had about 3 simultaneous connections up and running.However, the majority of staff users use Windows 7 client machines and they're been reporting sporadic connection failures where one moment they can get connected and the next they can't. I'm currently wondring if there is some concurrent limit setting they are hitting and are getting slung off because I've got other users using the service. It would be a bit strange if S/L can only support 2 or 3 connections out of the box.
Then again it might be VMWare Fusion (Vsn 4.1.1) thats the problem.
Any help apppreciated
Rgds
AlexYou have to count to have about 30GB at least free on the startup disk, after you have the library loaded.
On the external you have space enough.
As far as I know there is no limit for iPhoto, but I suggest to not let it grow too much, because everything will become sluggish, also making backups. It should be possible to split up in more libraries, one that is really actual and one that is the past. Physical splitting up I mean, not smart collections. You can switch libraries by holding the Alt(option) at startup of iPhoto. -
Problem with L2TP IPSEC VPN login...
Hello,
I have a problem with my trying to login on my laptop to my work vpn. I was given from my work, the vpn's ip address, the psk, my username, and password for the vpn. I feel like I am hitting a brick wall and makes me just want to forget it all together... I can get in with my info on this same laptop on the same connection at my apartment from my windows 8.1 partition just fine. I have also verified and triple checked all my vpn information required. I also don't know but I think have it setup to use PAP, MS CHAP, or MS CHAP v2.. Any help I would be greatly appreciated. Pretty much the way my VPN for my work works is you have to VPN on L2TP over IPSEC with a username and password and a psk to allow you to remote desktop to my desktop at work. Really wish this could work as I am tired of supporting windows at home when I pretty much only use it to VPN into work when I have to get work done...
pacman -Q openswan
openswan 2.6.41-1
pacman -Q xl2tpd
xl2tpd 1.3.6-1
uname -a
Linux tux 3.17.1-1-ARCH #1 SMP PREEMPT Wed Oct 15 15:04:35 CEST 2014 x86_64 GNU/Linux
Now I have all the configs setup below following the L2TP/IPsec VPN client setup arch wiki page and I keep getting this:
ipsec auto --up <vpn connection name>
022 "<vpn connection name>": We cannot identify ourselves with either end of this connection.
my process to run the vpn connection:
sudo systemctl start openswan
sudo systemctl start xl2tpd
ipsec auto --up <vpn connection name>
echo "c <vpn connection name>" > /var/run/xl2tpd/l2tp-control
how I added my vpn connection:
sudo ipsec auto --add <vpn connection name>
/etc/xl2tpd/xl2tpd.conf
[global]
; listen-addr = <my ip address>
debug avp = no
debug network = no
debug packet = no
debug state = no
debug tunnel = no
[lac <vpn connection name>]
lns = <vpn ip address>
pppoptfile = /etc/ppp/<vpn connection name>.options.xl2tpd
length bit = no
redial = no
/etc/ppp/<vpn connection name>.options.xl2tpd
plugin passprompt.so
ipcp-accept-local
ipcp-accept-remote
idle 72000
ktune
noproxyarp
asyncmap 0
noauth
crtscts
lock
hide-password
modem
noipx
ipparam L2tpIPsecVpn-<vpn connection name>
promptprog "/usr/bin/L2tpIPsecVpn"
refuse-eap
remotename ""
name "<vpn username>"
password <vpn password>
usepeerdns
/etc/ipsec.secrets
%any @<vpn ip address>: PSK <psk key here>
Last edited by adramalech (2014-10-25 04:53:46)Hello,
I have a problem with my trying to login on my laptop to my work vpn. I was given from my work, the vpn's ip address, the psk, my username, and password for the vpn. I feel like I am hitting a brick wall and makes me just want to forget it all together... I can get in with my info on this same laptop on the same connection at my apartment from my windows 8.1 partition just fine. I have also verified and triple checked all my vpn information required. I also don't know but I think have it setup to use PAP, MS CHAP, or MS CHAP v2.. Any help I would be greatly appreciated. Pretty much the way my VPN for my work works is you have to VPN on L2TP over IPSEC with a username and password and a psk to allow you to remote desktop to my desktop at work. Really wish this could work as I am tired of supporting windows at home when I pretty much only use it to VPN into work when I have to get work done...
pacman -Q openswan
openswan 2.6.41-1
pacman -Q xl2tpd
xl2tpd 1.3.6-1
uname -a
Linux tux 3.17.1-1-ARCH #1 SMP PREEMPT Wed Oct 15 15:04:35 CEST 2014 x86_64 GNU/Linux
Now I have all the configs setup below following the L2TP/IPsec VPN client setup arch wiki page and I keep getting this:
ipsec auto --up <vpn connection name>
022 "<vpn connection name>": We cannot identify ourselves with either end of this connection.
my process to run the vpn connection:
sudo systemctl start openswan
sudo systemctl start xl2tpd
ipsec auto --up <vpn connection name>
echo "c <vpn connection name>" > /var/run/xl2tpd/l2tp-control
how I added my vpn connection:
sudo ipsec auto --add <vpn connection name>
/etc/xl2tpd/xl2tpd.conf
[global]
; listen-addr = <my ip address>
debug avp = no
debug network = no
debug packet = no
debug state = no
debug tunnel = no
[lac <vpn connection name>]
lns = <vpn ip address>
pppoptfile = /etc/ppp/<vpn connection name>.options.xl2tpd
length bit = no
redial = no
/etc/ppp/<vpn connection name>.options.xl2tpd
plugin passprompt.so
ipcp-accept-local
ipcp-accept-remote
idle 72000
ktune
noproxyarp
asyncmap 0
noauth
crtscts
lock
hide-password
modem
noipx
ipparam L2tpIPsecVpn-<vpn connection name>
promptprog "/usr/bin/L2tpIPsecVpn"
refuse-eap
remotename ""
name "<vpn username>"
password <vpn password>
usepeerdns
/etc/ipsec.secrets
%any @<vpn ip address>: PSK <psk key here>
Last edited by adramalech (2014-10-25 04:53:46) -
Establishing L2TP/IPSEC vpn
I have a new laptop, running Windows 8.1 Pro. I am trying to set up an L2TP/IPSEC vpn to my office.
I have created the connection, and filled in the various settings including PSK, but whenever I try and connect it fails with Error 789. I have checked this against my Windows XP / Vista / 7 laptops (which all work fine), and the VPN setup details are all
identical. It works fine on all the other laptops, but not on Windows 8.1.
Is there something special about Windows 8.1 that would prevent this from working?Hi,
Please check the solution in this thread:
http://social.technet.microsoft.com/Forums/windows/en-US/630488b8-e638-488d-803a-08ef9281e4fb/windows-7-ipsecl2tp-vpn-connection-problem
Also, please check solution “Error Code: 789, 835” in this article:
Troubleshooting common VPN related errors
http://blogs.technet.com/b/rrasblog/archive/2009/08/12/troubleshooting-common-vpn-related-errors.aspx
Since this issue can also be caused by third-part security program, please disable it and recreate the connection again to check the results.
Please take time to perform the steps above and let me know the results.
Karen Hu
TechNet Community Support -
Is symbian or windows mobile better to access mac shares via vpn?
I am considering a smart phone purchase in the next few months, and I would like to be able to browse my server via vpn from the phone the same way I can with my Palm LifeDrive. I think Symbian or Windows Mobile are my best OS choices for a phone, and I was wondering if anyone has actual experience with this. Do they use PPTP or L2TP? At this point, the iPhone cannot edit documents, so it is not a consideration, but I am also curious if it allows for this type of remote browsing through a VPN.
Thank you for any help that you can offer.
MichaelI have done some more testing and oddly enough I can map a drive if I use the IPaddress, but not the computer name, when checking the check box "connect using different credentials"and providing they users domain credentials.
This seems to point to a DNS issue, one would think, but I can hit the file share server by name \\fileserver.dev.lan
I can see all the shares, so dns seems to be fine right?
So I don't understand why I can map a drive using do the IPaddress and not the machine name, but yet I can see and ping the server by name?
When I try to create a mapped drive by machine name I receive the following message:
Windows cannot access \\fileserver.dev.lan\all
You do not have permissions to access \\fileserver.dev.lan. contact your network administrator to request access.
But if I use the \\x.x.x.x\all using the very same user and password I get connected with no problem.
This only seems to happen on windows 8.1, which leads me to think that has something to do with OS.
I am thinking about upgrading to windows 8.1 pro, but I don't want to go though the hassle and expanse is the OS is not the problem. -
Windows Mobile L2TP Configuration
I am trying to get VPN working through a Windows Mobile Cell Phone through at L2TP connection but have failed. I can see the attempts coming into our ASA firewall however the username is always blank and I have not found much information on how to configure this. Does anyone have any ideas or information on how to configure this?
ThanksTo allow end users to connect using Windows Mobile devices, configure the Mobile Policy parameters. These parameters apply only to Windows Mobile devices. Include them only if your end users use Windows Mobile. Windows Mobile Policy enforcement is supported only on Windows Mobile 5, Windows Mobile 5+AKU2, and Windows Mobile 6. It is not supported on Windows Mobile 6.1. Attempts to connect to a secure gateway that is configured to require a security policy that cannot be enforced will fail.
-
Macbook clients cannot connect to Windows Server 2008 RRAS with L2TP/IPSec
Hi everyone,
I had installed "Remote and Routing Access" or a VPN server on Windows Server 2008. The connection type set up is L2TP/IPSec. All the Windows clients can connect to the L2TP/IPSec VPN server without problem but Macbook users are facing problem.
The Macbook users got the error message "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."
I think it is something related to the pre-shared key encryption but I am not sure. The Macbook users could connect if the connection type is changed to PPTP on server and clients side. I searched for similar problems and solutions online but no luck, I couldn't find solution that helps. I found this is a common problem faced by many macbook users.
Does anyone have a solution or suggestion for this, please? I appreciate all the helps and suggestion given.
Thanks,
CKHi,
Thanks for the question, however, this forum is for Remote Desktop Clients related questions.
Regarding the issue, as Windows clients can connect with no problem, I suspect that it is a Mac side issue and I would like to suggest you contact Apple support for help.
Thanks.
Jeremy Wu
TechNet Community Support -
Mavericks VPN dropouts with native VPN client and Cisco IPSec
Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions? -
Works windows mobile with SSL VPN and anyconnect
Hello,
do anyone know if the following OS works with ASA 8.x SSL VPN client ,SSL clientless VPN and anyconnect client and Secure Desktop :
windows mobile 5.0 Premium phone edition
windows mobile 6.0
windows embedded CE,Net
windows mobile 2003
Thank you for your help
Michael[url=http://fztodds.24fast.info/washington225.html] washington [/url]
[url=http://fztodds.24fast.info/washington16e.html] washington [/url]
[url=http://fztodds.24fast.info/washingtond66.html] washington [/url]
[url=http://fztodds.24fast.info/washington4e0.html] washington [/url]
[url=http://fztodds.24fast.info/washington00b.html] washington [/url]
[url=http://fztodds.24fast.info/washington1e7.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington0a8.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington9de.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washingtone4a.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington4ec.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington184.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washingtonb73.html] washington [/url]
[url=http://ioinlfu.zotzoo.com/washington853.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington1a5.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washingtonde7.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington2b8.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington902.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washingtonc99.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washingtoncc7.html] washington [/url]
[url=http://ygkbfvp.wipou.com/washington598.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtonbe2.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtone9b.html] washington [/url]
[url=http://yfldvbz.webheri.net/washington4e0.html] washington [/url]
[url=http://yfldvbz.webheri.net/washington327.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtonada.html] washington [/url]
[url=http://yfldvbz.webheri.net/washingtond2b.html] washington [/url]
[url=http://yfldvbz.webheri.net/washington317.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington7cb.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washingtoneaf.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington259.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington8e0.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washingtonc03.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington092.html] washington [/url]
[url=http://odwjneh.yourfreehosting.net/washington79c.html] washington [/url]
[url=http://aeaukol.rack111.com/washington766.html] washington [/url]
[url=http://aeaukol.rack111.com/washingtona2e.html] washington [/url]
[url=http://aeaukol.rack111.com/washington4c4.html] washington [/url]
[url=http://aeaukol.rack111.com/washingtonb9f.html] washington [/url]
[url=http://aeaukol.rack111.com/washingtond3a.html] washington [/url]
[url=http://aeaukol.rack111.com/washington54a.html] washington [/url]
[url=http://aeaukol.rack111.com/washington777.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington300.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington239.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington7b4.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washingtonad5.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washingtone03.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington399.html] washington [/url]
[url=http://uhbayoe.hostrator.com/washington9e9.html] washington [/url]
[url=http://ggaubio.hostevo.com/washington878.html] washington [/url]
[url=http://ggaubio.hostevo.com/washington525.html] washington [/url] -
I've got a NAS setup with various services running on custom ports to help minimize exposure (especially to script kiddies). I've tested everything both internally and externally to confirm they all work, and even had someone at a remote location confirm accessibility as well. Port forward configurations performed on the Actiontec are working well.
I installed an L2TP/IPSec VPN server, tested internally and it connected successfully. So for all intents & purposes, this validates that the VPN server is correctly configured to accept inbound connections and functioning correctly.
I logged into the Verizon Actiontec MI424WR router, setup port forwarding for UDP ports 500, 1701 & 4500.
Note: I added the AH & ESP protocols based on what I saw on the built-in L2TP/IPSec rules
With the port forwarding in place, I tested VPN externally but it didn't connect.
I've done the following so far to no avail:
Double & triple checked the port forwards, deleted & recreated the rules a few times to be sure
There are no other pre-existing L2RP/IPSec port forward rules or otherwise conflicting port forward rules (e.g.: another rule for ports 500, 1701 or 4500)
There was an L2TP port triggering rule enabled, that I toggled on and off with no change
Verified the firewall on VPN server had an exclusion for L2TP, or that the firewall is off. (Firewall is off to reduce a layer of complexity, but it worked internally to begin with so I doubt that's the issue.)
Since it works internally, and there are no entries in the logs on the device indicating inbound connections, I'm convinced its an issue with the Verizon Actiontec router. But unfortunately, I'm not sure what else to try or where else to look to troubleshoot this. For instance, is there a log on the router that I can view in real time (e.g.: tail) that would show me whether or not the inbound connection attempt is reaching the device, and whether or not the device allowed or blocked it?
My router details:
Verizon Actiontec
MI424WR-GEN2
Revision E
Firmware 20.21.0.2
Verizon Actiontec built-in L2TP/IPSec rule templates. They're not currently in use, but are baked into the firmware for easy configuration/selection from a drop down menu.
Solved!
Go to Solution.normally a vpn on that router, will have a GRE tunneling protocol as well.
two ways to build the PF rules,
Manually
Preconfigured
I know the preconfigured VPN rules will do the GRE protocol as well, but if you do it by hand you can't get it. -
[SOLVED] l2tp-ipsec-vpn-daemon from AUR fails to build
Please let me know if there are other details that require posting:-
==> Starting build()...
/usr/bin/qmake -o qttmp-Release.mk -after "OBJECTS_DIR=build/Release" "DESTDIR=dist/Release" nbproject/qt-Release.pro
mv -f qttmp-Release.mk nbproject/qt-Release.mk
make -f nbproject/qt-Release.mk dist/Release/L2tpIPsecVpnControlDaemon
make[1]: Entering directory '/tmp/yaourt-tmp-nimda/aur-l2tp-ipsec-vpn-daemon/src/l2tp-ipsec-vpn-daemon'
g++ -c -pipe -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -Wall -W -D_REENTRANT -fPIE -DQT_NO_DEBUG -DQT_NETWORK_LIB -DQT_CORE_LIB -I/usr/lib/qt/mkspecs/linux-g++ -Inbproject -isystem /usr/include/qt -isystem /usr/include/qt/QtNetwork -isystem /usr/include/qt/QtCore -Isrc/generated -I. -o build/Release/main.o src/main.cpp
g++ -c -pipe -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -Wall -W -D_REENTRANT -fPIE -DQT_NO_DEBUG -DQT_NETWORK_LIB -DQT_CORE_LIB -I/usr/lib/qt/mkspecs/linux-g++ -Inbproject -isystem /usr/include/qt -isystem /usr/include/qt/QtNetwork -isystem /usr/include/qt/QtCore -Isrc/generated -I. -o build/Release/VpnClientConnection.o src/VpnClientConnection.cpp
src/VpnClientConnection.cpp: In member function 'void VpnClientConnection::readyRead()':
src/VpnClientConnection.cpp:133:99: error: 'class QString' has no member named 'toAscii'
::syslog(LOG_DEBUG|LOG_DAEMON, "Executing command %s", m_strActiveCommand.toAscii().constData());
^
src/VpnClientConnection.cpp:140:75: error: 'class QString' has no member named 'toAscii'
if (COMMANDS[iCommand].pPipe->write(strCommand.toAscii().constData()) == strCommand.length())
^
src/VpnClientConnection.cpp:159:63: error: 'class QString' has no member named 'toAscii'
if (::mkfifo(strCommandParts[1].toAscii().constData(), DEFFILEMODE) == 0)
^
src/VpnClientConnection.cpp:161:84: error: 'class QString' has no member named 'toAscii'
const int iChmodResult(::chmod(strCommandParts[1].toAscii().constData(), DEFFILEMODE));
^
src/VpnClientConnection.cpp:168:87: error: 'class QString' has no member named 'toAscii'
const int iChownResult(::chown(strCommandParts[1].toAscii().constData(), pPwdInfo->pw_uid, pPwdInfo->pw_gid));
^
src/VpnClientConnection.cpp:193:77: error: 'const class QString' has no member named 'toAscii'
if (COMMANDS[iCommand].pPipe->write(str.toAscii().constData()) != str.length())
^
src/VpnClientConnection.cpp: In member function 'void VpnClientConnection::onCommandError(QProcess::ProcessError)':
src/VpnClientConnection.cpp:250:96: error: 'class QString' has no member named 'toAscii'
::syslog(LOG_DEBUG|LOG_DAEMON, "Command %s finished with error code %d", m_strActiveCommand.toAscii().constData(), ERR_COMMAND_FAILED_TO_START + iError);
^
src/VpnClientConnection.cpp: In member function 'void VpnClientConnection::onCommandFinished(int)':
src/VpnClientConnection.cpp:257:95: error: 'class QString' has no member named 'toAscii'
::syslog(LOG_DEBUG|LOG_DAEMON, "Command %s finished with exit code %d", m_strActiveCommand.toAscii().constData(), iExitCode);
^
src/VpnClientConnection.cpp: In member function 'bool VpnClientConnection::send(VpnClientConnection::ResponseType, VpnClientConnection::ResponseResult, const QString&)':
src/VpnClientConnection.cpp:268:118: error: 'const class QString' has no member named 'toAscii'
m_pSocket->write((QString::number(responseType) + " " + QString::number(resultCode) + " " + strCommand + '\n').toAscii().constData());
^
src/VpnClientConnection.cpp: In member function 'bool VpnClientConnection::send(VpnClientConnection::ResponseType, VpnClientConnection::ResponseInformation)':
src/VpnClientConnection.cpp:281:108: error: 'const class QString' has no member named 'toAscii'
m_pSocket->write((QString::number(responseType) + " " + QString::number(responseInformation) + '\n').toAscii().constData());
^
src/VpnClientConnection.cpp: In member function 'bool VpnClientConnection::send(VpnClientConnection::ResponseType, const QString&)':
src/VpnClientConnection.cpp:294:78: error: 'const class QString' has no member named 'toAscii'
m_pSocket->write((QString::number(responseType) + " " + strOutputline).toAscii().constData());
^
nbproject/qt-Release.mk:319: recipe for target 'build/Release/VpnClientConnection.o' failed
make[1]: *** [build/Release/VpnClientConnection.o] Error 1
make[1]: Leaving directory '/tmp/yaourt-tmp-nimda/aur-l2tp-ipsec-vpn-daemon/src/l2tp-ipsec-vpn-daemon'
Makefile:62: recipe for target 'build' failed
make: *** [build] Error 2
==> ERROR: A failure occurred in build().
Aborting...
==> ERROR: Makepkg was unable to build l2tp-ipsec-vpn-daemon.
Last edited by n1md4 (2014-06-06 09:47:25)Have you tried 0.9.9-2 from the comments: https://aur.archlinux.org/packages/l2tp … pn-daemon/ ?
-
[SOLVED]Connecting to L2TP/IPSec VPN problem: pppd seems not starting
I'm trying to connect to an L2TP/IPsec VPN server, by ipsec-tools + xl2tpd.
Here is my setup:
/etc/racoon.conf:
log debug;
path pre_shared_key "/etc/racoon/psk.txt";
padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
remote anonymous {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
generate_policy on;
nat_traversal on;
proposal_check obey;
proposal {
encryption_algorithm aes 256;
lifetime time 3600 sec;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
sainfo anonymous {
lifetime time 3600 sec;
encryption_algorithm aes 256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
/etc/racoon/psk.txt:
#broadband
137.189.192.201 the-server-psk
137.189.192.204 the-server-psk
Here the two IPs are the IPs of vpn.cuhk.edu.hk, which is the VPN server.
/etc/xl2tpd/xl2tpd.conf:
[global]
port = 1701
auth file = /etc/ppp/pap-secrets
debug network = yes
debug avp = yes
debug packet = yes
debug state = yes
debug tunnel = yes
[lac connect]
lns = vpn.cuhk.edu.hk
name = vpn-server
redial = yes
redial timeout = 15
max redials = 5
hidden bit = yes
refuse chap = yes
require pap = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
/etc/ppp/pap-secrets:
# Secrets for authentication using PAP
# client server secret IP addresses
myusername * mypassword *
/etc/ppp/options.xl2tpd:
lock
debug
mtu 1000
nobsdcomp
nodeflate
noaccomp
nopcomp
novj
defaultroute
refuse-chap
refuse-mschap
refuse-mschap-v2
connect-delay 5000
name myusername
password mypassword
spd.sh:
#!/bin/sh
Then I do the following:
# 192.168.1.1 is my lan gateway
sudo ip route add 137.189.192.201 via 192.168.1.1
sudo ip route add 137.189.192.204 via 192.168.1.1
# For adding spd, script from the VPN server
echo -e flush\; | sudo setkey -c
echo -e spdflush\; | sudo setkey -c
echo -e spdadd 192.168.1.173/32\[1701\] 0.0.0.0\/0\[0\] any \-P out ipsec esp\/transport\/\/require\; | sudo setkey -c
sudo systemctl start racoon
sudo systemctl start xl2tpd
echo "c connect" | sudo tee /var/run/xl2tpd/l2tp-control
I expect that some network interface like ppp0 will be created, but nothing happened.
Then I check the record, and find something weird in xl2tpd log (from journalctl, racoon and sudo logs skipped):
8月 21 01:13:40 nkdesktop systemd[1]: Stopped Level 2 Tunnel Protocol Daemon (L2TP).
8月 21 01:13:41 nkdesktop systemd[1]: Starting Racoon IKEv1 key management daemon for IPSEC...
8月 21 01:13:41 nkdesktop systemd[1]: Started Racoon IKEv1 key management daemon for IPSEC.
8月 21 01:13:43 nkdesktop systemd[1]: Starting Level 2 Tunnel Protocol Daemon (L2TP)...
8月 21 01:13:43 nkdesktop systemd[1]: Started Level 2 Tunnel Protocol Daemon (L2TP).
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: setsockopt recvref[30]: Protocol not available
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Using l2tp kernel support.
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: xl2tpd version xl2tpd-1.3.6 started on nkdesktop PID:19639
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Forked by Scott Balmos and David Stipp, (C) 2001
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Inherited by Jeff McAdams, (C) 2002
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Forked again by Xelerance (www.xelerance.com) (C) 2006
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Listening on IP address 0.0.0.0, port 1701
8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: get_call: allocating new tunnel for host 137.189.192.204, port 1701.
8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Connecting to host vpn.cuhk.edu.hk, port 1701
8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: sending SCCRQ
8月 21 01:13:46 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select timeout
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select timeout
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 103, tunnel = 30858, call = 0 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: protocol_version_avp: peer is using version 1, revision 0.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: framing_caps_avp: supported peer frames: async sync
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: bearer_caps_avp: supported peer bearers:
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: firmware_rev_avp: peer reports firmware version 1648 (0x0670)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: hostname_avp: peer reports hostname 'eriwan'
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: vendor_avp: peer reports vendor 'Adtran, l2tpd'
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_tunnel_avp: using peer's tunnel 4733
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 4733, call is 0.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: sending SCCCN
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Connection established to 137.189.192.204, 1701. Local: 30858, Remote: 4733 (ref=0/0).
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Calling on tunnel 30858
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is (null)(0). Tunnel is 4733, call is 0.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: sending ICRQ
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 12, tunnel = 30858, call = 0 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 28, tunnel = 30858, call = 63662 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 63662
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 11 (Incoming-Call-Reply)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_call_avp: using peer's call 31346
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Incoming-Call-Reply(11). Tunnel is 4733, call is 31346.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: Sending ICCN
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Call established with 137.189.192.204, Local: 63662, Remote: 31346, Serial: 1 (ref=0/0)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: start_pppd: I'm running:
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "/usr/sbin/pppd"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "passive"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "nodetach"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: ":"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "refuse-chap"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "name"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "vpn-server"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "debug"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "file"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "/etc/ppp/options.xl2tpd"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "plugin"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "pppol2tp.so"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "pppol2tp"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "7"
8月 21 01:13:47 nkdesktop pppd[19647]: Plugin pppol2tp.so loaded.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 12, tunnel = 30858, call = 0 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 12, tunnel = 30858, call = 63662 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 38, tunnel = 30858, call = 63662 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 63662
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 14 (Call-Disconnect-Notify)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: result_code_avp: peer closing for reason 1 (General request to clear control connection), error = 0 ()
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_call_avp: using peer's call 31346
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Call-Disconnect-Notify(14). Tunnel is 4733, call is 31346.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: Connection closed to 137.189.192.204, serial 1 ()
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Terminating pppd: sending TERM signal to pid 19647
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 38, tunnel = 30858, call = 0 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 4 (Stop-Control-Connection-Notification)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_tunnel_avp: using peer's tunnel 4733
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: result_code_avp: peer closing for reason 1 (General request to clear control connection), error = 0 ()
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Stop-Control-Connection-Notification(4). Tunnel is 4733, call is 0.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: Connection closed to 137.189.192.204, port 1701 (), Local: 30858, Remote: 4733
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: build_fdset: closing down tunnel 30858
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select returned error 9 (Bad file descriptor)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select returned error 4 (Interrupted system call)
... then xl2tpd repeatedly trying to build a connection and fails for every 15s ...
I think pppd should have showed more logs, rather than just loading a module.
But I have no idea about what's wrong.
Or did I just forget to turn on the log function of pppd? If so, how should I turn it on?
Anyone can help?
Last edited by nnkken (2014-08-24 08:42:03)Additional information:
Today I decrypted the IPSec ESP packets by Wireshark (what an awesome function) and compared the L2TP message of my ArchLinux and MacOSX to the same VPN Server.
And I found that while both ArchLinux and MacOSX sends Incomming_Call_Connection (ICCN) packet, the packet are quite different:
The ArchLinux ICCN Packet has 2 additional AVP fields: Random Vector AVP and RX Connect Speed AVP.
Also, the Connect Speed AVP (and also the RX Connect Speed AVP) field is 0, which is different from MacOSX (100000).
After the ICCN packet, MacOCX sends a PPP packet over L2TP, while ArchLinux sends nothing and the server sends a Call_Disconnect_Notification to ArchLinux.
Anyone knows whether this is a bug or something wrong in config?
Last edited by nnkken (2014-08-22 20:19:49) -
Can a Cisco 881 router create an L2TP/IPsec tunnel via NAT to Windows 2008?
Hi
Was anyone successfull in setting up an L2TP/IPsec tunnel through NAT-T against a Windows 2008/ R2 RRAS server? I am using an 881 router and the layout is someting like this:
Client -> 881 -> NAT -> internet -> Windows 2008 RRAS
The tunnel goes form the 881 to the Windows server (not from the client...).
Thanks
RolandHi Federico
Thanks for your help! Much appreciated.
In my case this should be transparent to the client - I would like not to initiate the connection from the client.
Does that makes sense? I am considering L2TP because Windows 2008 R2 doesn't support IPSec tunnels through NAT (2008 R2 being the responder and the Cisco router the initiator of the IPSec connection).
Regards
Roland -
AC100 - No VPN L2TP/IPSec PSK available
Android 2.2 (Froyo) devices show for VPN connections the following possibilities: PPTP, L2TP, L2TP/IPSec PSK and L2TP/IPSec CRT (checked on serveral brands smartphones).
The AC100 is only showing PPTP and L2TP, so no L2TP/IPSec at all.
Any idea why they are missing and how to resolve this?
Need L2TP/IPSec for a VPN connection with a Sonicwall 3060/Pro.
Here's a description how to connect:[https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8658]Hi
As far as I know the L2TP/IPSec is available only for routed android devices.
So possibly this is the reason why the L2TP/IPSec in not available for AC100.
I found here a nice Android L2TP/IPSec VPN HowTo
http://blogs.nopcode.org/brainstorm/2010/08/22/android-l2tpipsec-vpn-mini-howto/
Maybe this could be helpful a little bit!
Maybe you are looking for
-
When I click on Itunes it doesn't appear
It's open, and when I push F8 (play button) it plays, but when I click on the icon in Dock, it does not appear, and when I click on it in F3 mode, another window (eg browser) comes up.
-
Ran "Verify Disk", and gave me an error i don't know how to fix
Here is the error message that comes back after I do the Verify Disk. Verifying volume "Macintosh HD" Checking HFS Plus volume. Checking Extents Overflow file. Checking Catalog file. Illegal name Illegal name Checking multi-linked files. g Catalog hi
-
I am wondering if using a Mac Mini with a 26" HDTV would give me equivalent or better image quality than I would merely get by using a 27" iMac? I want to use my Mac in 2 different locations (staying in each for several mos at a time), and am conside
-
Restrict HR Tables on APPS Schema
Hi All I want to restrict some HR tables like per_assignments_f ,per_all_people_f not access on APPS schema through their terminals or machine only two users can access it on APPS schema. it is honorable for me if some one will help. Edited by: user9
-
Enums for System.getProperty(...) method in Java API?
Just had a thought today as a result of a colleaugue mis-spelling "file.separator" in a System.getProperty() call: How about an enum for the above method (e.g. SystemProperty) that has all the known properties and the String method for any prop not i