Author Topic: No VPN Connection on 10.04  (Read 38289 times)

robwoodward75

  • Regular Poster
  • **
  • Posts: 48
    • View Profile
Re: No VPN Connection on 10.04
« Reply #30 on: November 15, 2012, 10:58:25 pm »
Regarding the !VPNpass1 issue, I've attached 3 files of the web admin which I've edited to allow Admin / primary / power users, whatever you want to call them to change user passwords and VPN passwords without needing to know the initial password (fairly basic admin operations).  Also, stops the enable / disable VPN option from resetting the VPN password to !VPNpass1.  I will also attach them to Techstyle's ticket.

Still working on the actual connection however!

Techstyle

  • Addicted
  • *
  • Posts: 674
    • View Profile
    • Techstyle UK Ltd.
Re: No VPN Connection on 10.04
« Reply #31 on: November 15, 2012, 11:13:16 pm »
Rob,

You may want to go through the ticket and adjust it to what works for you. So far I have not successfully connected

robwoodward75

  • Regular Poster
  • **
  • Posts: 48
    • View Profile
Re: No VPN Connection on 10.04
« Reply #32 on: November 19, 2012, 02:21:21 pm »
Techstyle,

I have attached my latest files to this post which allows for a stable connection from within my network.  i.e. I attach my phone to my wifi, and set 192.168.80.1 as the VPN server.  The connection was stable until I disconnected it.  From outside connecting through my DynDNS account however, I get the following line in the Auth.log:

Code: [Select]
initial Main Mode message received on XXX.XXX.XXX.XXX:500 but no connection has been authorized with policy=PSK

I think this might now be down to Firewall issues (Port 500 udp is open on my Firewall by the way).

Feel free to test and add to if you find anything.  Will try to get around to testing with Firewall turned off, in theory, this should work if all the other settings are correct!

polly

  • Administrator
  • Guru
  • *****
  • Posts: 209
    • View Profile
Re: No VPN Connection on 10.04
« Reply #33 on: November 19, 2012, 04:01:37 pm »
just a hint!
i'm not sure if its really true, but i read that ipsec needs ICMP requests.
ICMP requests must be enabled. Afaik you can ping local but not the external.

Hope this helps....

Cheers,
ochorocho

robwoodward75

  • Regular Poster
  • **
  • Posts: 48
    • View Profile
Re: No VPN Connection on 10.04
« Reply #34 on: November 19, 2012, 04:40:02 pm »
Thanks Polly,

Added ICMP, still the same message in auth.log.


Techstyle

  • Addicted
  • *
  • Posts: 674
    • View Profile
    • Techstyle UK Ltd.
Re: No VPN Connection on 10.04
« Reply #35 on: November 19, 2012, 07:36:32 pm »
Rob,

I have the same message:
Code: [Select]
initial Main Mode message received on XXX.XXX.XXX.XXX:500 but no connection has been authorized with policy=PSK
Even, I believe with the firewall disabled

robwoodward75

  • Regular Poster
  • **
  • Posts: 48
    • View Profile
Re: No VPN Connection on 10.04
« Reply #36 on: November 19, 2012, 09:17:41 pm »
Techstyle,

You're right, I've just confirmed even with the firewall disabled, the same issue / error, so now I'm back to being rather lost!!  interface issue perhaps?!

Very frustrating!!  keep digging!!

pw44

  • Addicted
  • *
  • Posts: 666
    • View Profile
Re: No VPN Connection on 10.04
« Reply #37 on: November 24, 2012, 01:43:13 am »
News about using l2tp and ipsec?
I get a different result, from outside:
Code: [Select]
Nov 23 22:40:09 dcerouter CRON[5524]: pam_unix(cron:session): session closed for user root
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Nov 23 22:40:12 dcerouter pluto[21730]: packet from 187.124.217.240:500: received Vendor ID payload [Dead Peer Detection]
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: responding to Main Mode from unknown peer 187.124.217.240
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: Main mode peer ID is ID_IPV4_ADDR: '187.124.217.240'
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: new NAT mapping for #5, was 187.124.217.240:500, now 187.124.217.240:4500
Nov 23 22:40:12 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Nov 23 22:40:13 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: the peer proposed: 187.15.164.55/32:17/1701 -> 187.124.217.240/32:17/0
Nov 23 22:40:13 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #6: responding to Quick Mode proposal {msgid:6aad2eab}
Nov 23 22:40:13 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #6:     us: 192.168.0.160[+S=C]:17/1701
Nov 23 22:40:13 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #6:   them: 187.124.217.240[+S=C]:17/61362===?
Nov 23 22:40:13 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 23 22:40:13 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 23 22:40:13 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 23 22:40:13 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #6: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x06bdda38 <0x0874effc xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=187.124.217.240:4500 DPD=none}
Nov 23 22:40:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: received Delete SA(0x06bdda38) payload: deleting IPSEC State #6
Nov 23 22:40:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete inbound was too long: 100 > 36
Nov 23 22:40:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete inbound was too long: 100 > 36
Nov 23 22:40:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@192.168.0.160 was too long: 168 > 36
Nov 23 22:40:35 dcerouter pluto[21730]: | raw_eroute result=0
Nov 23 22:40:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: received and ignored informational message
Nov 23 22:40:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240 #5: received Delete SA payload: deleting ISAKMP State #5
Nov 23 22:40:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[3] 187.124.217.240: deleting connection "L2TP-PSK-NAT" instance with peer 187.124.217.240 {isakmp=#0/ipsec=#0}
Nov 23 22:40:35 dcerouter pluto[21730]: packet from 187.124.217.240:4500: received and ignored informational message
Nov 23 22:42:01 dcerouter CRON[8123]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 23 22:42:02 dcerouter CRON[8123]: pam_unix(cron:session): session closed for user root
Any hints?

I'm not willing to use ppp....

sambuca

  • Guru
  • ****
  • Posts: 462
    • View Profile
Re: No VPN Connection on 10.04
« Reply #38 on: November 24, 2012, 01:13:22 pm »
pw44, from the logs it seem like the ipsec connection has been established succesfully, but there are no record of any xl2tpd activity. Are xl2tdp running?

br,
sambuca

pw44

  • Addicted
  • *
  • Posts: 666
    • View Profile
Re: No VPN Connection on 10.04
« Reply #39 on: November 24, 2012, 04:34:47 pm »
Hi Sambuca,
yes, xl2tpd is running.


/var/log/auth.log
Code: [Select]
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: received Vendor ID payload [RFC 3947] method set to=109
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Nov 24 13:29:35 dcerouter pluto[21730]: packet from 186.242.129.142:500: received Vendor ID payload [Dead Peer Detection]
Nov 24 13:29:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: responding to Main Mode from unknown peer 186.242.129.142
Nov 24 13:29:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 24 13:29:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 24 13:29:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
Nov 24 13:29:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 24 13:29:35 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: Main mode peer ID is ID_IPV4_ADDR: '186.242.129.142'
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: new NAT mapping for #18, was 186.242.129.142:500, now 186.242.129.142:4500
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: the peer proposed: 187.15.164.55/32:17/1701 -> 186.242.129.142/32:17/0
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #19: responding to Quick Mode proposal {msgid:0e352bfd}
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #19:     us: 192.168.0.160[+S=C]:17/1701
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #19:   them: 186.242.129.142[+S=C]:17/51077===?
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #19: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #19: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #19: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 24 13:29:36 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #19: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0bfea5b5 <0x46b2c1c7 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=186.242.129.142:4500 DPD=none}
Nov 24 13:29:58 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: received Delete SA(0x0bfea5b5) payload: deleting IPSEC State #19
Nov 24 13:29:58 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete inbound was too long: 100 > 36
Nov 24 13:29:58 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete inbound was too long: 100 > 36
Nov 24 13:29:58 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy unk255.10000@192.168.0.160 was too long: 168 > 36
Nov 24 13:29:58 dcerouter pluto[21730]: | raw_eroute result=0
Nov 24 13:29:58 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: received and ignored informational message
Nov 24 13:29:58 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142 #18: received Delete SA payload: deleting ISAKMP State #18
Nov 24 13:29:58 dcerouter pluto[21730]: "L2TP-PSK-NAT"[9] 186.242.129.142: deleting connection "L2TP-PSK-NAT" instance with peer 186.242.129.142 {isakmp=#0/ipsec=#0}
Nov 24 13:29:58 dcerouter pluto[21730]: packet from 186.242.129.142:4500: received and ignored informational message
Nov 24 13:30:01 dcerouter CRON[28937]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 24 13:30:01 dcerouter CRON[28938]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 24 13:30:01 dcerouter CRON[28939]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 24 13:30:03 dcerouter CRON[28939]: pam_unix(cron:session): session closed for user root
Nov 24 13:30:03 dcerouter CRON[28938]: pam_unix(cron:session): session closed for user root
Nov 24 13:30:10 dcerouter CRON[28937]: pam_unix(cron:session): session closed for user root

dcerouter_1031272:/var/log# ps ax | grep xl2
11310 pts/33   S+     0:00 grep --color=auto xl2
23156 ?        Ss     0:00 /usr/sbin/xl2tpd


/var/log/syslog (x2ltpd)
Code: [Select]
Nov 24 13:29:38 dcerouter xl2tpd[23156]: control_finish: Peer requested tunnel 17 twice, ignoring second one.
Nov 24 13:29:43 dcerouter xl2tpd[23156]: last message repeated 2 times
Nov 24 13:29:43 dcerouter xl2tpd[23156]: Maximum retries exceeded for tunnel 40741.  Closing.
Nov 24 13:29:48 dcerouter xl2tpd[23156]: control_finish: Peer requested tunnel 17 twice, ignoring second one.
Nov 24 13:29:48 dcerouter xl2tpd[23156]: Connection 17 closed to 186.242.129.142, port 51077 (Timeout)
Nov 24 13:29:52 dcerouter xl2tpd[23156]: control_finish: Peer requested tunnel 17 twice, ignoring second one.
Nov 24 13:29:53 dcerouter xl2tpd[23156]: Unable to deliver closing message for tunnel 40741. Destroying anyway.
Nov 24 13:29:57 dcerouter xl2tpd[23156]: control_finish: Peer requested tunnel 17 twice, ignoring second one.

Did recheck the configs, but is not working....

pw44

  • Addicted
  • *
  • Posts: 666
    • View Profile
Re: No VPN Connection on 10.04
« Reply #40 on: November 27, 2012, 10:14:13 pm »
Any hints? Anyone have it working? TIA!

sambuca

  • Guru
  • ****
  • Posts: 462
    • View Profile
Re: No VPN Connection on 10.04
« Reply #41 on: November 28, 2012, 07:26:28 am »
From auth.log I can see that the ipsec connection has been established. But I see no record of the connection part of xl2tpd/pppd in syslog. Are you sure you have copied enough of the log?

br,
sambuca

polly

  • Administrator
  • Guru
  • *****
  • Posts: 209
    • View Profile
Re: No VPN Connection on 10.04
« Reply #42 on: November 28, 2012, 12:19:14 pm »
pw44, vpn on my core is working as long as the dynamic ip gets updated.... :-/

it still needs some testing, i had some trouble connecting a second time ...
i got disconnected....

i'll do some more tests. For me its working, but its not reliable....
I will do further tests! ... This may take its time.

Cheers,
ochorocho

pw44

  • Addicted
  • *
  • Posts: 666
    • View Profile
Re: No VPN Connection on 10.04
« Reply #43 on: November 28, 2012, 09:03:22 pm »
@Sambuca: yes, all the xl2tpd log is there.

Code: [Select]
dcerouter_1031272:/etc/fail2ban/action.d# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.23/K2.6.32-42-generic (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Pluto listening for IKE on udp 500                              [OK]
Pluto listening for NAT-T on udp 4500                           [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                             
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

Code: [Select]
dcerouter_1031272:/home/cameras# grep pppd /var/log/syslog*
dcerouter_1031272:/home/cameras# grep xl2tpd /var/log/syslog*
/var/log/syslog.1:Nov 27 12:47:04 dcerouter xl2tpd[6009]: control_finish: Peer requested tunnel 23 twice, ignoring second one.
/var/log/syslog.1:Nov 27 12:47:04 dcerouter xl2tpd[6009]: control_finish: Peer requested tunnel 23 twice, ignoring second one.
/var/log/syslog.1:Nov 27 12:47:09 dcerouter xl2tpd[6009]: Maximum retries exceeded for tunnel 34456.  Closing.
/var/log/syslog.1:Nov 27 12:47:10 dcerouter xl2tpd[6009]: control_finish: Peer requested tunnel 23 twice, ignoring second one.
/var/log/syslog.1:Nov 27 12:47:10 dcerouter xl2tpd[6009]: Connection 23 closed to 186.242.246.139, port 56213 (Timeout)
/var/log/syslog.1:Nov 27 12:47:14 dcerouter xl2tpd[6009]: control_finish: Peer requested tunnel 23 twice, ignoring second one.
/var/log/syslog.1:Nov 27 12:47:15 dcerouter xl2tpd[6009]: Unable to deliver closing message for tunnel 34456. Destroying anyway.
/var/log/syslog.1:Nov 27 12:47:18 dcerouter xl2tpd[6009]: control_finish: Peer requested tunnel 23 twice, ignoring second one.
/var/log/syslog.1:Nov 27 12:47:28 dcerouter xl2tpd[6009]: Maximum retries exceeded for tunnel 3240.  Closing.

@polly: i did read about dpd (dead peer detection). I guess this will solve the second time....
Would you share your config file with me (changed passwords and secrets, of course)?

Anyway, i'm reading, trying but am not able to get x2tpd right.

TIA
« Last Edit: November 28, 2012, 09:08:24 pm by pw44 »

polly

  • Administrator
  • Guru
  • *****
  • Posts: 209
    • View Profile
Re: No VPN Connection on 10.04
« Reply #44 on: November 28, 2012, 11:54:29 pm »
### EDIT: SORRY TO EARLY ... as usual, after connecting several times it stopped working again ....


hey......

here is my config:

http://dokuwiki.knallimall.org/de/linuxmce_ipsec_working

pw44, "dead peer connection" was the key!!! thx a lot....
you should click on the "update" button in network settings, i guess  to update the network config. Make also sure you updated linuxMCE to the most recent version coz' sambuca added a few changes regarding config using lmce-admin done by robwoodward75.

hope this helps!

Cheers,
ochorocho
« Last Edit: November 29, 2012, 12:09:27 am by polly »