Open pwmorreale opened 10 years ago
simondeziel
commented
10 years ago Hi,
On 14-01-30 07:23 PM, pwmorreale wrote:
[lns default] ip range = 10.199.199.129-10.199.199.149 local ip = 10.255.255.0
This .0 local IP is suspicious at best. Did you try setting it to .1 ?
Regards, Simon
pwmorreale
commented
10 years ago Simon,
Thanks for the quick reply. I've give that a whirl.
Is this the best place for such questions? (Kinda new at this)
Thanks -PWM
On Thu, Jan 30, 2014 at 5:34 PM, Simon Deziel notifications@github.comwrote:
Hi,
On 14-01-30 07:23 PM, pwmorreale wrote:
[lns default] ip range = 10.199.199.129-10.199.199.149 local ip = 10.255.255.0
This .0 local IP is suspicious at best. Did you try setting it to .1 ?
Regards, Simon
Reply to this email directly or view it on GitHubhttps://github.com/xelerance/xl2tpd/issues/38#issuecomment-33751255 .
HouzuoGuo
commented
10 years ago I have experienced similar issue with two clients (Android, OSX) behind same NAT, it appears to be an incapability of StrongSwan to handle the scenario.
Hi all,
I'm trying to set up a VPN server on a Debian box and things are failing when I try to establish more than one connection.
I'm relatively new to this, so please pardon I seem a little confused. Mostly I am...
what I have is:
ppp 2.4.5-4 xl2tpd 1.2.7 kernel 3.3.8-1
I'm using ipsec with psk's for the clients. The two clients I'm trying to connect are Windows XP SP3.
The basic problem is that the first XP box will always connect successfully, however the second one always fails with a '629' error. Looking at /var/log/messages, the second ppp daemon fails when setting the netmask or the local ip addr for the device. (logs below.)
It doesn't matter which XP box I use first, the second one always fails.
Configs follow:
root@host1:/home/# more /etc/xl2tpd/xl2tpd.conf [global] listen-addr = 192.168.44.1
[lns default] ip range = 10.199.199.129-10.199.199.149 local ip = 10.255.255.0 refuse pap = yes require authentication = yes name = L2TPServer ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
And for ppp:
root@host1:/etc/ppp# more /etc/ppp/options.xl2tpd name xl2tpd ipparam l2tp ipcp-accept-local ipcp-accept-remote noccp auth crtscts idle 1800 nodefaultroute debug lock proxyarp connect-delay 5000
Here are the relevant portions of var/log/messages after two connection attempts:
Jan 31 00:01:39 host1 pluto[2993]: packet from 192.168.44.2:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Jan 31 00:01:39 host1 pluto[2993]: packet from 192.168.44.2:500: ignoring Vendor ID payload [FRAGMENTATION] Jan 31 00:01:39 host1 pluto[2993]: packet from 192.168.44.2:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Jan 31 00:01:39 host1 pluto[2993]: packet from 192.168.44.2:500: ignoring Vendor ID payload [Vid-Initial-Contact] Jan 31 00:01:39 host1 pluto[2993]: "remote-access-mac-zzz"[1] 192.168.44.2 #1: responding to Main Mode from unknown peer 192.168.44.2 Jan 31 00:01:39 host1 pluto[2993]: "remote-access-mac-zzz"[1] 192.168.44.2 #1: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP_2048] refused due to strict flag Jan 31 00:01:39 host1 pluto[2993]: "remote-access-mac-zzz"[1] 192.168.44.2 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected Jan 31 00:01:39 host1 pluto[2993]: "remote-access-mac-zzz"[1] 192.168.44.2 #1: Peer ID is ID_IPV4_ADDR: '192.168.44.2' Jan 31 00:01:39 host1 pluto[2993]: "remote-access-mac-zzz"[1] 192.168.44.2 #1: sent MR3, ISAKMP SA established Jan 31 00:01:39 host1 pluto[2993]: "remote-access-mac-zzz"[1] 192.168.44.2 #2: IPSec Transform [3DES_CBC (192), HMAC_MD5] refused due to strict flag Jan 31 00:01:39 host1 pluto[2993]: "remote-access-mac-zzz"[1] 192.168.44.2 #2: responding to Quick Mode Jan 31 00:01:39 host1 pluto[2993]: "remote-access-mac-zzz"[1] 192.168.44.2 #2: IPsec SA established {ESP=>0x961d3916 <0xc3dca223} Jan 31 00:01:41 host1 xl2tpd[3067]: Connection established to 192.168.44.2, 1701. Local: 35608, Remote: 35 (ref=0/0). LNS session is 'default' Jan 31 00:01:41 host1 xl2tpd[3067]: Call established with 192.168.44.2, Local: 5290, Remote: 1, Serial: 0 Jan 31 00:01:41 host1 pppd[3477]: pppd 2.4.4 started by root, uid 0 Jan 31 00:01:41 host1 pppd[3477]: Connect: ppp0 <--> /dev/pts/1 Jan 31 00:01:43 host1 pppd[3477]: Unsupported protocol 'Compression Control Protocol' (0x80fd) received Jan 31 00:01:43 host1 pppd[3477]: Cannot determine ethernet address for proxy ARP Jan 31 00:01:43 host1 pppd[3477]: local IP address 10.255.255.0 Jan 31 00:01:43 host1 pppd[3477]: remote IP address 10.199.199.129 Jan 31 00:01:49 host1 pluto[2993]: packet from 192.168.44.3:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Jan 31 00:01:49 host1 pluto[2993]: packet from 192.168.44.3:500: ignoring Vendor ID payload [FRAGMENTATION] Jan 31 00:01:49 host1 pluto[2993]: packet from 192.168.44.3:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Jan 31 00:01:49 host1 pluto[2993]: packet from 192.168.44.3:500: ignoring Vendor ID payload [Vid-Initial-Contact] Jan 31 00:01:49 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #3: responding to Main Mode from unknown peer 192.168.44.3 Jan 31 00:01:49 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #3: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP_2048] refused due to strict flag Jan 31 00:01:49 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected Jan 31 00:01:49 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #3: Peer ID is ID_IPV4_ADDR: '192.168.44.3' Jan 31 00:01:49 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #3: sent MR3, ISAKMP SA established Jan 31 00:01:49 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #4: IPSec Transform [3DES_CBC (192), HMAC_MD5] refused due to strict flag Jan 31 00:01:49 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #4: responding to Quick Mode Jan 31 00:01:49 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #4: IPsec SA established {ESP=>0x189bec66 <0xcb80ce75} Jan 31 00:01:51 host1 xl2tpd[3067]: Connection established to 192.168.44.3, 1701. Local: 28279, Remote: 66 (ref=0/0). LNS session is 'default' Jan 31 00:01:51 host1 xl2tpd[3067]: Call established with 192.168.44.3, Local: 30495, Remote: 1, Serial: 0 Jan 31 00:01:51 host1 pppd[3575]: pppd 2.4.4 started by root, uid 0 Jan 31 00:01:51 host1 pppd[3575]: Connect: ppp1 <--> /dev/pts/2 Jan 31 00:01:54 host1 pppd[3575]: Unsupported protocol 'Compression Control Protocol' (0x80fd) received Jan 31 00:01:54 host1 pppd[3575]: ioctl(SIOCSIFDSTADDR): Cannot assign requested address (line 2445) Jan 31 00:01:54 host1 pppd[3575]: Interface configuration failed Jan 31 00:01:54 host1 pppd[3575]: Modem hangup Jan 31 00:01:54 host1 pppd[3575]: Connection terminated: no multilink. Jan 31 00:01:54 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #3: received Delete SA(0x189bec66) payload: deleting IPSEC State #4 Jan 31 00:01:54 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3 #3: received Delete SA payload: deleting ISAKMP State #3 Jan 31 00:01:54 host1 pluto[2993]: "remote-access-mac-zzz"[2] 192.168.44.3: deleting connection "remote-access-mac-zzz" instance with peer 192.168.44.3 {isakmp=#0/ipsec=#0}
Would greatly appreciate any insight on how to make this work.
Thanks -PWM