[Openswan Users] Ubuntu 10 -> OSX 10.6.4
Paul Wouters
paul at xelerance.com
Tue Mar 8 23:16:31 EST 2011
On Tue, 8 Mar 2011, Turbo Fredriksson wrote:
> Mar 8 11:03:13 JeOS xl2tpd[10738]: xl2tpd version xl2tpd-1.2.6
Use 1.2.8. From the changelog:
v1.2.8
* Makefile: fix compilation with --as-needed linker flag [Vladimir V. Kamarzin]
* Workaround for apple clients missing htons() [Brian Mastenbrook]
* Log destination ip and port in case of send failure [Mika Ilmaranta]
* Added Default-Stop: to fedora initscript [Paul]
* Bug tracker bugs fixed:
#1078 xl2tpd doesn't pass 'ipparam' to pppd and pppd won't get
client ip (Xiaoguang WANG)
v1.2.7
* Reduce time in signal handlers where we cannot log [Shinichi Furuso]
* Add rx/tx bps speed setting options [Tony Hoyle]
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578070)
* Rename FFLAGS to IPFLAGS to avoid clashing on debian [Paul]
* spelling fix (dont -> don't) [Paul]
Also please use an explcit listen-addr and not depend on "any" to ensure
return packets are getting the proper source IP.
Paul
> Mar 8 11:03:13 JeOS xl2tpd[10738]: Written by Mark Spencer, Copyright
> (C) 1998, Adtran, Inc.
> Mar 8 11:03:13 JeOS xl2tpd[10738]: Forked by Scott Balmos and David
> Stipp, (C) 2001
> Mar 8 11:03:13 JeOS xl2tpd[10738]: Inherited by Jeff McAdams, (C) 2002
> Mar 8 11:03:13 JeOS xl2tpd[10738]: Forked again by Xelerance (www.xelerance.com
> ) (C) 2006
> Mar 8 11:03:13 JeOS xl2tpd[10738]: Listening on IP address 0.0.0.0,
> port 1701
> Mar 8 11:03:24 JeOS xl2tpd[10738]: get_call: allocating new tunnel
> for host COMPANY_IP, port 1701.
> Mar 8 11:03:24 JeOS xl2tpd[10738]: Connecting to host COMPANY_IP,
> port 1701
> Mar 8 11:03:24 JeOS xl2tpd[10738]: control_finish: message type is
> (null)(0). Tunnel is 0, call is 0.
> Mar 8 11:03:24 JeOS xl2tpd[10738]: control_finish: sending SCCRQ
> Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 60, tunnel = 59268, call = 0 ref=0 refhim=0
> Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: message type is
> Start-Control-Connection-Reply(2). Tunnel is 950, call is 0.
> Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: sending SCCCN
> Mar 8 11:03:25 JeOS xl2tpd[10738]: Connection established to
> COMPANY_IP, 1701. Local: 59268, Remote: 950 (ref=0/0).
> Mar 8 11:03:25 JeOS xl2tpd[10738]: Calling on tunnel 59268
> Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: message type is
> (null)(0). Tunnel is 950, call is 0.
> Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: sending ICRQ
> Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 28, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: message type is
> Incoming-Call-Reply(11). Tunnel is 950, call is 31435.
> Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: Sending ICCN
> Mar 8 11:03:25 JeOS xl2tpd[10738]: Call established with COMPANY_IP,
> Local: 39805, Remote: 31435, Serial: 1 (ref=0/0)
> Mar 8 11:03:25 JeOS xl2tpd[10738]: start_pppd: I'm running:
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "/usr/sbin/pppd"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "passive"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "nodetach"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "refuse-pap"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "auth"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "require-chap"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "name"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "turbof"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "debug"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "file"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "/etc/ppp/options.l2tpd.client"
> Mar 8 11:03:25 JeOS xl2tpd[10738]: "/dev/pts/2"
> Mar 8 11:03:25 JeOS pppd[10739]: pppd 2.4.5 started by root, uid 0
> Mar 8 11:03:25 JeOS pppd[10739]: using channel 5
> Mar 8 11:03:25 JeOS pppd[10739]: Using interface ppp0
> Mar 8 11:03:25 JeOS pppd[10739]: Connect: ppp0 <--> /dev/pts/2
> Mar 8 11:03:25 JeOS pppd[10739]: sent [LCP ConfReq id=0x1 <mru 1410>
> <asyncmap 0x0> <magic 0x115f4ab4> <pcomp> <accomp>]
> Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 37, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 36, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:25 JeOS pppd[10739]: rcvd [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth chap MS-v2> <magic 0x7b9130eb> <pcomp> <accomp>]
> Mar 8 11:03:25 JeOS pppd[10739]: sent [LCP ConfAck id=0x1 <asyncmap
> 0x0> <auth chap MS-v2> <magic 0x7b9130eb> <pcomp> <accomp>]
> Mar 8 11:03:25 JeOS pppd[10739]: rcvd [LCP ConfAck id=0x1 <mru 1410>
> <asyncmap 0x0> <magic 0x115f4ab4> <pcomp> <accomp>]
> Mar 8 11:03:25 JeOS pppd[10739]: sent [LCP EchoReq id=0x0
> magic=0x115f4ab4]
> Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 12, tunnel = 59268, call = 0 ref=0 refhim=0
> Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 49, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:25 JeOS pppd[10739]: rcvd [LCP EchoReq id=0x0
> magic=0x7b9130eb]
> Mar 8 11:03:25 JeOS pppd[10739]: sent [LCP EchoRep id=0x0
> magic=0x115f4ab4]
> Mar 8 11:03:25 JeOS pppd[10739]: rcvd [CHAP Challenge id=0x27
> <3c514c4f68796a0071464b6f3d2e1d15>, name = ""]
> Mar 8 11:03:25 JeOS pppd[10739]: sent [CHAP Response id=0x27
> <
> 40c9cf21c31749908d961fb6f3b0372c0000000000000000e219acf6f3f62d7cc0c9d6717cc5e2c2bbf6eca30501162600
> >, name = "turbof"]
> Mar 8 11:03:25 JeOS pppd[10739]: rcvd [LCP EchoRep id=0x0
> magic=0x7b9130eb]
> Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: select timeout
> Mar 8 11:03:27 JeOS xl2tpd[10738]: last message repeated 2 times
> Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 73, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:27 JeOS pppd[10739]: rcvd [CHAP Success id=0x27
> "S=B4BDDFBB1AE0F82BD0A22F1EE6CD0A53C8700412 M=Access granted"]
> Mar 8 11:03:27 JeOS pppd[10739]: CHAP authentication succeeded
> Mar 8 11:03:27 JeOS pppd[10739]: sent [IPCP ConfReq id=0x1 <compress
> VJ 0f 01> <addr 0.0.0.0>]
> Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 14, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:27 JeOS pppd[10739]: rcvd [IPCP ConfReq id=0x1 <addr
> COMPANY_IP>]
> Mar 8 11:03:27 JeOS pppd[10739]: sent [IPCP ConfAck id=0x1 <addr
> COMPANY_IP>]
> Mar 8 11:03:27 JeOS pppd[10739]: rcvd [proto=0x8235] 01 01 00 04
> Mar 8 11:03:27 JeOS pppd[10739]: Unsupported protocol 'Apple Client
> Server Protocol Control' (0x8235) received
> Mar 8 11:03:27 JeOS pppd[10739]: sent [LCP ProtRej id=0x2 82 35 01 01
> 00 04]
> Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:27 JeOS pppd[10739]: rcvd [IPCP ConfRej id=0x1 <compress
> VJ 0f 01>]
> Mar 8 11:03:27 JeOS pppd[10739]: sent [IPCP ConfReq id=0x2 <addr
> 0.0.0.0>]
> Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:27 JeOS pppd[10739]: rcvd [IPCP ConfNak id=0x2 <addr
> 10.0.0.74>]
> Mar 8 11:03:27 JeOS pppd[10739]: sent [IPCP ConfReq id=0x3 <addr
> 10.0.0.74>]
> Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
> COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
> Mar 8 11:03:27 JeOS pppd[10739]: rcvd [IPCP ConfAck id=0x3 <addr
> 10.0.0.74>]
> Mar 8 11:03:27 JeOS pppd[10739]: Cannot determine ethernet address
> for proxy ARP
> Mar 8 11:03:27 JeOS pppd[10739]: local IP address 10.0.0.74
> Mar 8 11:03:27 JeOS pppd[10739]: remote IP address COMPANY_IP
> Mar 8 11:03:27 JeOS pppd[10739]: Script /etc/ppp/ip-up started (pid
> 10742)
> Mar 8 11:03:27 JeOS pppd[10739]: Script /etc/ppp/ip-up finished (pid
> 10742), status = 0x0
> Mar 8 11:03:55 JeOS pppd[10739]: sent [LCP EchoReq id=0x1
> magic=0x115f4ab4]
> ----- s n i p -----
>
>
> What just dawned on me is that remote address is COMPANY_IP, i.e., the
> external, live IP. Not one in the 10.0.0.0/24 net I should get...
>
>
>>> ----- s n i p -----
>>> Mar 4 15:04:07 JeOS pppd[1020]: Cannot determine ethernet address
>>> for proxy ARP
>>> Mar 4 15:04:07 JeOS pppd[1020]: local IP address 10.0.0.53
>>> Mar 4 15:04:07 JeOS pppd[1020]: remote IP address<COMPANY_SERVER_IP>
>>> Mar 4 15:04:07 JeOS pppd[1020]: Script /etc/ppp/ip-up started (pid
>>> 1025)
>>> Mar 4 15:04:07 JeOS pppd[1020]: Script /etc/ppp/ip-up finished
>>> (pid 1025), status = 0x0
>>> Mar 4 15:04:35 JeOS pppd[1020]: sent [LCP EchoReq id=0x1
>>> magic=0xade7ef41]
>>> Mar 4 15:05:06 JeOS pppd[1020]: sent [LCP EchoReq id=0x2
>>> magic=0xade7ef41]
>>> Mar 4 15:05:36 JeOS pppd[1020]: sent [LCP EchoReq id=0x3
>>> magic=0xade7ef41]
>>> Mar 4 15:06:06 JeOS pppd[1020]: sent [LCP EchoReq id=0x4
>>> magic=0xade7ef41]
>>> Mar 4 15:06:36 JeOS pppd[1020]: No response to 4 echo-requests
>>
>> This looks very strange. I wonder if ppp-negotation was really
>> successful.
>
> It did say 'CHAP authentication succeeded'... Is it pppd or xl2tpd
> that should
> do the auth? I can't seem to get xl2tpd to do a CHAP auth...
>
> These are my xl2tpd.conf and options.l2tpd.client files:
>
> ----- s n i p -----
> [global]
> auth file = /etc/xl2tpd/l2tp-secrets
> ipsec saref = yes
> debug network = yes
> debug packet = yes
> debug state = yes
> debug tunnel = yes
>
> [lac COMPANY]
> lns = COMPANY_IP
> ;
> require chap = yes
> refuse pap = yes
> require authentication = yes
> ; Name should be the same as the username in the PPP authentication!
> name = turbof
> ;
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd.client
> length bit = yes
> ----- s n i p -----
>
>
> ----- s n i p -----
> ipcp-accept-local
> ipcp-accept-remote
> refuse-chap
> refuse-pap
> refuse-eap
> require-mschap-v2
> noccp
> noauth
> crtscts
> idle 1800
> mtu 1410
> mru 1410
> nodefaultroute
> debug
> lock
> connect-delay 5000
> lcp-echo-interval 30
> lcp-echo-failure 0
> ----- s n i p -----
>
> THe pppd auth will still happen even if I comment the refuse-* and
> require* stuff in the options file, so I've forgot what I did to
> make pppd do the auth :).
>
> But what DID happen was that xl2tpd couldn't find a suitable auth
> mechanism...
>
> --
> Try not. Do. Or do not. There is no try!
> - Yoda
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list