7915 questions

9343 answers

15052 comments

12860 members

0 votes
4,629 views 3 comments
by

Hello Together

I try to establish a VPN connection to the RUT955. Test-wise with PPTP, desired later L2TP/IPSEC. Unfortunately, after various attempts at reset, I can't get any further. The VPN connection should give us access to the router and connected devices. What Works:

- Remote access to the management interface via a Dynaddress

- The VPN connection can be established. However, it ends with timeout (Windows Error 829)

- The newest Firmware is installed

-> Can someone tell me how to log the PPTP connection via CLI? Or even better, where is my mistake?

Thanks a Lot

Pictures and Event Log from Windows:

Log 1:
CoID={BF7E2222-ED3C-46D1-8378-EF38AB277FC9}: Der Benutzer "SYSTEM" hat eine VPN-Verbindung mit einem per-user-Verbindungsprofil mit dem Namen "RUT" angewählt. Die Verbindungseinstellungen lauten:
Dial-in User = XXX
VpnStrategy = PPTP
DataEncryption = Requested
PrerequisiteEntry =
AutoLogon = No
UseRasCredentials = Yes
Authentication Type = PAP/CHAP/MS-CHAPv2
Ipv4DefaultGateway = Yes
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
Ipv6DefaultGateway = Yes
Ipv6AddressAssignment = By Server
Ipv6DNSServerAssignment = By Server
IpDnsFlags =
IpNBTEnabled = Yes
UseFlags = Private Connection
ConnectOnWinlogon = No.

Log 2:
CoID={BF7E2222-ED3C-46D1-8378-EF38AB277FC9}: Der Benutzer "SYSTEM" versucht, eine Verbindung zum RAS-Server für die Verbindung mit dem Namen "RUT" mit dem folgenden Gerät herzustellen:
Server address/Phone Number = XXXX
Device = WAN Miniport (PPTP)
Port = VPN4-1
MediaType = VPN.

Log 3:
CoID={BF7E2222-ED3C-46D1-8378-EF38AB277FC9}: Der Benutzer "SYSTEM" hat eine Verbindung mit dem RAS-Server hergestellt, verwendet wurde das Gerät: "
Server address/Phone Number = XXXX
Device = WAN Miniport (PPTP)
Port = VPN4-1
MediaType = VPN".

Log 4:
CoID={BF7E2222-ED3C-46D1-8378-EF38AB277FC9}: Der Benutzer "XXX" hat eine Verbindung mit dem Namen "RUT" gewählt, die Verbindung wurde jedoch getrennt. Der bei der Trennung zurückgegebene Ursachencode lautet: 829. -> Time Out

by

And the cli log with logread -f



Sun Jul 7 11:18:22 2019 daemon.info pptpd[7877]: CTRL: Client 212.203.51.76 control connection started
Sun Jul 7 11:18:22 2019 daemon.info pptpd[7877]: CTRL: Starting call (launching pppd, opening GRE)
Sun Jul 7 11:18:22 2019 daemon.notice pppd[7878]: pppd 2.4.7 started by root, uid 0
Sun Jul 7 11:18:22 2019 daemon.info pppd[7878]: Using interface pptp0
Sun Jul 7 11:18:22 2019 daemon.notice pppd[7878]: Connect: pptp0 <--> /dev/pts/2
Sun Jul 7 11:18:22 2019 kern.info kernel: [ 493.900000] pptp0: renamed from ppp0
Sun Jul 7 11:18:52 2019 daemon.notice pppd[7878]: Modem hangup
Sun Jul 7 11:18:52 2019 daemon.info pppd[7878]: Exit.
Sun Jul 7 11:18:52 2019 daemon.err pptpd[7877]: GRE: read(fd=6,buffer=41ec5c,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination o
f pppd, check option syntax and pppd logs
Sun Jul 7 11:18:52 2019 daemon.err pptpd[7877]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Sun Jul 7 11:18:52 2019 daemon.debug pptpd[7877]: CTRL: Reaping child PPP[7878]
Sun Jul 7 11:18:52 2019 daemon.info pptpd[7877]: CTRL: Client 212.203.51.76 control connection finished
Sun Jul 7 11:18:52 2019 daemon.err pptpd[7877]: CTRL: Couldn't write packet to client.

3 Answers

0 votes
by
Are you trying to connect to the DDNS name or the IP adres?
by

Yes, i use the dyndns Adress, but the same issue with IP Adress....

By the way, the home network era is located behind a Carrier Double NAT....

Windows Log:

Log 1:  CoID={651C8CE2-9ADD-4B0F-B890-D1306C1709D2}: Die Verbindung mit dem RAS-Server wurde von Benutzer "SYSTEM" hergestellt. 08.07.2019 19:16:55

Log 2:  CoID={651C8CE2-9ADD-4B0F-B890-D1306C1709D2}: Der Benutzer "SPECTRE-X360\XXXX" hat eine Verbindung mit dem Namen "RUT" gewählt, die Verbindung wurde jedoch getrennt. Der bei der Trennung zurückgegebene Ursachencode lautet: 829. 08.07.2019 19:17:26

CLI Log:



Mon Jul 8 19:16:55 2019 daemon.info pptpd[25051]: CTRL: Client 212.203.51.63 control connection started
Mon Jul 8 19:16:55 2019 daemon.info pptpd[25051]: CTRL: Starting call (launching pppd, opening GRE)
Mon Jul 8 19:16:55 2019 daemon.notice pppd[25052]: pppd 2.4.7 started by root, uid 0
Mon Jul 8 19:16:55 2019 daemon.info pppd[25052]: Using interface pptp0
Mon Jul 8 19:16:55 2019 daemon.notice pppd[25052]: Connect: pptp0 <--> /dev/pts/1
Mon Jul 8 19:16:55 2019 kern.info kernel: [ 5158.930000] pptp0: renamed from ppp0
Mon Jul 8 19:17:25 2019 daemon.notice pppd[25052]: Modem hangup
Mon Jul 8 19:17:25 2019 daemon.info pppd[25052]: Exit.
Mon Jul 8 19:17:25 2019 daemon.err pptpd[25051]: GRE: read(fd=6,buffer=41ec5c,len=8196) from PTY failed
: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option
syntax and pppd logs
Mon Jul 8 19:17:25 2019 daemon.err pptpd[25051]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Mon Jul 8 19:17:25 2019 daemon.debug pptpd[25051]: CTRL: Reaping child PPP[25052]
Mon Jul 8 19:17:25 2019 daemon.info pptpd[25051]: CTRL: Client 212.203.51.63 control connection finishe
d
Mon Jul 8 19:17:25 2019 daemon.err pptpd[25051]: CTRL: Couldn't write packet to client.
0 votes
by
Hello everyone

Apparently there is no solution to my problem. In my opinion, it is not possible to connect to PPTP or L2TP/IPSEC via a carrier NAT....

Friendly greetings
0 votes
by

Hi,

I have been trying to get L2TP/IPSEC Client working from Windows 10 to my RUT950 (Server) using the latest FW (RUT9XX_R_00.06.04.5) but it fails to connect.

I am sure it used to work (according to my config/test notes on earlier release of FW ver.: RUT9XX_R_00.05.01.5)

I think that the IPSEC is connecting OK but for some reason the L2TP Account is not being found. Extract From the System Log:


Thu Sep 19 15:40:35 2019 daemon.debug xl2tpd[13673]: "/etc/ppp/options.xl2tpd"

Thu Sep 19 15:40:35 2019 daemon.notice xl2tpd[13673]: Call established with 192.168.0.21, PID: 14011, Local: 63328, Remote: 1, Serial: 0

Thu Sep 19 15:40:35 2019 daemon.info pppd[14011]: Plugin pppol2tp.so loaded.

Thu Sep 19 15:40:35 2019 daemon.err xl2tpd[13673]: /usr/sbin/pppd: The remote system is required to authenticate itself

Thu Sep 19 15:40:35 2019 daemon.err pppd[14011]: The remote system is required to authenticate itself

Thu Sep 19 15:40:35 2019 daemon.err xl2tpd[13673]: /usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so.

Thu Sep 19 15:40:35 2019 daemon.err pppd[14011]: but I couldn't find any suitable secret (password) for it to use to do so.

Thu Sep 19 15:40:35 2019 daemon.debug xl2tpd[13673]: child_handler : pppd exited for call 1 with code 1

Thu Sep 19 15:40:35 2019 daemon.info xl2tpd[13673]: call_close: Call 63328 to 192.168.0.21 disconnected


If I look at the process started by L2TP using 'ps'

11647 root       860 S    /usr/sbin/xl2tpd -D -l -p /var/run/xl2tpd.pid -c /var/etc/xl2tpd.conf

then I can see that /var/etc/xl2tpd.conf contains reference to  "auth file = /etc/xl2tpd/xl2tp-secrets"

But this this file is not being  updated when creating the L2TP accounts. 

Unfortunately, adding them manually to /etc/xl2tpd/xl2tp-secrets does not work either.

It seems to me that L2TP implementation is broken in this firmware.

by

After restoring the rut950 to Factory Defaults and configuring the L2TP/IPSEC from scratch it is working with RUT9XX_R_00.06.04.5 and Windows 10 Client.

So maybe it was an issue migrating the FW and uploading the older config file from 5.01.5

PS. No idea how these config files are working as the xl2tpd.conf now points to auth =  /tmp/etc/xl2tp-secrets (which does not exist).