Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 05 December 2024, 01:31:37 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  VPN Beta Testers Needed
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: 1 [2] 3 Go Down Print
Author Topic: VPN Beta Testers Needed  (Read 122608 times)
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #15 on: Wednesday 18 September 2013, 01:30:42 am »

uauh! this seems very interesting! is it compatible with ALL versione of Endian 2.5 ?
thanks
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #16 on: Wednesday 18 September 2013, 01:47:04 am »

I replay to myself: it doesn't work with 2.5.2

Code:
Traceback (most recent call last):
  File "/usr/bin/smart", line 200, in ?
    main(sys.argv[1:])
  File "/usr/bin/smart", line 173, in main
    exitcode = iface.run(opts.command, opts.argv)
  File "/usr/lib/python2.4/site-packages/smart/interface.py", line 53, in run
    result = _command.main(self._ctrl, opts)
  File "/usr/lib/python2.4/site-packages/smart/commands/update.py", line 81, in main
    ctrl.reloadChannels()
  File "/usr/lib/python2.4/site-packages/smart/control.py", line 388, in reloadChannels
    if not channel.fetch(self._fetcher, progress):
  File "/usr/lib/python2.4/site-packages/smart/channels/rpm_md.py", line 287, in fetch
    fetcher.run(progress=progress)
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 201, in run
    self.runLocal()
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 182, in runLocal
    handler.runLocal()
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 750, in runLocal
    if not valid and fetcher.validate(item, localpath):
  File "/usr/lib/python2.4/site-packages/smart/fetcher.py", line 408, in validate
    from smart.util.sha256 import sha256
ImportError: No module named sha256
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #17 on: Wednesday 18 September 2013, 07:33:52 pm »

it seems ok with Windows 7, with Windows XP I've 789 error: "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiantions with the remote computer"
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #18 on: Thursday 19 September 2013, 02:33:28 am »

Are you connecting to the firewall or to a server behind the firewall?
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #19 on: Thursday 19 September 2013, 03:55:04 am »

I installed ossw-l2tp and trying to connect to EFW
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #20 on: Thursday 19 September 2013, 07:02:01 am »

Did you install 2.52?  I have mine running connecting to a windows server behind the firewall.  I had a lot of problems with Endian itself.  Did you say Windows 7 is connecting but xp is not?  Did you make the changes in the registry for L2TP in the Windows XP machine?
Logged
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #21 on: Thursday 19 September 2013, 08:33:40 am »

I've EFW 2.5.1, ossw repository is not compatible with 2.5.2
I've not made changes in XP registry, what I have to do? thanks
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #22 on: Thursday 19 September 2013, 05:29:28 pm »

iPad works too
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #23 on: Thursday 19 September 2013, 05:37:22 pm »

yeahhhhhhh it works!!!
I downloaded DrayTek Smart VPN Client that modify registry for me, and now with XP I can connect
awesome!
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #24 on: Thursday 19 September 2013, 07:38:05 pm »

unbelievable....

now I try to configure a net-to-net ipsec VPN, but I've same error of sota:

Code:
Sep 19 11:35:27 ipsec_starter[13899] Starting strongSwan 4.6.4 IPsec [starter]...
Sep 19 11:35:27 ipsec_starter[13899] # duplicate 'rightsubnet' option
Sep 19 11:35:27 ipsec_starter[13899] bad argument value in conn 'SNAM-nat'
Sep 19 11:35:27 ipsec_starter[13899] ### 1 parsing error (1 fatal) ###
Sep 19 11:35:27 ipsec_starter[13899] unable to start strongSwan -- fatal errors in config

but I don't understand how apply the patch
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #25 on: Thursday 19 September 2013, 10:01:40 pm »

maybe I solved.... in case later I post the solution Smiley
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #26 on: Friday 20 September 2013, 01:19:36 am »

if I add more then 1 user in L2TP users (https://ip:10443/cgi-bin/vpn_users.cgi) layout goes wrong
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #27 on: Saturday 21 September 2013, 08:23:10 pm »

nothing to do... XP and W7 works with Q818043 and Q240262, but Android and iOS doesn't
I tried with PSK and with Certificate, I changed leftid and rightid, I tried manually modify ipsec.conf but nothing works
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #28 on: Monday 23 September 2013, 03:08:57 am »

everything works well with Windows XP and Windows 7, but iOS (iphone/ipad) and Android don't connect. OSX and Ubuntu I don't try for the moment.

The part of log that I think is useful:

Code:
Sep 22 19:05:48 pluto[2692] "L2TP"[1] 87.0.178.18 #1: Peer ID is ID_IPV4_ADDR: '192.168.82.100'
Sep 22 19:05:48 pluto[2692] "L2TP"[2] 87.0.178.18 #1: deleting connection "L2TP" instance with peer 87.0.178.18 {isakmp=#0/ipsec=#0}
Sep 22 19:05:48 pluto[2692] | NAT-T: new mapping 87.0.178.18:500/15587)
Sep 22 19:05:48 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: sent MR3, ISAKMP SA established

[...]

Sep 22 19:05:49 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Sep 22 19:05:49 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: malformed payload in packet
Sep 22 19:05:49 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: sending encrypted notification PAYLOAD_MALFORMED to 87.0.178.18:15587

[...]

Sep 22 19:06:44 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4d5e5fb1 (perhaps this is a duplicated packet)
Sep 22 19:06:44 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: sending encrypted notification INVALID_MESSAGE_ID to 87.0.178.18:15587
Sep 22 19:06:47 xl2tpd[9961] network_thread: recv packet from 87.0.178.18, size = 69, tunnel = 0, call = 0 ref=0 refhim=0
Sep 22 19:06:47 xl2tpd[9961] get_call: allocating new tunnel for host 87.0.178.18, port 17345.
Sep 22 19:06:47 xl2tpd[9961] handle_avps: handling avp's for tunnel 43220, call 9005
Sep 22 19:06:47 xl2tpd[9961] message_type_avp: message type 1 (Start-Control-Connection-Request)
Sep 22 19:06:47 xl2tpd[9961] protocol_version_avp: peer is using version 1, revision 0.
Sep 22 19:06:47 xl2tpd[9961] hostname_avp: peer reports hostname 'anonymous'
Sep 22 19:06:47 xl2tpd[9961] framing_caps_avp: supported peer frames: async sync
Sep 22 19:06:47 xl2tpd[9961] assigned_tunnel_avp: using peer's tunnel 46540
Sep 22 19:06:47 xl2tpd[9961] receive_window_size_avp: peer wants RWS of 1. Will use flow control.
Sep 22 19:06:47 xl2tpd[9961] control_finish: message type is Start-Control-Connection-Request(1). Tunnel is 46540, call is 0.
Sep 22 19:06:47 xl2tpd[9961] control_finish: sending SCCRP
Sep 22 19:06:49 xl2tpd[9961] network_thread: recv packet from 87.0.178.18, size = 36, tunnel = 0, call = 0 ref=0 refhim=0
Sep 22 19:06:49 xl2tpd[9961] get_call: allocating new tunnel for host 87.0.178.18, port 17345.
Sep 22 19:06:49 xl2tpd[9961] check_control: Received out of order control packet on tunnel -1 (got 1, expected 0)
Sep 22 19:06:49 xl2tpd[9961] handle_packet: bad control packet!
Sep 22 19:06:49 xl2tpd[9961] network_thread: bad packet
Sep 22 19:06:49 xl2tpd[9961] build_fdset: closing down tunnel 44636
Sep 22 19:06:50 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:51 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:52 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:53 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:54 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:54 xl2tpd[9961] Maximum retries exceeded for tunnel 43220. Closing.
Sep 22 19:06:54 xl2tpd[9961] Connection 46540 closed to 87.0.178.18, port 17345 (Timeout)
Sep 22 19:06:55 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:56 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:57 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:58 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:59 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:59 xl2tpd[9961] Unable to deliver closing message for tunnel 43220. Destroying anyway.

Thanks for any help.
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« Reply #29 on: Tuesday 24 September 2013, 10:37:48 pm »

I've added a new ipsec net-to-net connection and either it doesn't work... "ipsec status" tells me that
Code:
000 #1: "VPN" STATE_MAIN_I2 (sent MI2, expecting MR2); EVENT_RETRANSMIT in 38s
000 #1: pending Phase 2 for "VPN" replacing #0

is it a problem with NAT-T?
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
Pages: 1 [2] 3 Go Up Print 
« previous next »
Jump to:  

Page created in 0.125 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com