Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1866 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro 8.300 L2TP Remote Access and Mac OSX 10.7.2 No Route to Host After Connect

DrFooMod2
I have Asatro 8.300 living in a VMware ESXi 5 Virtual Machine. ESXi is running inside VMware Fusion 4. This is a virtual lab setup. I'm trying to VPN into the virtual lab from the host Mac. Network traffic is occurring in a private virtual network on the Mac. I setup L2TP Remote Access using the following doc:

http://www.astaro.com/lists/ASGV8-L2TP-VPN-en.pdf

My VPN client is a Mac running OSX 10.7.2. I have verbose logging enabled. I can see the IPSec and L2TP sessions are established in the Console as such: 


1/12/12 3:37:56.456 PM pppd: pppd 2.4.2 (Apple version 560.13) started by bittond, uid 501

1/12/12 3:37:56.463 PM pppd: L2TP connecting to server '172.16.82.132' (172.16.82.132)...

1/12/12 3:37:56.525 PM pppd: IPSec connection started

1/12/12 3:37:57.651 PM pppd: IPSec connection established

1/12/12 3:37:58.375 PM pppd: L2TP connection established.

1/12/12 3:37:58.380 PM pppd: Connect: ppp0  socket[34:18]

1/12/12 3:37:58.385 PM pppd: write: No route to host

1/12/12 3:37:58.397 PM pppd: write: No route to host

1/12/12 3:38:01.386 PM pppd: write: No route to host

1/12/12 3:38:01.401 PM pppd: write: No route to host

1/12/12 3:38:04.387 PM pppd: write: No route to host

1/12/12 3:38:04.405 PM pppd: write: No route to host

1/12/12 3:38:07.388 PM pppd: write: No route to host

1/12/12 3:38:07.409 PM pppd: write: No route to host

1/12/12 3:38:10.389 PM pppd: write: No route to host

1/12/12 3:38:10.412 PM pppd: write: No route to host

1/12/12 3:38:13.390 PM pppd: write: No route to host

1/12/12 3:38:13.416 PM pppd: write: No route to host

1/12/12 3:38:16.391 PM pppd: write: No route to host

1/12/12 3:38:16.420 PM pppd: write: No route to host

1/12/12 3:38:19.391 PM pppd: write: No route to host

1/12/12 3:38:19.423 PM pppd: write: No route to host

1/12/12 3:38:22.392 PM pppd: write: No route to host

1/12/12 3:38:22.428 PM pppd: write: No route to host

1/12/12 3:38:25.394 PM pppd: write: No route to host

1/12/12 3:38:25.432 PM pppd: write: No route to host

1/12/12 3:38:28.394 PM pppd: LCP: timeout sending Config-Requests

1/12/12 3:38:28.395 PM pppd: Connection terminated.

1/12/12 3:38:28.405 PM pppd: L2TP disconnecting...

1/12/12 3:38:28.405 PM pppd: L2TP error sending CDN (No route to host)

1/12/12 3:38:28.405 PM pppd: L2TP disconnected


On the Asatro side, my log output is this: 


2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: received Vendor ID payload [RFC 3947]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

2012:01:12-10:37:52 Astaro pluto[16076]: packet from 172.16.82.1:500: received Vendor ID payload [Dead Peer Detection]

2012:01:12-10:37:52 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #23: responding to Main Mode from unknown peer 172.16.82.1

2012:01:12-10:37:52 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #23: NAT-Traversal: Result using RFC 3947: no NAT detected

2012:01:12-10:37:52 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #23: ignoring informational payload, type IPSEC_INITIAL_CONTACT

2012:01:12-10:37:52 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #23: Peer ID is ID_IPV4_ADDR: '172.16.82.1'

2012:01:12-10:37:52 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #23: Dead Peer Detection (RFC 3706) enabled

2012:01:12-10:37:52 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #23: sent MR3, ISAKMP SA established

2012:01:12-10:37:53 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #24: responding to Quick Mode

2012:01:12-10:37:53 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #24: IPsec SA established {ESP=>0x00a8cb2f 

2012:01:12-10:37:54 Astaro pppd-l2tp[19471]: Overriding mtu 1500 to 1380

2012:01:12-10:37:54 Astaro pppd-l2tp[19471]: PPPoL2TP options: lnsmode tid 34999 sid 8335 debugmask 0

2012:01:12-10:37:54 Astaro pppd-l2tp[19471]: Overriding mru 1500 to mtu value 1380

2012:01:12-10:37:54 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:37:57 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:38:00 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:38:03 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:38:06 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:38:09 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:38:12 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:38:15 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:38:18 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:38:21 Astaro pppd-l2tp[19471]: sent [LCP ConfReq id=0x1    ]

2012:01:12-10:38:24 Astaro pppd-l2tp[19471]: LCP: timeout sending Config-Requests

2012:01:12-10:38:24 Astaro pppd-l2tp[19471]: Connection terminated.

2012:01:12-10:38:24 Astaro pppd-l2tp[19471]: Modem hangup

2012:01:12-10:38:24 Astaro pppd-l2tp[19471]: Exit.

2012:01:12-10:38:24 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #23: received Delete SA(0x00a8cb2f) payload: deleting IPSEC State #24

2012:01:12-10:38:24 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #23: deleting connection "S_for bittondb"[9] instance with peer 172.16.82.1 {isakmp=#0/ipsec=#0}

2012:01:12-10:38:24 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1 #23: received Delete SA payload: deleting ISAKMP State #23

2012:01:12-10:38:24 Astaro pluto[16076]: "S_for bittondb"[9] 172.16.82.1: deleting connection "S_for bittondb"[9] instance with peer 172.16.82.1 {isakmp=#0/ipsec=#0} 


I have a Firewall rule allowing the L2TP Pool Any access to the Internal (Network). I also setup a masquerading rule for the L2TP Pool as well. Something is skipping a beat here. Anyone have any idea where this is breaking down? Thanks!


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BAlfson
    Bob,
      The firewall and IPS logs are free from any activity pertaining to the VPN connection. As for the MTU, I'm not sure. I'm also not sure why pppd would change it in the first place. I did however Google MTU 1380 and this seems to be a standard setting for ppp.