No response to PAP authenticate-requests

Asked by Jianyi XU on 2011-11-13

Hi Dear Developer,

After reboot my laptop, the problem regarding timeout of xl2tpd seemed had gone. This time it looks like I am very close to a successful connection, because there are no "red" text in the detailed information! However, it still need some fix. Below is the log:
===================================================================
ipsec_setup: Starting Openswan IPsec U2.6.28/K3.0.0-12-generic...
Nov 14 12:58:39 jackxu-hp ipsec__plutorun: Starting Pluto subsystem...
Nov 14 12:58:39 jackxu-hp ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
recvref[22]: Protocol not available
xl2tpd[3730]: This binary does not support kernel L2TP.
Starting xl2tpd: xl2tpd.
xl2tpd[3731]: xl2tpd version xl2tpd-1.2.8 started on jackxu-hp PID:3731
xl2tpd[3731]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[3731]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[3731]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[3731]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[3731]: Listening on IP address 0.0.0.0, port 1701
Nov 14 12:58:39 jackxu-hp ipsec__plutorun: 002 added connection description "CUHKVPN"
Nov 14 12:58:39 jackxu-hp ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
Nov 14 12:58:39 jackxu-hp ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
Nov 14 12:58:39 jackxu-hp ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T
104 "CUHKVPN" #1: STATE_MAIN_I1: initiate
003 "CUHKVPN" #1: received Vendor ID payload [RFC 3947] method set to=109
106 "CUHKVPN" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "CUHKVPN" #1: received Vendor ID payload [Cisco-Unity]
003 "CUHKVPN" #1: received Vendor ID payload [Dead Peer Detection]
003 "CUHKVPN" #1: ignoring unknown Vendor ID payload [7217250aaec6ffe38be2c1b455ff011a]
003 "CUHKVPN" #1: received Vendor ID payload [XAUTH]
003 "CUHKVPN" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
108 "CUHKVPN" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "CUHKVPN" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
117 "CUHKVPN" #2: STATE_QUICK_I1: initiate
003 "CUHKVPN" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=652850f0
004 "CUHKVPN" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x27475bb2 <0x7ef71366 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
xl2tpd[3731]: Connecting to host vpn.cuhk.edu.hk, port 1701
xl2tpd[3731]: handle_avps: don't know how to handle atribute 110.
xl2tpd[3731]: handle_avps: don't know how to handle atribute 111.
xl2tpd[3731]: Connection established to 137.189.192.201, 1701. Local: 54648, Remote: 32313 (ref=0/0).
xl2tpd[3731]: Calling on tunnel 54648
xl2tpd[3731]: Call established with 137.189.192.201, Local: 59092, Remote: 63952, Serial: 1 (ref=0/0)
xl2tpd[3731]: start_pppd: I'm running:
xl2tpd[3731]: "/usr/sbin/pppd"
xl2tpd[3731]: "passive"
xl2tpd[3731]: "nodetach"
xl2tpd[3731]: ":"
xl2tpd[3731]: "file"
xl2tpd[3731]: "/etc/ppp/CUHKVPN.options.xl2tpd"
xl2tpd[3731]: "ipparam"
xl2tpd[3731]: "137.189.192.201"
xl2tpd[3731]: "/dev/pts/0"
pppd[3782]: Plugin passprompt.so loaded.
pppd[3782]: pppd 2.4.5 started by root, uid 0
pppd[3782]: Using interface ppp0
pppd[3782]: Connect: ppp0 <--> /dev/pts/0
pppd[3782]: No response to PAP authenticate-requests
pppd[3782]: Connection terminated.
pppd[3782]: Exit.xl2tpd[3731]: control_finish: Connection closed to 137.189.192.201, port 1701 (No application/session timer expired), Local: 54648, Remote: 32313
xl2tpd[3731]: Terminating pppd: sending TERM signal to pid 3782

xl2tpd[3731]: child_handler : pppd exited for call 63952 with code 19
xl2tpd[3731]: call_close: Call 59092 to 137.189.192.201 disconnected

===============================================(End of log)

Any suggestions are welcomed.

Thanks.

Question information

Language:
English Edit question
Status:
Answered
For:
L2TP over IPsec VPN Manager Edit question
Assignee:
No assignee Edit question
Last query:
2011-11-13
Last reply:
2012-02-19
Werner Jaeger (werner-jaeger) said : #1

This appears to simply be an authentication problem. Verify that your ISP does in fact use PAP and not CHAP. Make absolutly sure that your password and login are correct.

If you are sure that your provider uses PAP I suggest you to try to uncheck all the protocols of EAP and left only PAP.

Ma Hsiao-chun (mahsiaochun) said : #2

It seems that Jianyi XU and I are in the same university, The Chinese University of Hong Kong (CUHK).
I cannot connect CUHK VPN either.

The ITSC of CUHK gives a lengthy instruction for Linux connection, which uses ppp, racoon and xl2tpd. It also uses `setkey` in the given connection script to do something I don't really understand. I hope you can check it, it contains many configurations.
http://www.cuhk.edu.hk/itsc/network/vpn/linuxvpn.html
http://linux.die.net/man/8/setkey
I don't think we should specify that much, though. You may notice that same VPN connection in other OS is a piece of cake.
http://www.cuhk.edu.hk/itsc/network/vpn/vpn.html

AFAIK, l2tp-ipsec-vpn uses patched/enhanced ppp, openswan, xl2tpd. It would be nice if you can give some hints for debugging.

Jianyi XU (xujianyi) said : #3

The problem has not been solved.
But I suggest you to switch to Ubuntu10.04 if you are using 11.10, since the instruction from ITSC of CUHK is for 10.04.

Can you help with this problem?

Provide an answer of your own, or ask Jianyi XU for more information if necessary.

To post a message you must log in.