SonicOS Enhanced 5.8.1.2 L2TP VPN Authentication Failed

Posted by Dean A. Vassallo on Server Fault See other posts from Server Fault or by Dean A. Vassallo
Published on 2013-07-02T00:39:18Z Indexed on 2013/07/02 5:07 UTC
Read the original article Hit count: 592

Filed under:
|
|
|

I have a SonicWall TZ 215 running SonicOS Enhanced 5.8.1.2-6o. I have configured the L2TP VPN using the default crypto suite ESP: 3DES/HMAC SHA1 (IKE). Proposals are as such:

IKE (Phase 1) Proposal

  1. DH Group: Group 2
  2. Encryption: 3DES
  3. Authentication: SHA1
  4. Life Time (seconds): 28800

Ipsec (Phase 2) Proposal

  1. Protocol: ESP
  2. Encryption: 3DES
  3. Authentication: SHA1
  4. Enable Perfect Forward Secrecy DISABLED
  5. Life Time (seconds): 28800

When attempting to connect via my Mac OS X client I get an authentication error. It appears to pass the pre-authentication but fails to complete. I am at a complete loss. I reconfigured from scratch multiple times...used simple usernames and passwords to verify this wasn't a miskeyed password issue. I have Here are the logs (noted IP has been removed for privacy):

7/1/13 8:19:05.174 PM pppd[1268]: setup_security_context server port: 0x1503
7/1/13 8:19:05.190 PM pppd[1268]: publish_entry SCDSet() failed: Success!
7/1/13 8:19:05.191 PM pppd[1268]: publish_entry SCDSet() failed: Success!
7/1/13 8:19:05.191 PM pppd[1268]: pppd 2.4.2 (Apple version 727.1.1) started by dean, uid 501
7/1/13 8:19:05.192 PM pppd[1268]: L2TP connecting to server ‘0.0.0.0’ (0.0.0.0)...
7/1/13 8:19:05.193 PM pppd[1268]: IPSec connection started
7/1/13 8:19:05.208 PM racoon[1269]: accepted connection on vpn control socket.
7/1/13 8:19:05.209 PM racoon[1269]: Connecting.
7/1/13 8:19:05.209 PM racoon[1269]: IPSec Phase 1 started (Initiated by me).
7/1/13 8:19:05.209 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
7/1/13 8:19:05.209 PM racoon[1269]: >>>>> phase change status = Phase 1 started by us
7/1/13 8:19:05.231 PM racoon[1269]: >>>>> phase change status = Phase 1 started by peer
7/1/13 8:19:05.231 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
7/1/13 8:19:05.234 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
7/1/13 8:19:05.293 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
7/1/13 8:19:05.295 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 AUTH: success. (Initiator, Main-Mode Message 6).
7/1/13 8:19:05.315 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 6).
7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 Initiator: success. (Initiator, Main-Mode).
7/1/13 8:19:05.315 PM racoon[1269]: IPSec Phase 1 established (Initiated by me).
7/1/13 8:19:06.307 PM racoon[1269]: IPSec Phase 2 started (Initiated by me).
7/1/13 8:19:06.307 PM racoon[1269]: >>>>> phase change status = Phase 2 started
7/1/13 8:19:06.308 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
7/1/13 8:19:06.332 PM racoon[1269]: attribute has been modified.
7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
7/1/13 8:19:06.333 PM racoon[1269]: IKEv1 Phase 2 Initiator: success. (Initiator, Quick-Mode).
7/1/13 8:19:06.333 PM racoon[1269]: IPSec Phase 2 established (Initiated by me).
7/1/13 8:19:06.333 PM racoon[1269]: >>>>> phase change status = Phase 2 established
7/1/13 8:19:06.333 PM pppd[1268]: IPSec connection established
7/1/13 8:19:07.145 PM pppd[1268]: L2TP connection established.
7/1/13 8:19:07.000 PM kernel[0]: ppp0: is now delegating en0 (type 0x6, family 2, sub-family 3)
7/1/13 8:19:07.146 PM pppd[1268]: Connect: ppp0 <--> socket[34:18]
7/1/13 8:19:08.709 PM pppd[1268]: MS-CHAPv2 mutual authentication failed.
7/1/13 8:19:08.710 PM pppd[1268]: Connection terminated.
7/1/13 8:19:08.710 PM pppd[1268]: L2TP disconnecting...
7/1/13 8:19:08.711 PM pppd[1268]: L2TP disconnected
7/1/13 8:19:08.711 PM racoon[1269]: IPSec disconnecting from server 0.0.0.0
7/1/13 8:19:08.711 PM racoon[1269]: IKE Packet: transmit success. (Information message).
7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
7/1/13 8:19:08.712 PM racoon[1269]: IKE Packet: transmit success. (Information message).
7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
7/1/13 8:19:08.713 PM racoon[1269]: glob found no matches for path "/var/run/racoon/*.conf"
7/1/13 8:19:08.714 PM racoon[1269]: pfkey DELETE failed: No such file or directory

© Server Fault or respective owner

Related posts about vpn

Related posts about macosx