1. Home
  2. Networking Firewalls
  3. Watchguard X500 PPtP

Watchguard X500 PPtP

I have a Watchguard X500 I am working on. I am trying to use the MS VPN client to connect to a pptp vpn hosted on the firebox x500. Testing from my home computer to my first client it works fine. Trying to connect to the 2nd fails out. Here is the log from the first client.

07/28/05 20:18 tunneld[141]: connected to 68.60.xx.yyy:1767 07/28/05 20:18 tunneld[141]: 156 bytes received from socket 10 07/28/05 20:18 tunneld[141]: recv start-control-connection-request from 68.60.90.211 07/28/05 20:18 tunneld[141]: sent start-control-connection-reply 07/28/05 20:18 tunneld[141]: 168 bytes received from socket 10 07/28/05 20:18 tunneld[141]: recv outgoing-call-request from 68.60.xx.yyy 07/28/05 20:18 tunneld[141]: gre rule added for 68.60.xx.yyy 07/28/05 20:18 tunneld[141]: spawned PPTPD with process id #31459 07/28/05 20:18 tunneld[141]: sent outgoing-call-reply 07/28/05 20:18 tunneld[31459]: starting PPTPD server 07/28/05 20:18 tunneld[31459]: pptpd 07/28/05 20:18 tunneld[31459]: silent 07/28/05 20:18 tunneld[31459]: 192.168.0.181:192.168.0.211 07/28/05 20:18 tunneld[31459]: -vj 07/28/05 20:18 tunneld[31459]: remotename 07/28/05 20:18 tunneld[31459]: 68.60.xx.yyy 07/28/05 20:18 tunneld[31459]: gre 07/28/05 20:18 tunneld[31459]: 0:1767 07/28/05 20:18 tunneld[31459]: channel 07/28/05 20:18 tunneld[31459]: 0 07/28/05 20:18 tunneld[31459]: +chap 07/28/05 20:18 tunneld[31459]: dns-addr 07/28/05 20:18 tunneld[31459]: 206.141.192.60 07/28/05 20:18 tunneld[31459]: dns-addr 07/28/05 20:18 tunneld[31459]: 206.141.193.55 07/28/05 20:18 tunneld[31459]: nbns-addr 07/28/05 20:18 tunneld[31459]: 192.168.0.1 07/28/05 20:18 tunneld[31459]: debug 07/28/05 20:18 tunneld[31459]: required_group 07/28/05 20:18 tunneld[31459]: pptp_users 07/28/05 20:18 tunneld[31459]: ccp-max-reset 07/28/05 20:18 tunneld[31459]: 257 07/28/05 20:18 tunneld[31459]: mppecomp 07/28/05 20:18 tunneld[31459]: drop 07/28/05 20:18 tunneld[31459]: nocomp 07/28/05 20:18 tunneld[31459]: stateless 07/28/05 20:18 tunneld[31459]: proxyarp 07/28/05 20:18 tunneld[31459]: setpptpmtu 07/28/05 20:18 tunneld[31459]: 1436 07/28/05 20:18 pptpd[31459]: Watchguard pptpd 2.2.0 started 07/28/05 20:18 pptpd[31459]: Using interface pptp0 07/28/05 20:18 kernel: pptp0: daemon attached. 07/28/05 20:18 pptpd[31459]: getting restart socket: pptp.31459 07/28/05 20:18 pptpd[31459]: Connect: pptp0 [0] 68.60.xx.yyy 07/28/05 20:18 kernel: GRE: out of order: as:0 seq:0 from:0xd35a3c44 07/28/05 20:18 tunneld[141]: 24 bytes received from socket 10 07/28/05 20:18 tunneld[141]: recv set-link-info from 68.60.xx.yyy 07/28/05 20:18 tunneld[141]: sent set-link-info 07/28/05 20:18 pptpd[31459]: rcvd [LCP ConfReq id=0x1 ] 07/28/05 20:18 pptpd[31459]: sent [LCP ConfReq id=0x1 ] 07/28/05 20:18 pptpd[31459]: sent [LCP ConfRej id=0x1 ] 07/28/05 20:18 pptpd[31459]: rcvd [LCP ConfAck id=0x1 ] 07/28/05 20:18 pptpd[31459]: rcvd [LCP ConfReq id=0x2 ] 07/28/05 20:18 pptpd[31459]: sent [LCP ConfAck id=0x2 ] 07/28/05 20:18 pptpd[31459]: sent [CHAP Challenge id=0x1 , name = "watchguard"] 07/28/05 20:18 pptpd[31459]: sent [CHAP Challenge id=0x1 , name = "watchguard"] 07/28/05 20:18 tunneld[141]: 24 bytes received from socket 10 07/28/05 20:18 tunneld[141]: recv set-link-info from 68.60.90.211 07/28/05 20:18 tunneld[141]: sent set-link-info 07/28/05 20:18 pptpd[31459]: rcvd [LCP code=0xc id=0x3 12 ab 5d 2e 4d 53 52 41 53 56 35 2e 31 30] 07/28/05 20:18 pptpd[31459]: sent [LCP CodeRej id=0x2 0c 03 00 12 12 ab 5d 2e 4d 53 52 41 53 56 35 2e 31 30] 07/28/05 20:18 pptpd[31459]: rcvd [LCP code=0xc id=0x4 12 ab 5d 2e 4d 53 52 41 53 2d 30 2d 43 4f 4d 50 41 51] 07/28/05 20:18 pptpd[31459]: sent [LCP CodeRej id=0x3 0c 04 00 16 12 ab 5d 2e 4d 53 52 41 53 2d 30 2d 43 4f 4d 50 41 51] 07/28/05 20:18 pptpd[31459]: rcvd [CHAP Response id=0x1, LAN = , NT = , NT flag = 0, name = "adminis 07/28/05 20:18 pptpd[31459]: dump_chap_state part1: unit:0 clientstate:1 serverstate:3 challenge:23b966e9a1eea81cf149065f1f28a7a4 chal_len:16 chal_id:1 chal_type:129 07/28/05 20:18 pptpd[31459]: dump_chap_state part2: id:1 chal_name:watchguard chal_interval:0 timeouttime:3 max_transmits:10 chal_transmits:1 resp_transmits:0 07/28/05 20:18 pptpd[31459]: dump_chap_state part3: response: resp_length:0 resp_id:0 resp_type:0 success_resp:(null) resp_name:(null) failure_id:0 retries:2 07/28/05 20:18 pptpd[31459]: password_hash from config (16 bytes): 0x3603269d4a16370777d6ee8962c48d9a 07/28/05 20:18 pptpd[31459]: nt_response from client (24 bytes): 0xbd53be37c1131c3f5221fec01e945b2b5844706b5627171d 07/28/05 20:18 pptpd[31459]: peer_challenge from client (16 bytes): 0x7526075017e07cdbe292c3df9806acf5 07/28/05 20:18 pptpd[31459]: auth_challenge original challenge (16 bytes): 0x23b966e9a1eea81cf149065f1f28a7a4 07/28/05 20:18 pptpd[31459]: user_name connecting user (256 bytes): 0x61646d696e6973747261746f7200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 07/28/05 20:18 pptpd[31459]: challenge for mschap: (8 bytes): 0xc90c769ed901a345 07/28/05 20:18 pptpd[31459]: response (calculated): (24 bytes): 0xbd53be37c1131c3f5221fec01e945b2b5844706b5627171d 07/28/05 20:18 pptpd[31459]: Add Host 7 192.168.0.211 "pptp_users" "administrator" succeeded 07/28/05 20:18 pptpd[31459]: User "administrator" at 192.168.0.211 logged in 07/28/05 20:18 pptpd[31459]: auth_response (20 bytes): 0x0f1bbeac8096841358da7a57c64c4e1bfd4fabc2 07/28/05 20:18 pptpd[31459]: dump_chap_state part1: unit:0 clientstate:1 serverstate:3 challenge:23b966e9a1eea81cf149065f1f28a7a4 chal_len:16 chal_id:1 chal_type:129 07/28/05 20:18 pptpd[31459]: dump_chap_state part2: id:1 chal_name:watchguard chal_interval:0 timeouttime:3 max_transmits:10 chal_transmits:1 resp_transmits:0 07/28/05 20:18 pptpd[31459]: dump_chap_state part3: response: resp_length:0 resp_id:0 resp_type:0 success_resp:S=0F1BBEAC8096841358DA7A57C64C4E1BFD4FABC2 resp_name:(null) failure_id:0 retries:2 07/28/05 20:18 pptpd[31459]: sent [CHAP Success id=0x1 "S=0F1BBEAC8096841358DA7A57C64C4E1BFD4FABC2"] 07/28/05 20:18 pptpd[31459]: sent [IPCP ConfReq id=0x1 ] 07/28/05 20:18 pptpd[31459]: rcvd [CCP ConfReq id=0x5 < mppe_128 mppe_40 mppc (0x10000e1)>] 07/28/05 20:18 pptpd[31459]: sent [CCP ConfReq id=0x1 < mppe_40 (0x1000020)>] 07/28/05 20:18 pptpd[31459]: sent [CCP ConfNak id=0x5 < mppe_40 (0x1000020)>] 07/28/05 20:18 pptpd[31459]: rcvd [IPCP ConfReq id=0x6 ] 07/28/05 20:18 pptpd[31459]: sent [IPCP ConfRej id=0x6 ] 07/28/05 20:18 pptpd[31459]: rcvd [IPCP ConfAck id=0x1 ] 07/28/05 20:18 pptpd[31459]: rcvd [CCP ConfAck id=0x1 < mppe_40 (0x1000020)>] 07/28/05 20:18 pptpd[31459]: rcvd [CCP ConfReq id=0x7 < mppe_40 (0x1000020)>] 07/28/05 20:18 pptpd[31459]: sent [CCP ConfAck id=0x7 < mppe_40 (0x1000020)>] 07/28/05 20:18 pptpd[31459]: Compression enabled 07/28/05 20:18 pptpd[31459]: Using PPTP encryption RC4 40-bit. 07/28/05 20:18 pptpd[31459]: Not using any PPTP software compression. 07/28/05 20:18 pptpd[31459]: Using stateless mode. 07/28/05 20:18 pptpd[31459]: Allowing unsafe packet transfer mode for lossy links. 07/28/05 20:18 pptpd[31459]: rcvd [IPCP ConfReq id=0x8 ] 07/28/05 20:18 pptpd[31459]: sent [IPCP ConfNak id=0x8 ] 07/28/05 20:18 pptpd[31459]: rcvd [IPCP ConfReq id=0x9 ] 07/28/05 20:18 pptpd[31459]: sent [IPCP ConfAck id=0x9 ] 07/28/05 20:18 pptpd[31459]: local IP address 192.168.0.181 07/28/05 20:18 pptpd[31459]: remote IP address 192.168.0.211 07/28/05 20:18 pptpd[31459]: found interface eth1 for proxy arp

Now here is the log for the Firebox X500 That I cannot connect to. As far as I can tell all the settings are the same. Of course I did not set up the working one so i cant be 100% sure.

07/27/05 20:27 tunneld[145]: connected to 69.39.xx.yyy:1877 07/27/05 20:27 tunneld[145]: 156 bytes received from socket 10 07/27/05 20:27 tunneld[145]: recv start-control-connection-request from 69.39.94.150 07/27/05 20:27 tunneld[145]: sent start-control-connection-reply 07/27/05 20:27 tunneld[145]: 168 bytes received from socket 10 07/27/05 20:27 tunneld[145]: recv outgoing-call-request from 69.39.xx.yyy 07/27/05 20:27 tunneld[145]: gre rule added for 69.39.xx.yyy 07/27/05 20:27 tunneld[145]: spawned PPTPD with process id #492 07/27/05 20:27 tunneld[145]: sent outgoing-call-reply 07/27/05 20:27 tunneld[492]: starting PPTPD server 07/27/05 20:27 tunneld[492]: pptpd 07/27/05 20:27 tunneld[492]: silent 07/27/05 20:27 tunneld[492]: 172.16.32.1:172.16.32.30 07/27/05 20:27 tunneld[492]: -vj 07/27/05 20:27 tunneld[492]: remotename 07/27/05 20:27 tunneld[492]: 69.39.94.150 07/27/05 20:27 tunneld[492]: gre 07/27/05 20:27 tunneld[492]: 0:1877 07/27/05 20:27 tunneld[492]: channel 07/27/05 20:27 tunneld[492]: 0 07/27/05 20:27 tunneld[492]: +chap 07/27/05 20:27 tunneld[492]: dns-addr 07/27/05 20:27 tunneld[492]: 4.2.2.2 07/27/05 20:27 tunneld[492]: dns-addr 07/27/05 20:27 tunneld[492]: 206.141.251.2 07/27/05 20:27 tunneld[492]: nbns-addr 07/27/05 20:27 tunneld[492]: 172.16.32.5 07/27/05 20:27 tunneld[492]: debug 07/27/05 20:27 tunneld[492]: required_group 07/27/05 20:27 tunneld[492]: pptp_users 07/27/05 20:27 tunneld[492]: ccp-max-reset 07/27/05 20:27 tunneld[492]: 257 07/27/05 20:27 tunneld[492]: mppecomp 07/27/05 20:27 tunneld[492]: drop 07/27/05 20:27 tunneld[492]: nocomp 07/27/05 20:27 tunneld[492]: stateless 07/27/05 20:27 tunneld[492]: proxyarp 07/27/05 20:27 tunneld[492]: setpptpmtu 07/27/05 20:27 tunneld[492]: 1436 07/27/05 20:27 tunneld[145]: rcvd SIGCHLD--ignoring 07/27/05 20:27 tunneld[145]: child pid 492 died 07/27/05 20:27 tunneld[145]: child pid 492 died without us killing it 07/27/05 20:27 tunneld[145]: killing tunnel from 69.39.94.150 07/27/05 20:27 tunneld[145]: killing child pid 492 07/27/05 20:27 tunneld[145]: setting channel 172.16.32.1:172.16.32.30 to be re-used.

What is wrong w/ the second firebox, and any suggestions on how to fix it?

TIA

Reply to
yeti
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.