Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi all,
i have a VPN server running on my Synology ds215+ nas.
Can connect to it with my phone, but via windows it does not work. I have absolutely no linux experience. I managed to telnet to my nas and get root acces. I am looking for the command lines so i can watch VPN client server setup live and watch the whole process of phase1/phase2 This so i can see where the problem lies.
Wich command lines can i use for this?
No idea, since this is a Linux forum, and you're asking about WINDOWS. Chances are, you need to run your VPN client on your Windows box as administrator. Since it connects via phone, that tells you that the VPN software, keys, and other things are all working properly. If you don't run the VPN client as administrator, you won't be able to create the TAP/TUN interface on your Windows system to establish the connection.
Really?? From your very first post, you said: "Can connect to it with my phone, but via windows it does not work."
...certainly SEEMS like you're asking about Windows.
Quote:
"I have absolutely no linux experience. I managed to telnet to my nas and get root acces.
I am looking for the command lines so i can watch VPN client server setup live and watch the whole process of phase1/phase2
This so i can see where the problem lies.
And AGAIN, this is where you run the Windows client AS ADMINISTRATOR, which is most probably where the problem lies.
Quote:
Wich command lines can i use for this?"
There are several, like tcpdump...but chances are, your NAS either doesn't have them, or has a sub-set of commands which is NOT a full-blow Linux installation.
So to lay this out again:
You are using a NAS, *NOT* a full-blown Linux server.
You are ABLE to VPN to it already
It is working via phone.
It is NOT working with Windows
ALL of these things point to you not having a problem in Linux, or with VPN, but with your WINDOWS system. Re-read my first reply...you don't tell us how your Windows system is connecting (which package you installed), but again, unless you're running it as administrator, it won't work.
I am just laying out the situation, i am NOT asking you to help me troubleshoot my problems on windows.
All i am asking for are the L I N U X command lines to watch phase1\phase2 proces.
I have probably already found the problem. The problem lies in a registry problem for windows, of wich is the problem why it cant build a layer2 tunnel. (IPSEC needs a tunnel to pass trough, does this in conjunction with layer 2 tunneling protocol.)
But i want to watch this LIVE and dont know the linxus commands to see that.
So take a chill pill and reread my O.P, and just give me the command lines i am asking for... is that so hard?
And FYI, in my WHOLE O.P ... there is only 1 question mark...
Wich command lines can i use for this
So stop telling me what a question is and what not.
You should find the logs in /var/log or /var/logs.
Quote:
cd /var/log
ls
this changes to the directory and prints a listing of file names. Now you need to find a file that might hold you VPN logs. Or just try the following comman don every file till you hit the right spot. syslog or message file is good.
I am just laying out the situation, i am NOT asking you to help me troubleshoot my problems on windows.
All i am asking for are the L I N U X command lines to watch phase1\phase2 proces.
...and WE are telling you that:
You are NOT running a full-blown Linux installation
You have been GIVEN a command to try
You ARE NOT having problems with the VPN server or client..you are having a WINDOWS ISSUE...SO...
...why would you need ANY Linux commands, when the problem is on your Windows client???
Quote:
I have probably already found the problem. The problem lies in a registry problem for windows, of wich is the problem why it cant build a layer2 tunnel. (IPSEC needs a tunnel to pass trough, does this in conjunction with layer 2 tunneling protocol.)
But i want to watch this LIVE and dont know the linxus commands to see that. So take a chill pill and reread my O.P, and just give me the command lines i am asking for... is that so hard?
And apparently, it's harder for you to re-read my replies, where I gave you the answer.
Quote:
And FYI, in my WHOLE O.P ... there is only 1 question mark... Wich command lines can i use for this So stop telling me what a question is and what not.
Apparently, you are having a hard time understanding things.
There is no 'L I N U X' command to help you with your problem, because there IS NO PROBLEM ON THE LINUX SIDE OF THINGS. As said to you at least twice before now, VPN issues tend to be with permissions/security. You were asked questions about your Windows installation, how you're running the client, etc., but haven't answered or acknowledged ANY of them yet.
AGAIN:
The command is tcpdump, which may not be installed on your NAS, and you may not be ABLE to install it, because, AGAIN, you are not running a full-blow Linux server.
What VPN client are you using?
Are you running it as administrator on Windows?
Run the VPN client as administrator, because if you don't, you WILL NOT be able to create the TAP/TUN interface, which VPN uses to connect, and (if you're using OpenVPN), won't be able to write to the log file, which will ALSO cause your connection to fail.
You are NOT running a full-blown Linux installation
You have been GIVEN a command to try
You ARE NOT having problems with the VPN server or client..you are having a WINDOWS ISSUE...SO...
...why would you need ANY Linux commands, when the problem is on your Windows client???
And apparently, it's harder for you to re-read my replies, where I gave you the answer.
Apparently, you are having a hard time understanding things.
There is no 'L I N U X' command to help you with your problem, because there IS NO PROBLEM ON THE LINUX SIDE OF THINGS. As said to you at least twice before now, VPN issues tend to be with permissions/security. You were asked questions about your Windows installation, how you're running the client, etc., but haven't answered or acknowledged ANY of them yet.
AGAIN:
The command is tcpdump, which may not be installed on your NAS, and you may not be ABLE to install it, because, AGAIN, you are not running a full-blow Linux server.
What VPN client are you using?
Are you running it as administrator on Windows?
Run the VPN client as administrator, because if you don't, you WILL NOT be able to create the TAP/TUN interface, which VPN uses to connect, and (if you're using OpenVPN), won't be able to write to the log file, which will ALSO cause your connection to fail.
Seriously? Are you a kid?
I just told you what the problem is. I have already fixed the frigging problem. Now i just want to know the command lines to watch Phase1/Phase2 setup.
I am not asking you what might work and what might not work. That i will find out myself. It is not your issue in any way whether the command lines will or will not work. It does not concern you at all. The only thing you do is making assumptions, and I cant do SHIT with assumptions. I haven't even asked you to fix my issues in windows or whatever. All i asked for are some simple command lines to see what certain protocols do or not do. Thats probably to hard for you to understand.
By default, Windows Vista and the Windows Server 2008 operating system do not support Internet Protocol security (IPsec) network address translation (NAT) Traversal (NAT-T) security associations to servers that are located behind a NAT device. Therefore, if the virtual private network (VPN) server is behind a NAT device, a Windows Vista-based VPN client computer or a Windows Server 2008-based VPN client computer cannot make a Layer Two Tunneling Protocol (L2TP)/IPsec connection to the VPN server. This scenario includes VPN servers that are running Windows Server 2008 and Microsoft Windows Server 2003.
Good luck to you sir.
@zhjim
Thank you mate! with your help i found out i need:
I just told you what the problem is. I have already fixed the frigging problem. Now i just want to know the command lines to watch Phase1/Phase2 setup.
And for the third time now, that command is tcpdump. Since you still don't answer any questions asked of you, we can't tell you the EXACT command line, since we'd need to know what ports/protocols you have things set up to use.
Quote:
I am not asking you what might work and what might not work. That i will find out myself. It is not your issue in any way whether the command lines will or will not work. It does not concern you at all. The only thing you do is making assumptions, and I cant do SHIT with assumptions. I haven't even asked you to fix my issues in windows or whatever. All i asked for are some simple command lines to see what certain protocols do or not do. Thats probably to hard for you to understand.
Apparently harder for you to read. And if you're not going to participate in an actual CONVERSATION...that is, answering questions, the back-and-forth, etc., then posting in a forum isn't going to lead to anything for you. Putting "how to examine network traffic in Linux" into Google brings up a list of commands, if you're not actually interested in talking with folks. Amazingly, the VERY FIRST HIT is: http://www.tecmint.com/command-line-...x-performance/
...a list of 20 that can help you.
Quote:
By default, Windows Vista and the Windows Server 2008 operating system do not support Internet Protocol security (IPsec) network address translation (NAT) Traversal (NAT-T) security associations to servers that are located behind a NAT device. Therefore, if the virtual private network (VPN) server is behind a NAT device, a Windows Vista-based VPN client computer or a Windows Server 2008-based VPN client computer cannot make a Layer Two Tunneling Protocol (L2TP)/IPsec connection to the VPN server. This scenario includes VPN servers that are running Windows Server 2008 and Microsoft Windows Server 2003.
...which brings us back to "What kind of VPN, etc.", which you won't answer. If you had bothered just saying these things to START with, you'd get far more help.
Indeed it does appear to me that this is probably a configuration problem on the Windows side. (You say you've fixed it? I'm sure that folks here in this "Linux" forum would nevertheless be very interested to learn just what the problem was, because ... ick ... we have to deal with Windoze too!)
The trouble is, you really can't use tcpdump or wireshark to diagnose problems with VPN because the packets are encrypted. You can use traffic analysis to see where the packets are going but you have no idea what they contain. OpenVPN, when set to an appropriately high logging level (on both sides ...) is really the only thing that you have to go on. (The very-recent post in this same forum, No Internet on VPN client on RPi, gives an excellent example of just such a log trace.)
The Windows client should be running OpenVPN and therefore should have the same logging facilities available. We can reasonably assume that the Windows installer did its job and properly configured a VPN tunnel. (I presume it's a router, not a switch ...) Therefore, I would open its log ... maybe it's in Windows' event-log viewer ... and try to connect. Then, look at the OpenVPN logs on both sides to see if (a) the host actually heard the connection-request at all, then (b) did it accept it or reject it. (After first doing a basic "ping" from the Windows side to see if it can see the VPN host computer on the network at all.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.