LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-25-2016, 09:15 AM   #1
Predjee
LQ Newbie
 
Registered: Feb 2016
Posts: 4

Rep: Reputation: Disabled
VPN issues


Hi all,

i have a VPN server running on my Synology ds215+ nas.

Can connect to it with my phone, but via windows it does not work.

I have absolutely no linux experience. I managed to telnet to my nas and get root acces.

I am looking for the command lines so i can watch VPN client server setup live and watch the whole process of phase1/phase2

This so i can see where the problem lies.

Wich command lines can i use for this?
 
Old 02-26-2016, 11:46 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,817

Rep: Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006
Quote:
Originally Posted by Predjee View Post
Hi all,
i have a VPN server running on my Synology ds215+ nas.

Can connect to it with my phone, but via windows it does not work. I have absolutely no linux experience. I managed to telnet to my nas and get root acces. I am looking for the command lines so i can watch VPN client server setup live and watch the whole process of phase1/phase2 This so i can see where the problem lies.

Wich command lines can i use for this?
No idea, since this is a Linux forum, and you're asking about WINDOWS. Chances are, you need to run your VPN client on your Windows box as administrator. Since it connects via phone, that tells you that the VPN software, keys, and other things are all working properly. If you don't run the VPN client as administrator, you won't be able to create the TAP/TUN interface on your Windows system to establish the connection.
 
Old 02-28-2016, 01:26 AM   #3
Predjee
LQ Newbie
 
Registered: Feb 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
my question has NOTHING to do with windows


"I have absolutely no linux experience. I managed to telnet to my nas and get root acces.

-------> I am looking for the command lines so i can watch VPN client server setup live and watch the whole process of phase1/phase2 <------

This so i can see where the problem lies.

Wich command lines can i use for this?"
 
Old 02-28-2016, 12:57 PM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,817

Rep: Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006
Quote:
Originally Posted by Predjee View Post
my question has NOTHING to do with windows
Really?? From your very first post, you said: "Can connect to it with my phone, but via windows it does not work."

...certainly SEEMS like you're asking about Windows.
Quote:
"I have absolutely no linux experience. I managed to telnet to my nas and get root acces.
I am looking for the command lines so i can watch VPN client server setup live and watch the whole process of phase1/phase2

This so i can see where the problem lies.
And AGAIN, this is where you run the Windows client AS ADMINISTRATOR, which is most probably where the problem lies.
Quote:
Wich command lines can i use for this?"
There are several, like tcpdump...but chances are, your NAS either doesn't have them, or has a sub-set of commands which is NOT a full-blow Linux installation.

So to lay this out again:
  • You are using a NAS, *NOT* a full-blown Linux server.
  • You are ABLE to VPN to it already
  • It is working via phone.
  • It is NOT working with Windows
ALL of these things point to you not having a problem in Linux, or with VPN, but with your WINDOWS system. Re-read my first reply...you don't tell us how your Windows system is connecting (which package you installed), but again, unless you're running it as administrator, it won't work.
 
Old 02-29-2016, 03:23 AM   #5
Predjee
LQ Newbie
 
Registered: Feb 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
I am just laying out the situation, i am NOT asking you to help me troubleshoot my problems on windows.

All i am asking for are the L I N U X command lines to watch phase1\phase2 proces.

I have probably already found the problem. The problem lies in a registry problem for windows, of wich is the problem why it cant build a layer2 tunnel. (IPSEC needs a tunnel to pass trough, does this in conjunction with layer 2 tunneling protocol.)

But i want to watch this LIVE and dont know the linxus commands to see that.

So take a chill pill and reread my O.P, and just give me the command lines i am asking for... is that so hard?

And FYI, in my WHOLE O.P ... there is only 1 question mark...

Wich command lines can i use for this

So stop telling me what a question is and what not.

Last edited by Predjee; 02-29-2016 at 03:28 AM.
 
Old 02-29-2016, 05:03 AM   #6
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
You should find the logs in /var/log or /var/logs.

Quote:
cd /var/log
ls
this changes to the directory and prints a listing of file names. Now you need to find a file that might hold you VPN logs. Or just try the following comman don every file till you hit the right spot. syslog or message file is good.

Quote:
tail -f ./syslog
 
Old 02-29-2016, 07:41 AM   #7
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,817

Rep: Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006
Quote:
Originally Posted by Predjee View Post
I am just laying out the situation, i am NOT asking you to help me troubleshoot my problems on windows.

All i am asking for are the L I N U X command lines to watch phase1\phase2 proces.
...and WE are telling you that:
  • You are NOT running a full-blown Linux installation
  • You have been GIVEN a command to try
  • You ARE NOT having problems with the VPN server or client..you are having a WINDOWS ISSUE...SO...
  • ...why would you need ANY Linux commands, when the problem is on your Windows client???
Quote:
I have probably already found the problem. The problem lies in a registry problem for windows, of wich is the problem why it cant build a layer2 tunnel. (IPSEC needs a tunnel to pass trough, does this in conjunction with layer 2 tunneling protocol.)

But i want to watch this LIVE and dont know the linxus commands to see that. So take a chill pill and reread my O.P, and just give me the command lines i am asking for... is that so hard?
And apparently, it's harder for you to re-read my replies, where I gave you the answer.
Quote:
And FYI, in my WHOLE O.P ... there is only 1 question mark... Wich command lines can i use for this So stop telling me what a question is and what not.
Apparently, you are having a hard time understanding things.

There is no 'L I N U X' command to help you with your problem, because there IS NO PROBLEM ON THE LINUX SIDE OF THINGS. As said to you at least twice before now, VPN issues tend to be with permissions/security. You were asked questions about your Windows installation, how you're running the client, etc., but haven't answered or acknowledged ANY of them yet.

AGAIN:
  • The command is tcpdump, which may not be installed on your NAS, and you may not be ABLE to install it, because, AGAIN, you are not running a full-blow Linux server.
  • What VPN client are you using?
  • Are you running it as administrator on Windows?
  • Run the VPN client as administrator, because if you don't, you WILL NOT be able to create the TAP/TUN interface, which VPN uses to connect, and (if you're using OpenVPN), won't be able to write to the log file, which will ALSO cause your connection to fail.
 
Old 02-29-2016, 10:10 AM   #8
Predjee
LQ Newbie
 
Registered: Feb 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by TB0ne View Post
...and WE are telling you that:
  • You are NOT running a full-blown Linux installation
  • You have been GIVEN a command to try
  • You ARE NOT having problems with the VPN server or client..you are having a WINDOWS ISSUE...SO...
  • ...why would you need ANY Linux commands, when the problem is on your Windows client???

And apparently, it's harder for you to re-read my replies, where I gave you the answer.

Apparently, you are having a hard time understanding things.

There is no 'L I N U X' command to help you with your problem, because there IS NO PROBLEM ON THE LINUX SIDE OF THINGS. As said to you at least twice before now, VPN issues tend to be with permissions/security. You were asked questions about your Windows installation, how you're running the client, etc., but haven't answered or acknowledged ANY of them yet.

AGAIN:
  • The command is tcpdump, which may not be installed on your NAS, and you may not be ABLE to install it, because, AGAIN, you are not running a full-blow Linux server.
  • What VPN client are you using?
  • Are you running it as administrator on Windows?
  • Run the VPN client as administrator, because if you don't, you WILL NOT be able to create the TAP/TUN interface, which VPN uses to connect, and (if you're using OpenVPN), won't be able to write to the log file, which will ALSO cause your connection to fail.

Seriously? Are you a kid?

I just told you what the problem is. I have already fixed the frigging problem. Now i just want to know the command lines to watch Phase1/Phase2 setup.

I am not asking you what might work and what might not work. That i will find out myself. It is not your issue in any way whether the command lines will or will not work. It does not concern you at all. The only thing you do is making assumptions, and I cant do SHIT with assumptions. I haven't even asked you to fix my issues in windows or whatever. All i asked for are some simple command lines to see what certain protocols do or not do. Thats probably to hard for you to understand.

By default, Windows Vista and the Windows Server 2008 operating system do not support Internet Protocol security (IPsec) network address translation (NAT) Traversal (NAT-T) security associations to servers that are located behind a NAT device. Therefore, if the virtual private network (VPN) server is behind a NAT device, a Windows Vista-based VPN client computer or a Windows Server 2008-based VPN client computer cannot make a Layer Two Tunneling Protocol (L2TP)/IPsec connection to the VPN server. This scenario includes VPN servers that are running Windows Server 2008 and Microsoft Windows Server 2003.

Good luck to you sir.


@zhjim

Thank you mate! with your help i found out i need:

tail -n 200 var/log/messages | grep ipsec
tail -f var/log/messages
 
Old 02-29-2016, 10:33 AM   #9
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,817

Rep: Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006Reputation: 8006
Quote:
Originally Posted by Predjee View Post
Seriously? Are you a kid?

I just told you what the problem is. I have already fixed the frigging problem. Now i just want to know the command lines to watch Phase1/Phase2 setup.
And for the third time now, that command is tcpdump. Since you still don't answer any questions asked of you, we can't tell you the EXACT command line, since we'd need to know what ports/protocols you have things set up to use.
Quote:
I am not asking you what might work and what might not work. That i will find out myself. It is not your issue in any way whether the command lines will or will not work. It does not concern you at all. The only thing you do is making assumptions, and I cant do SHIT with assumptions. I haven't even asked you to fix my issues in windows or whatever. All i asked for are some simple command lines to see what certain protocols do or not do. Thats probably to hard for you to understand.
Apparently harder for you to read. And if you're not going to participate in an actual CONVERSATION...that is, answering questions, the back-and-forth, etc., then posting in a forum isn't going to lead to anything for you. Putting "how to examine network traffic in Linux" into Google brings up a list of commands, if you're not actually interested in talking with folks. Amazingly, the VERY FIRST HIT is:
http://www.tecmint.com/command-line-...x-performance/

...a list of 20 that can help you.
Quote:
By default, Windows Vista and the Windows Server 2008 operating system do not support Internet Protocol security (IPsec) network address translation (NAT) Traversal (NAT-T) security associations to servers that are located behind a NAT device. Therefore, if the virtual private network (VPN) server is behind a NAT device, a Windows Vista-based VPN client computer or a Windows Server 2008-based VPN client computer cannot make a Layer Two Tunneling Protocol (L2TP)/IPsec connection to the VPN server. This scenario includes VPN servers that are running Windows Server 2008 and Microsoft Windows Server 2003.
...exactly what the page at Microsoft says:
https://support.microsoft.com/en-us/kb/926179

...which brings us back to "What kind of VPN, etc.", which you won't answer. If you had bothered just saying these things to START with, you'd get far more help.
Quote:
Good luck to you sir.
You need it far more than I.
 
Old 03-17-2016, 08:18 AM   #10
nickmartin42
LQ Newbie
 
Registered: Mar 2016
Posts: 13

Rep: Reputation: 1
this changes to the directory and prints a listing of file names. Now you need to find a file that might hold you VPN logs
 
Old 03-20-2016, 10:22 AM   #11
CarlosRPEvertsz
LQ Newbie
 
Registered: Mar 2016
Posts: 1

Rep: Reputation: Disabled
Try using vpnc client to connect to your VPN server from Windows.
You can find this great open source VPN client at sourceforge
I hope this helps you.

Regards,

CarlosRPEvertsz
 
Old 03-22-2016, 07:47 AM   #12
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,708
Blog Entries: 4

Rep: Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949
Ladies, Gentlemen, please ... "Civility," remember?

Indeed it does appear to me that this is probably a configuration problem on the Windows side. (You say you've fixed it? I'm sure that folks here in this "Linux" forum would nevertheless be very interested to learn just what the problem was, because ... ick ... we have to deal with Windoze too!)

The trouble is, you really can't use tcpdump or wireshark to diagnose problems with VPN because the packets are encrypted. You can use traffic analysis to see where the packets are going but you have no idea what they contain. OpenVPN, when set to an appropriately high logging level (on both sides ...) is really the only thing that you have to go on. (The very-recent post in this same forum, No Internet on VPN client on RPi, gives an excellent example of just such a log trace.)

The Windows client should be running OpenVPN and therefore should have the same logging facilities available. We can reasonably assume that the Windows installer did its job and properly configured a VPN tunnel. (I presume it's a router, not a switch ...) Therefore, I would open its log ... maybe it's in Windows' event-log viewer ... and try to connect. Then, look at the OpenVPN logs on both sides to see if (a) the host actually heard the connection-request at all, then (b) did it accept it or reject it. (After first doing a basic "ping" from the Windows side to see if it can see the VPN host computer on the network at all.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Open VPN issues nnoromuzoma@yahoo.com Linux - Newbie 1 05-06-2010 08:13 AM
VPN issues DaFakaMatt Linux - Newbie 3 02-17-2010 09:38 AM
issues with VPN pptpd server onorua Linux - Networking 1 08-25-2006 03:45 PM
Ubuntu 5.10 PPPoE/VPN Connection Issues Schnoid Linux - Networking 0 04-27-2006 11:21 AM
samba via VPN and XP issues mac_casey Linux - Networking 2 02-07-2003 08:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration