Hi,
I'm trying to connect my new touch HD to the work cisco firewall. I've set it up as LDAP/IPSEC with a preshared key.
When I try and force it to connect it contacts the ASA, starts the handshake but I see this in the debugging VPN log:
Start of Handshake:
Code:
7 Nov 12 2008 15:36:23 713236 IP = 89.193.232.83, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 564
Point of issue (i think anyway)
Code:
7 Nov 12 2008 15:36:24 713906 IP = 89.193.232.83, computing NAT Discovery hash
4 Nov 12 2008 15:36:24 713903 Group = 89.193.232.83, IP = 89.193.232.83, Can't find a valid tunnel group, aborting...!
7 Nov 12 2008 15:36:24 715065 Group = 89.193.232.83, IP = 89.193.232.83, IKE MM Responder FSM error history (struct &0xd9298110) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GROUP_LOOKUP-->MM_BLD_MSG4, EV_TEST_CERT-->MM_BLD_MSG4, EV_BLD_MSG4-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, IKE SA MM:d5e02623 terminating: flags 0x01000002, refcnt 0, tuncnt 0
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, sending delete/delete with reason message
Looking at the logs it at no point tries to auth with the username and password so it's a tunnelling issue.
Any super geeks about to help?
jon- said:
Hi,
I'm trying to connect my new touch HD to the work cisco firewall. I've set it up as LDAP/IPSEC with a preshared key.
When I try and force it to connect it contacts the ASA, starts the handshake but I see this in the debugging VPN log:
Start of Handshake:
Code:
7 Nov 12 2008 15:36:23 713236 IP = 89.193.232.83, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 564
Point of issue (i think anyway)
Code:
7 Nov 12 2008 15:36:24 713906 IP = 89.193.232.83, computing NAT Discovery hash
4 Nov 12 2008 15:36:24 713903 Group = 89.193.232.83, IP = 89.193.232.83, Can't find a valid tunnel group, aborting...!
7 Nov 12 2008 15:36:24 715065 Group = 89.193.232.83, IP = 89.193.232.83, IKE MM Responder FSM error history (struct &0xd9298110) <state>, <event>: MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GROUP_LOOKUP-->MM_BLD_MSG4, EV_TEST_CERT-->MM_BLD_MSG4, EV_BLD_MSG4-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, IKE SA MM:d5e02623 terminating: flags 0x01000002, refcnt 0, tuncnt 0
7 Nov 12 2008 15:36:24 713906 Group = 89.193.232.83, IP = 89.193.232.83, sending delete/delete with reason message
Looking at the logs it at no point tries to auth with the username and password so it's a tunnelling issue.
Any super geeks about to help?
Click to expand...
Click to collapse
I have a working config from a Cisco PIX 501, however it can only run PIX OS 6.3(5) and not the newer 7.x or 8.x code the ASA's run so it's likely there are differences. Plus I am also using Digital Certificates as opposed to pre-shared keys, however that will only change the ISAKMP policy. I am also using MS IAS as the Radius server.
Code:
access-list l2tp permit udp host X.X.X.X any eq 1701
ip address outside X.X.X.X 255.255.255.252
ip local pool L2TP-IP-Pool-1 10.10.10.1-10.10.10.14 mask 255.255.255.240
aaa-server radius-authport 1812
aaa-server radius-acctport 1813
aaa-server RADIUS (inside) host 192.168.1.1 cisco-key timeout 5
aaa-server RADIUS (inside) host 192.168.2.1 cisco-key timeout 5
sysopt connection permit-l2tp
crypto ipsec transform-set l2tp esp-3des esp-sha-hmac
crypto ipsec transform-set l2tp mode transport
crypto ipsec security-association lifetime seconds 3600
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 28800 kilobytes 4608000
crypto dynamic-map dyna 20 match address l2tp
crypto dynamic-map dyna 20 set transform-set l2tp
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map mymap 10 ipsec-isakmp dynamic dyna
crypto map mymap client authentication RADIUS
crypto map mymap interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpdn group L2TP-VPN accept dialin l2tp
vpdn group L2TP-VPN ppp authentication mschap
vpdn group L2TP-VPN client configuration address local L2TP-IP-Pool-1
vpdn group L2TP-VPN client configuration dns 192.168.1.50
vpdn group L2TP-VPN client authentication aaa RADIUS
vpdn group L2TP-VPN client accounting RADIUS
vpdn group L2TP-VPN l2tp tunnel hello 60
vpdn enable outside
I have changed the IP addresses I am using, plus I have ommited the PKI Certificate stuff. For PSK's you would need to change the ISAKMP policy.
HTH
Andy
So does this work with WM6.1 native IPSec stack?
There's a similar thread here:
http://forum.xda-developers.com/showthread.php?t=280565&page=2
Someone else stated they figured it out.
stepw said:
So does this work with WM6.1 native IPSec stack?
There's a similar thread here:
http://forum.xda-developers.com/showthread.php?t=280565&page=2
Someone else stated they figured it out.
Click to expand...
Click to collapse
Yes. I have tested this with Windows XP & 2003 as well as Windows Mobile 6.0 & 6.1. The default policies with Vista prevent this working 'out-of-the-box' due to AES being the minimum encryption the Vista VPN client will negotiate (ISAKMP). You can change this though, but it's a pain to do individually and is best pushed down via a GPO - or use an ASA or PIX 7.x or 8.x that supports AES ISAKMP policies.
Andy
ADB100, how is your Cisco firewall configured? I've gotten past phase 1 now but it's stalling at phase 2 as i can't get the client to request the correct policy, it keeps falling back to the default which I can't reconfigure as other policies inherit from it.
Starting to lose my patience, so close yet so far! WinMo6.1 and cisco ASA VPN still has ig issues and no one on the internet seems to know why.
ADB100 said:
Yes. I have tested this with Windows XP & 2003 as well as Windows Mobile 6.0 & 6.1. The default policies with Vista prevent this working 'out-of-the-box' due to AES being the minimum encryption the Vista VPN client will negotiate (ISAKMP). You can change this though, but it's a pain to do individually and is best pushed down via a GPO - or use an ASA or PIX 7.x or 8.x that supports AES ISAKMP policies.
Andy
Click to expand...
Click to collapse
I pretty much posted all the VPN stuff in my previous post. I could send you the entire config if you wish (with some bits scrubbed obviously). I may have an ASA at the end of next week to play around. I will be installing it at a customer site the following week so I should have enough time to test the VPN stuff out, if you can wait? (I'm a CCIE.....)
Cheers
Andy
So you did Andy, sorry I didn't link you to the earlier post. I will continue playing with the ASA today (as you might have guessed I'm not that up to speed with Cisco) and let you know if I get anything.
FWIW here is the drop out when it was failing at phase 1, i don't have the latest log to hand
Code:
IP = , Error: Unable to remove PeerTblEntry
IP = , Removing peer from peer table failed, no match!
IP = , sending delete/delete with reason message
IP = , IKE SA MM:bccde876 terminating: flags 0x01000002, refcnt 0, tuncnt 0
IP = , IKE MM Responder FSM error history (struct &0xd888df20) <state>, <event>: MM_DONE, EV_ERROR-->MM_WAIT_MSG3, EV_TIMEOUT-->MM_WAIT_MSG3, NullEvent-->MM_SND_MSG2, EV_SND_MSG-->MM_SND_MSG2, EV_START_TMR-->MM_SND_MSG2, EV_RESEND_MSG-->MM_WAIT_MSG3, EV_TIMEOUT-->MM_WAIT_MSG3, NullEvent
IP = , IKE_DECODE RESENDING Message (msgid=1100200) with payloads : HDR + UNKNOWN (218), *** ERROR *** + NONE (0) total length : 128
IP = , IKE_DECODE RESENDING Message (msgid=1100200) with payloads : HDR + UNKNOWN (218), *** ERROR *** + NONE (0) total length : 128
IP = , IKE_DECODE RESENDING Message (msgid=1100200) with payloads : HDR + UNKNOWN (218), *** ERROR *** + NONE (0) total length : 128
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , constructing Fragmentation VID + extended capabilities payload
IP = , constructing NAT-Traversal VID ver 02 payload
IP = , constructing ISAKMP SA payload
IP = , IKE SA Proposal # 1, Transform # 8 acceptable Matches global IKE entry # 3
IP = , processing IKE SA payload
IP = , Received NAT-Traversal ver 02 VID
IP = , processing VID payload
IP = , Received Fragmentation VID
IP = , processing VID payload
IP = , processing VID payload
IP = , Oakley proposal is acceptable
IP = , processing SA payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 544
IP = , Received encrypted packet with no matching SA, dropping
Ignoring msg to mark SA with dsID 151552 dead because SA deleted
IP = , IKE_DECODE SENDING Message (msgid=bbb6340d) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Group = DefaultRAGroup, IP = , constructing qm hash payload
Group = DefaultRAGroup, IP = , constructing IKE delete payload
Group = DefaultRAGroup, IP = , constructing blank hash payload
Group = DefaultRAGroup, IP = , sending delete/delete with reason message
Group = DefaultRAGroup, IP = , IKE SA MM:78a1831c terminating: flags 0x01000002, refcnt 0, tuncnt 0
Group = DefaultRAGroup, IP = , IKE SA MM:78a1831c rcv'd Terminate: state MM_ACTIVE flags 0x00000042, refcnt 1, tuncnt 0
Group = DefaultRAGroup, IP = , Removing peer from correlator table failed, no match!
Group = DefaultRAGroup, IP = , sending delete/delete with reason message
Group = DefaultRAGroup, IP = , IKE QM Responder FSM error history (struct &0xd876e128) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH
Group = DefaultRAGroup, IP = , QM FSM error (P2 struct &0xd876e128, mess id 0x713438aa)!
IP = , IKE_DECODE SENDING Message (msgid=c1a6b7b3) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80
Group = DefaultRAGroup, IP = , constructing qm hash payload
Group = DefaultRAGroup, IP = , constructing ipsec notify payload for msg id 713438aa
Group = DefaultRAGroup, IP = , constructing blank hash payload
Group = DefaultRAGroup, IP = , sending notify message
Group = DefaultRAGroup, IP = , All IPSec SA proposals found unacceptable!
Group = DefaultRAGroup, IP = , processing IPSec SA payload
Group = DefaultRAGroup, IP = , IKE Remote Peer configured for crypto map: outside-new_dyn_map
Group = DefaultRAGroup, IP = , Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Group = DefaultRAGroup, IP = , Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Group = DefaultRAGroup, IP = , Static Crypto Map check, map = outside-new_map, seq = 20, ACL does not match proxy IDs src: dst:213.122.163.115
Group = DefaultRAGroup, IP = , Static Crypto Map check, checking map = outside-new_map, seq = 20...
Group = DefaultRAGroup, IP = , QM IsRekeyed old sa not found by addr
Group = DefaultRAGroup, IP = , processing NAT-Original-Address payload
Group = DefaultRAGroup, IP = , L2TP/IPSec session detected.
Group = DefaultRAGroup, IP = , Received local Proxy Host data in ID Payload: Address 213.122.163.115, Protocol 17, Port 1701
Group = DefaultRAGroup, IP = , ID_IPV4_ADDR ID received
Group = DefaultRAGroup, IP = , processing ID payload
Group = DefaultRAGroup, IP = , Received remote Proxy Host FQDN in ID Payload: Host Name: HTC70 Address , Protocol 17, Port 1701
Group = DefaultRAGroup, IP = , ID_FQDN ID received, len 5
Group = DefaultRAGroup, IP = , processing ID payload
Group = DefaultRAGroup, IP = , processing nonce payload
Group = DefaultRAGroup, IP = , processing SA payload
Group = DefaultRAGroup, IP = , processing hash payload
IP = , IKE_DECODE RECEIVED Message (msgid=713438aa) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NONE (0) total length : 293
IP = , IKE Responder starting QM: msg id = 713438aa
Group = DefaultRAGroup, IP = , Starting P1 rekey timer: 21600 seconds.
IP = , Keep-alives configured on but peer does not support keep-alives (type = None)
IP = , Keep-alive type for this connection: None
Group = DefaultRAGroup, IP = , PHASE 1 COMPLETED
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 96
Group = DefaultRAGroup, IP = , constructing dpd vid payload
Group = DefaultRAGroup, IP = , Computing hash for ISAKMP
Group = DefaultRAGroup, IP = , constructing hash payload
Group = DefaultRAGroup, IP = , constructing ID payload
Group = DefaultRAGroup, IP = , Freeing previously allocated memory for authorization-dn-attributes
IP = , Connection landed on tunnel_group DefaultRAGroup
Group = DefaultRAGroup, IP = , Automatic NAT Detection Status: Remote end IS behind a NAT device This end is NOT behind a NAT device
Group = DefaultRAGroup, IP = , Computing hash for ISAKMP
Group = DefaultRAGroup, IP = , processing hash payload
Group = DefaultRAGroup, IP = , ID_FQDN ID received, len 5
Group = DefaultRAGroup, IP = , processing ID payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NONE (0) total length : 61
Group = DefaultRAGroup, IP = , P1 Retransmit msg dispatched to MM FSM
Group = DefaultRAGroup, IP = , Duplicate Phase 1 packet detected. Retransmitting last packet.
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 296
Group = DefaultRAGroup, IP = , Generating keys for Responder...
IP = , Connection landed on tunnel_group DefaultRAGroup
IP = , computing NAT Discovery hash
IP = , constructing NAT-Discovery payload
IP = , computing NAT Discovery hash
IP = , constructing NAT-Discovery payload
IP = , Send Altiga/Cisco VPN3000/Cisco ASA GW VID
IP = , constructing VID payload
IP = , Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
IP = , Send IOS VID
IP = , constructing xauth V6 VID payload
IP = , constructing Cisco Unity VID payload
IP = , constructing nonce payload
IP = , constructing ke payload
IP = , computing NAT Discovery hash
IP = , processing NAT-Discovery payload
IP = , computing NAT Discovery hash
IP = , processing NAT-Discovery payload
IP = , processing nonce payload
IP = , processing ISA_KE payload
IP = , processing ke payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 224
IP = , IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , P1 Retransmit msg dispatched to MM FSM
IP = , Duplicate Phase 1 packet detected. Retransmitting last packet.
IP = , IKE_DECODE RESENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , P1 Retransmit msg dispatched to MM FSM
IP = , Duplicate Phase 1 packet detected. Retransmitting last packet.
IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
IP = , constructing Fragmentation VID + extended capabilities payload
IP = , constructing NAT-Traversal VID ver 02 payload
IP = , constructing ISAKMP SA payload
IP = , IKE SA Proposal # 1, Transform # 8 acceptable Matches global IKE entry # 3
IP = , processing IKE SA payload
IP = , processing VID payload
IP = , Received NAT-Traversal ver 02 VID
IP = , processing VID payload
IP = , Received Fragmentation VID
IP = , processing VID payload
IP = , processing VID payload
IP = , Oakley proposal is acceptable
IP = , processing SA payload
IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 564
Thank you for your help thus far Andy.
ETA - I removed the timestamp to get within char limit, the oldest (first) message is at the bottom, newest (last) at top
Update - I've decided to go down the cert route as there's a working config from Andy above, however the Cisco ASA exports it's certificates in a format the winmo decive can't import! Any ideas?
jon- said:
Update - I've decided to go down the cert route as there's a working config from Andy above, however the Cisco ASA exports it's certificates in a format the winmo decive can't import! Any ideas?
Click to expand...
Click to collapse
OK, I have just got this working in my lab......
I have got a pretty basic config at the moment. I am using a pre-shared key for the ISAKMP phase I negotiation and local users. I have tested it with a Windows XP client and a couple of minutes ago with WM6.1 on my Kaiser. Both worked first time. I used the ASDM GUI to generate this configuration, I just attempted to match up the old PIX 6.3(5) config with the 7.2(4) code that is running on the new PIX.
Code:
ip local pool ip-pool 10.20.20.1-10.20.20.10 mask 255.255.255.240
!
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map inside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
!
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.10.10.10
vpn-tunnel-protocol l2tp-ipsec
!
username cisco password cisco privilege 0
username cisco attributes
vpn-group-policy DefaultRAGroup
!
tunnel-group DefaultRAGroup general-attributes
address-pool ip-pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key cisco
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
I will do some more testing and get the authentication passed to an external Radius server as well as using RSA Certificates instead of a PSK.
HTH
Andy
Thanks Andy. Are you using the default policy for the devices? My problem seems to be I cant select a different group/tunnel/policy with winmo6.1 so it falls back to the default one which I can't configure to work with the device.
Yes its the default one (DefaultRAGroup), this is pretty much a vanilla PIX (it's not actually a real PIX its just an emulated one as well....). If you can let me have some of the bits of your config I can maybe test them here?
Andy
Here in lies my problem (i think), I can't use the default policy but can't force my phone to another policy.
Andy,
Been playing with Greenbow VPN client today after giving up on the built in one. No having much luck with that either, it seems to be trying to set up a lan to lan tunnel as well.
Here's the ASA config as requested
Code:
ip local pool Pool1 10.x.x.x-10.x.x.x mask 255.x.x.x
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside-new_dyn_map 20 set pfs
crypto dynamic-map outside-new_dyn_map 20 set transform-set ESP-3DES-SHA TRANS_ESP_3DES_SHA
crypto dynamic-map outside-new_dyn_map 40 set pfs
crypto dynamic-map outside-new_dyn_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 62.x.x.x
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map outside-new_map 20 match address outside-new_cryptomap_20
crypto map outside-new_map 20 set peer 62.x.x.x
crypto map outside-new_map 20 set transform-set ESP-DES-MD5
crypto map outside-new_map 65535 ipsec-isakmp dynamic outside-new_dyn_map
crypto map outside-new_map interface outside-new
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp enable outside-new
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption des
hash md5
group 1
lifetime 86400
group-policy DfltGrpPolicy attributes
banner value hispek.com vpn
vpn-simultaneous-logins 30
vpn-tunnel-protocol IPSec webvpn
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Internal_Nets
default-domain value hispek
nac-settings value DfltGrpPolicy-nac-framework-create
webvpn
svc keepalive none
svc dpd-interval client none
svc dpd-interval gateway none
customization value DfltCustomization
group-policy MobileVPN internal
group-policy MobileVPN attributes
dns-server value 10.x.x.x 10.x.x.x
vpn-tunnel-protocol IPSec l2tp-ipsec
username jjbmobile password * encrypted privilege 15
username jjbmobile attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
service-type admin
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key M0b1132
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group 62.x.x.x type ipsec-l2l
tunnel-group 62.x.x.x ipsec-attributes
pre-shared-key m0squito
tunnel-group MobileVPN type remote-access
tunnel-group MobileVPN general-attributes
address-pool Pool1
default-group-policy MobileVPN
tunnel-group MobileVPN ipsec-attributes
pre-shared-key JonsSillyNewPhone
tunnel-group MobileVPN ppp-attributes
authentication ms-chap-v2
!
class-map global-class
match default-inspection-traffic
class-map inside-class
match access-list inside_mpc
class-map outside-class
match access-list outside_mpc
!
Windows Mobile 6.1 with ASA 5510
ADB100 said:
I pretty much posted all the VPN stuff in my previous post. I could send you the entire config if you wish (with some bits scrubbed obviously). I may have an ASA at the end of next week to play around. I will be installing it at a customer site the following week so I should have enough time to test the VPN stuff out, if you can wait? (I'm a CCIE.....)
Cheers
Andy
Click to expand...
Click to collapse
Hi Andy,
I am a new user to the forum....I am trying to workout Windows Mobile 6.1 connect with ASA 5510 using IPSec, through available VPN client which allows L2TP/IPSec & PPTP.
I have seen your posts and found you got this working without any external VPN client....Would you be able to share that configuration with me???
Thanks,
nil3879
Too bad Bluefire Security went out-of-business because their WinMo VPN client worked really well with Cisco VPN 3000 series concentrator and PIX 500 series firewalls and I'm sure it would work with Cisco ASA as well. Tested using group password and AD authentication.
Hello Everyone,
All of you that are using a custom ROM and/or Radio on your T-Mobile USA HD2 and are located in the USA, could you please run this test for me while connected to 3G?
Speedguide.net TCP/IP Analyzer
I noticed the RWIN values that T-Mobile are having on the stock ROM really neuter the throughput on the phone. Look at the RWIN values
Please post:
1) OS Version
2) Manila Version
3) ROM Version
4) Radio Version
5) Protocol Version
6) On 3G or not
7) The results from the test( there is a window at the bottom to copy and paste)
Here is mine:
1) OS: 5.2.21889(21889.5.0.87) 2.10.531.1 (82076) WWE (stock shipping US Rom)
2) Manila: 2.5.20121412.1
3) ROM: 2.10.531.1 (82076) WWE
4) Radio: 2.08.50.08_2
5) Protocol: 15.34.50.07U
6) 3G with 4 bars
7) Results:
« SpeedGuide.net TCP Analyzer Results »
Tested on: 03.28.2010 16:35
IP address: 208.54.xx.xxx
Client OS: Windows XP
TCP options string: 0204058c0101040201030302
MSS: 1420
MTU: 1460
TCP Window: 5840 (NOT multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 1460
Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
BDP limit (200ms): 234kbps (29KBytes/s)
BDP limit (500ms): 93kbps (12KBytes/s)
MTU Discovery: ON
TTL: 164
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)
Thank you, I appreciate your help:
Baenwort
1)5.2.21889(build 21889.5.0.87) Stock shiping US rom
2)2.5.20121412.1
3)2.10.531.1(82076)WWE date(2/22/10)
4)2.08.50.08_2
5)15.34.50.07U
6)3G with 2 bars
7)Results:
« SpeedGuide.net TCP Analyzer Results »
Tested on: 03.28.2010 17:59
IP address: 208.54.x.xxx
Client OS: Windows XP
TCP options string: 0204058c0101040201030302
MSS: 1420
MTU: 1460
TCP Window: 5840 (NOT multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 1460
Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
BDP limit (200ms): 234kbps (29KBytes/s)
BDP limit (500ms): 93kbps (12KBytes/s)
MTU Discovery: ON
TTL: 162
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)
Please Participate
Hello Everyone,
Please participate in this knowledge base. We will all benefit in the long run. Takes less than 2 mintues to run the test and post results here.
Thank you,
Monnie
I will do it tomorrow as soon as i get mines. Promise. Do you mind me asking, what do you intend to do with this information?
miguel4u2 said:
I will do it tomorrow as soon as i get mines. Promise. Do you mind me asking, what do you intend to do with this information?
Click to expand...
Click to collapse
My theory is, some network throttling is going on from the network level which would prevent customers from receiving full bandwidth.
Thank you,
Monnie
« SpeedGuide.net TCP Analyzer Results »
Tested on: 03.30.2010 04:17
IP address: 208.54.xx.xx
TCP options string: 020405b40402080a1b5abfea0000000001030307
MSS: 1460
MTU: 1500
TCP Window: 5888 (NOT multiple of MSS)
RWIN Scaling: 7 bits (2^7=128)
Unscaled RWIN : 46
Recommended RWINs: 64240, 128480, 256960, 513920, 1027840
BDP limit (200ms): 236kbps (29KBytes/s)
BDP limit (500ms): 94kbps (12KBytes/s)
MTU Discovery: ON
TTL: 49
Timestamps: ON
SACKs: ON
IP ToS: 00000000 (0)
tmobile hd2
os 6.5 running energy march 26 ROM
Here's what I got:
« SpeedGuide.net TCP Analyzer Results »
Tested on: 03.30.2010 11:15
IP address: 208.54.xx.xx
Client OS: Windows CE
TCP options string: 0204058c0101040201030302
MSS: 1420
MTU: 1460
TCP Window: 5840 (NOT multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 1460
Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
BDP limit (200ms): 234kbps (29KBytes/s)
BDP limit (500ms): 93kbps (12KBytes/s)
MTU Discovery: ON
TTL: 164
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)
Now what?
I'd be more than glad to help, but I barely get stable 3G connection in my house. I will update once I get a 3G connection.
« SpeedGuide.net TCP Analyzer Results »
Tested on: 03.30.2010 13:21
IP address: 208.54.xx.xx
TCP options string: 0204058c0101040201030302
MSS: 1420
MTU: 1460
TCP Window: 5840 (NOT multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 1460
Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
BDP limit (200ms): 234kbps (29KBytes/s)
BDP limit (500ms): 93kbps (12KBytes/s)
MTU Discovery: ON
TTL: 161
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)
I tried that page. I had the same numbers. But, last night, I did a SpeedTest with my phone. I got 600+ kbps download from one of the test servers. I was able to reproduce that result as well. From another test server I would get around 300+ kbps.
What's the speed of 3G supposed to be again?
Did another test and got similar results.
Here is mine:
1) OS: 5.2.21889(21889.5.0.87) 2.10.531.1 (82076) WWE (stock shipping US Rom)
2) Manila: 2.5.20121412.1
3) ROM: 2.10.531.1 (82076) WWE
4) Radio: 2.08.50.08_2
5) Protocol: 15.34.50.07U
6) 3G with 4 bars
7) Results:
« SpeedGuide.net TCP Analyzer Results »
Tested on: 03.30.2010 18:43
IP address: 208.54.x.xx
Client OS: Windows XP
TCP options string: 0204058c0101040201030302
MSS: 1420 h
MTU: 1460
TCP Window: 5840 (NOT multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 1460
Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
BDP limit (200ms): 234kbps (29KBytes/s)
BDP limit (500ms): 93kbps (12KBytes/s)
MTU Discovery: ON
TTL: 162
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)
Hey, this is definately on the network end, and not device end. Stinkin T-Mobile getting stingy with bandwidth. Getting the same result on the Nexus one and TP2 and HD2. (First day they flipped the HSPA switch on, I was getting 5 Mbits DL on my TP2 tethered to laptop, now I'm barely hitting 2 Mbit in the same exact spot.)
Test Results from before..
_______________________________________________________
http://www.speedtest.net/result/676333122.png
Ping: 85ms
DL: 4.49Mbps
UL: 1.24Mbps
_____________________________________________
« SpeedGuide.net TCP Analyzer Results »
Tested on: 03.30.2010 20:08
IP address: 208.54.xx.xx
Client OS: Linux
TCP options string: 0204058c0101040201030302
MSS: 1420
MTU: 1460
TCP Window: 5840 (NOT multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 1460
Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
BDP limit (200ms): 234kbps (29KBytes/s)
BDP limit (500ms): 93kbps (12KBytes/s)
MTU Discovery: ON
TTL: 159
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)
Throttling and 3G speeds...
FreakyFerret said:
What's the speed of 3G supposed to be again?
Click to expand...
Click to collapse
I spoke with a friend that works at TMO and he said the TMO network is STILL being upgraded, and TRUE 3G speeds won't be available until around summer, or possibly later this year (and I'm sure that will be rolled out SLOWLY across the country).
And you guys are RIGHT! TMO is and WILL throttle bandwidth on a area-by-area basis. Essentially, those of you getting higher speeds at first, and then seeing subsequent performance degradation are just getting throttled by TMO's system because it is recognizing a performance hit in your area. Therefore, your phone (not confirmed if its truly the phone or the tower or the grid area) will get reduced bandwidth until there is some sort of reset back to normal (also not confirmed if its a kind of reset or just a gradual increase back to normal).
I could not get a 3G connection at this time... I will update later... and this is from my android dev phone, not an HD2
« SpeedGuide.net TCP Analyzer Results »
Tested on: 03.31.2010 16:48
IP address: 208.54.xx.xx
Client OS: Linux
TCP options string: 0204058c0101040201030302
MSS: 1420
MTU: 1460
TCP Window: 5840 (NOT multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 1460
Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
BDP limit (200ms): 234kbps (29KBytes/s)
BDP limit (500ms): 93kbps (12KBytes/s)
MTU Discovery: ON
TTL: 163
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)
My Values... I Think!
I started my Opera with a 3G signal reading and 3 bars... then once the results came up, it showed only an EGPRS with 4 bars! Not sure which the reading was taken at:
« SpeedGuide.net TCP Analyzer Results »
Tested on: 04.01.2010 00:59
IP address: 208.54.xx.xx
Client OS: Windows XP
TCP options string: 0204058c0101040201030302
MSS: 1420
MTU: 1460
TCP Window: 5840 (NOT multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 1460
Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
BDP limit (200ms): 234kbps (29KBytes/s)
BDP limit (500ms): 93kbps (12KBytes/s)
MTU Discovery: ON
TTL: 157
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)
chiasoft said:
Hey, this is definately on the network end, and not device end. Stinkin T-Mobile getting stingy with bandwidth. Getting the same result on the Nexus one and TP2 and HD2. (First day they flipped the HSPA switch on, I was getting 5 Mbits DL on my TP2 tethered to laptop, now I'm barely hitting 2 Mbit in the same exact spot.)
Test Results from before..
_______________________________________________________
http://www.speedtest.net/result/676333122.png
Ping: 85ms
DL: 4.49Mbps
UL: 1.24Mbps
_____________________________________________
« SpeedGuide.net TCP Analyzer Results »
Tested on: 03.30.2010 20:08
IP address: 208.54.xx.xx
Client OS: Linux
TCP options string: 0204058c0101040201030302
MSS: 1420
MTU: 1460
TCP Window: 5840 (NOT multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 1460
Recommended RWINs: 65320, 130640, 261280, 522560, 1045120
BDP limit (200ms): 234kbps (29KBytes/s)
BDP limit (500ms): 93kbps (12KBytes/s)
MTU Discovery: ON
TTL: 159
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)
Click to expand...
Click to collapse
So basically tmobile is selling a service but providing a "watered down" version so to speak? [email protected] recession!!!!
There is a setting in Android>Settings>Wireless & networks>Mobile Networks>Access Point Names where a user can specify the Authentication type for connecting to 3g, my device allows you to choose either PAP, CHAP, BOTH or NONE.
HOWEVER, while the GUI shows PAP in the APN setting, if such is selected, the debugger shows that the device is trying to authenticate through CHAP. I have attached the log for you to see.
Please let me know how I can force through hardcoding the use of PAP to make the HSPA connection. Also, the DNSs are bogus, which also puzzles me.
There is $50 dollars as an incentive for whoever makes this happen.
01-19 22:18:07.665: DEBUG/vold(880): POWER_SUPPLY_NAME=ac
01-19 22:18:07.665: DEBUG/vold(880): POWER_SUPPLY_TYPE=Mains
01-19 22:18:07.665: DEBUG/vold(880): POWER_SUPPLY_ONLINE=1
01-19 22:18:33.425: DEBUG/NetworkLocationProvider(945): onDataConnectionStateChanged 10
01-19 22:18:33.465: DEBUG/MobileDataStateTracker(945): default Received state= DISCONNECTED, old= CONNECTING, reason= apnChanged, apnTypeList= *
01-19 22:18:33.465: DEBUG/NetworkStateTracker(945): setDetailed state, old =CONNECTING and new state=DISCONNECTED
01-19 22:18:33.465: DEBUG/ConnectivityService(945): ConnectivityChange for MOBILE: DISCONNECTED/DISCONNECTED
01-19 22:18:33.575: DEBUG/GpsLocationProvider(945): updateNetworkState available info: NetworkInfo: type: MOBILE[UNKNOWN], state: DISCONNECTED/DISCONNECTED, reason: apnChanged, extra: internet.movistar.mx, roaming: false, failover: false, isAvailable: false
01-19 22:18:33.575: DEBUG/GpsLocationProvider(945): NetworkThread wait for 9223372036854775807ms
01-19 22:18:33.595: INFO/MediaUploader(1135): No need to wake up
01-19 22:18:33.705: DEBUG/NetworkLocationProvider(945): onDataConnectionStateChanged 10
01-19 22:18:33.705: DEBUG/MobileDataStateTracker(945): default Received state= CONNECTING, old= DISCONNECTED, reason= (unspecified), apnTypeList= *
01-19 22:18:33.705: DEBUG/NetworkStateTracker(945): setDetailed state, old =DISCONNECTED and new state=CONNECTING
01-19 22:18:33.705: DEBUG/ConnectivityService(945): ConnectivityChange for MOBILE: CONNECTING/CONNECTING
01-19 22:18:35.335: INFO/pppd(1800): Serial connection established.
01-19 22:18:35.335: DEBUG/pppd(1800): using channel 7
01-19 22:18:35.355: DEBUG/vold(880): [UEVENT] Sq: 1439 S: net A: 0 P: /devices/virtual/net/ppp0
01-19 22:18:35.355: DEBUG/vold(880): DEVPATH=/devices/virtual/net/ppp0
01-19 22:18:35.355: DEBUG/vold(880): INTERFACE=ppp0
01-19 22:18:35.355: DEBUG/vold(880): IFINDEX=9
01-19 22:18:35.355: DEBUG/vold(880): No uevent handlers registered for 'net' subsystem
01-19 22:18:35.365: INFO/pppd(1800): Using interface ppp0
01-19 22:18:35.365: INFO/pppd(1800): Connect: ppp0 <--> /dev/ttyUSB0
01-19 22:18:36.375: DEBUG/pppd(1800): sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1e53a172> <pcomp> <accomp>]
01-19 22:18:36.375: DEBUG/pppd(1800): rcvd [LCP ConfReq id=0x12 <asyncmap 0x0> <auth chap MD5> <magic 0xf88238> <pcomp> <accomp>]
01-19 22:18:36.375: DEBUG/pppd(1800): sent [LCP ConfAck id=0x12 <asyncmap 0x0> <auth chap MD5> <magic 0xf88238> <pcomp> <accomp>]
01-19 22:18:36.375: DEBUG/pppd(1800): rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1e53a172> <pcomp> <accomp>]
01-19 22:18:36.385: DEBUG/pppd(1800): rcvd [LCP DiscReq id=0x13 magic=0xf88238]
01-19 22:18:36.385: DEBUG/pppd(1800): rcvd [CHAP Challenge id=0x1 <3a1477f1ae67d1c06633eef3a6ea709b>, name = "UMTS_CHAP_SRVR"]
01-19 22:18:36.385: DEBUG/pppd(1800): sent [CHAP Response id=0x1 <ebf1fb3e1003d2c0ea6e740043b60d28>, name = "CARD"]
01-19 22:18:36.395: DEBUG/pppd(1800): rcvd [CHAP Success id=0x1 ""]
01-19 22:18:36.395: INFO/pppd(1800): CHAP authentication succeeded
01-19 22:18:36.395: DEBUG/pppd(1800): sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
01-19 22:18:36.395: DEBUG/pppd(1800): sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
01-19 22:18:36.405: DEBUG/pppd(1800): rcvd [LCP ProtRej id=0x14 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
01-19 22:18:37.408: DEBUG/pppd(1800): rcvd [IPCP ConfNak id=0x1 <ms-dns1 10.11.12.13> <ms-dns3 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
01-19 22:18:37.408: DEBUG/pppd(1800): sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns3 10.11.12.14>]
01-19 22:18:37.645: INFO/pppd(1800): Modem hangup
01-19 22:18:37.645: INFO/pppd(1800): Connection terminated.
I'll Paypal you if you can solve this. It's a difficult thing for me to do, should be easy for you devs...
Why would you want the less secure approach?
I know nothing of deving but chap is more secure.
Maybe your network provider is forcing it.
ur network provider forces one of the two(if any) , if you leave the said form empty , the phone will use network default
SOLVED
Happy to help
Add the following new file to /etc/ppp/ ---- Set ALL Permissions to Read/Execute
filename: options
<start of file contents>
#/etc/ppp/options
#Require the peer to authenticate itself using PAP.
#+pap
#Don't agree to authenticate using PAP.
#-pap
#Require the peer to authenticate itself using CHAP [Cryptographic
#Handshake Authentication Protocol] authentication.
#+chap
#Don't agree to authenticate using CHAP.
-chap
#---<End of File>---
<end of file contents>
In root directory /etc/ppp/peers/ modify mcli-gsm
Add the line item at the bottom:
-chap
---- Confirm ALL Permissions set to Read/Execute
http://d-h.st/7F3 VirginBroadbandAndroidSupport.zip 8kb
File is for Virgin Mobile Australia Broadband Data Only as an example. You can change your APN settings as needed
The more user friendly installation howto is listed below: this howto requires the four files in the above zip file.
Using ES File explorer from play.google.com enable root explorer access, mout file system as writable, enable to root all enabelded. All Root settings are listed under ES explorer settings.
Before overwritting anyfile make a backup copy simply by changing the filename extension to .bak
Using ES file explorer navigate to /system/etc/ rename apns-conf.xml to apns-conf.bak
copy apns-conf.xml to /system/etc/ set permissions to rw- r-- r--
Using ES file explorer navigate to /system/etc/ppp/peers/ rename mcli-gsm to mcli-gsm.bak
copy mcli-gsm to /system/etc/ppp/peers/ set permissions to r-x r-x r-x
copy options to /system/etc/ppp/ set permissions to r-x r-x r-x
apples2apples said:
There is a setting in Android>Settings>Wireless & networks>Mobile Networks>Access Point Names where a user can specify the Authentication type for connecting to 3g, my device allows you to choose either PAP, CHAP, BOTH or NONE.
HOWEVER, while the GUI shows PAP in the APN setting, if such is selected, the debugger shows that the device is trying to authenticate through CHAP. I have attached the log for you to see.
Please let me know how I can force through hardcoding the use of PAP to make the HSPA connection. Also, the DNSs are bogus, which also puzzles me.
There is $50 dollars as an incentive for whoever makes this happen.
01-19 22:18:07.665: DEBUG/vold(880): POWER_SUPPLY_NAME=ac
01-19 22:18:07.665: DEBUG/vold(880): POWER_SUPPLY_TYPE=Mains
01-19 22:18:07.665: DEBUG/vold(880): POWER_SUPPLY_ONLINE=1
01-19 22:18:33.425: DEBUG/NetworkLocationProvider(945): onDataConnectionStateChanged 10
01-19 22:18:33.465: DEBUG/MobileDataStateTracker(945): default Received state= DISCONNECTED, old= CONNECTING, reason= apnChanged, apnTypeList= *
01-19 22:18:33.465: DEBUG/NetworkStateTracker(945): setDetailed state, old =CONNECTING and new state=DISCONNECTED
01-19 22:18:33.465: DEBUG/ConnectivityService(945): ConnectivityChange for MOBILE: DISCONNECTED/DISCONNECTED
01-19 22:18:33.575: DEBUG/GpsLocationProvider(945): updateNetworkState available info: NetworkInfo: type: MOBILE[UNKNOWN], state: DISCONNECTED/DISCONNECTED, reason: apnChanged, extra: internet.movistar.mx, roaming: false, failover: false, isAvailable: false
01-19 22:18:33.575: DEBUG/GpsLocationProvider(945): NetworkThread wait for 9223372036854775807ms
01-19 22:18:33.595: INFO/MediaUploader(1135): No need to wake up
01-19 22:18:33.705: DEBUG/NetworkLocationProvider(945): onDataConnectionStateChanged 10
01-19 22:18:33.705: DEBUG/MobileDataStateTracker(945): default Received state= CONNECTING, old= DISCONNECTED, reason= (unspecified), apnTypeList= *
01-19 22:18:33.705: DEBUG/NetworkStateTracker(945): setDetailed state, old =DISCONNECTED and new state=CONNECTING
01-19 22:18:33.705: DEBUG/ConnectivityService(945): ConnectivityChange for MOBILE: CONNECTING/CONNECTING
01-19 22:18:35.335: INFO/pppd(1800): Serial connection established.
01-19 22:18:35.335: DEBUG/pppd(1800): using channel 7
01-19 22:18:35.355: DEBUG/vold(880): [UEVENT] Sq: 1439 S: net A: 0 P: /devices/virtual/net/ppp0
01-19 22:18:35.355: DEBUG/vold(880): DEVPATH=/devices/virtual/net/ppp0
01-19 22:18:35.355: DEBUG/vold(880): INTERFACE=ppp0
01-19 22:18:35.355: DEBUG/vold(880): IFINDEX=9
01-19 22:18:35.355: DEBUG/vold(880): No uevent handlers registered for 'net' subsystem
01-19 22:18:35.365: INFO/pppd(1800): Using interface ppp0
01-19 22:18:35.365: INFO/pppd(1800): Connect: ppp0 <--> /dev/ttyUSB0
01-19 22:18:36.375: DEBUG/pppd(1800): sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1e53a172> <pcomp> <accomp>]
01-19 22:18:36.375: DEBUG/pppd(1800): rcvd [LCP ConfReq id=0x12 <asyncmap 0x0> <auth chap MD5> <magic 0xf88238> <pcomp> <accomp>]
01-19 22:18:36.375: DEBUG/pppd(1800): sent [LCP ConfAck id=0x12 <asyncmap 0x0> <auth chap MD5> <magic 0xf88238> <pcomp> <accomp>]
01-19 22:18:36.375: DEBUG/pppd(1800): rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1e53a172> <pcomp> <accomp>]
01-19 22:18:36.385: DEBUG/pppd(1800): rcvd [LCP DiscReq id=0x13 magic=0xf88238]
01-19 22:18:36.385: DEBUG/pppd(1800): rcvd [CHAP Challenge id=0x1 <3a1477f1ae67d1c06633eef3a6ea709b>, name = "UMTS_CHAP_SRVR"]
01-19 22:18:36.385: DEBUG/pppd(1800): sent [CHAP Response id=0x1 <ebf1fb3e1003d2c0ea6e740043b60d28>, name = "CARD"]
01-19 22:18:36.395: DEBUG/pppd(1800): rcvd [CHAP Success id=0x1 ""]
01-19 22:18:36.395: INFO/pppd(1800): CHAP authentication succeeded
01-19 22:18:36.395: DEBUG/pppd(1800): sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
01-19 22:18:36.395: DEBUG/pppd(1800): sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
01-19 22:18:36.405: DEBUG/pppd(1800): rcvd [LCP ProtRej id=0x14 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
01-19 22:18:37.408: DEBUG/pppd(1800): rcvd [IPCP ConfNak id=0x1 <ms-dns1 10.11.12.13> <ms-dns3 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
01-19 22:18:37.408: DEBUG/pppd(1800): sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns3 10.11.12.14>]
01-19 22:18:37.645: INFO/pppd(1800): Modem hangup
01-19 22:18:37.645: INFO/pppd(1800): Connection terminated.
I'll Paypal you if you can solve this. It's a difficult thing for me to do, should be easy for you devs...
Click to expand...
Click to collapse