L2TP VPN on AR509

Latest reply: Nov 15, 2016 06:56:17 4510 4 0 0

Hello, World!

I have AR509g-l-d-h FW: Version 5.160 (AR500 V200R006C10SPC300), but i cannot succesfully configure L2TP VPN connection.

I successfully connect to the L2TP tunnel using the other router (Topex Bytton LTE), but I need to connect via AR509. :(

Whats wrong?

Current configuration:

[V200R006C10SPC300]

#
drop illegal-mac alarm
#
l2tp enable
#
dns resolve
dns proxy enable
#
vlan batch 101
#
dhcp enable
#
cellular log enable
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
acl name Cellular0/0/0 2999
rule 5 permit
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password irreversible-cipher %^%#u=lZBnnM[Hpu4+Z(Cso3}3N(Td%Dn5*@2aLoUt&~i\;!=#";23"P_):|qVQ6%^%#
local-user admin privilege level 15
local-user admin service-type terminal http
local-user my_login password cipher %^%#fTGF8[yV[0'e\U!E8\r5thy[7dOl#Ku={rX-[v*<%^%#
local-user my_login privilege level 0
local-user my_login service-type ppp
#
firewall zone Local
priority 16
#
interface Vlanif1
ip address 192.168.1.1 255.255.255.0
#
interface Vlanif101
ip address 172.16.6.57 255.255.255.252
#
interface Ethernet0/0/0
#
interface Virtual-Template1
ppp chap user my_login
ppp chap password cipher %@%@/HCOOLg%UVW%wI%+YIrJ,"X\%@%@
ppp pap local-user my_login password cipher %@%@/HCOOLg%UVW%wI%+YIrJ,"X\%@%@
ppp ipcp dns admit-any
ppp ipcp dns request
mtu 1460
tcp adjust-mss 1460
ip address 172.31.1.10 255.255.255.255
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 101
undo port hybrid vlan 1
port hybrid untagged vlan 101
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
description VirtualPort
#
interface Cellular0/0/0
tcp adjust-mss 1460
dialer enable-circular
dialer-group 1
dialer timer autodial 20
dialer number *99# autodial
nat outbound 2999
ip address negotiate
#
interface Cellular0/0/1
#
interface NULL0
#
dialer-rule
dialer-rule 1 ip permit
#
apn profile APN
user name mtt password cipher %@%@*,b-RRJ>J*zFQX5eNhj~,"K$%@%@
apn cpemon
#
l2tp-group 2
undo tunnel authentication
start l2tp ip 172.31.255.254 fullusername my_login
#
info-center timestamp log format-date
#
snmp-agent local-engineid 800007DB03244C070E5765
#
http timeout 100
http secure-server ssl-policy default_policy
http server enable
http secure-server enable
#
ip route-static 0.0.0.0 0.0.0.0 Cellular0/0/0
ip route-static 172.31.255.254 255.255.255.255 Cellular0/0/0
#
user-interface con 0
authentication-mode aaa
user-interface vty 0
authentication-mode aaa
user privilege level 15
user-interface vty 1 4
#
wlan ac
#
return

Logfile:

2016-09-09 03:23+00:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP on the interface Virtual-Template1:0 has entered the DOWN state.
2016-09-09 03:23+00:00 Huawei %%01PPP/4/PHYSICALDOWN(l)[1]:On the interface Virtual-Template1:0, PPP link was closed because the status of the physical layer was Down.
2016-09-09 03:23+00:00 Huawei %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP on the interface Virtual-Template1:1 has entered the DOWN state.
2016-09-09 03:23+00:00 Huawei %%01PPP/4/PHYSICALDOWN(l)[3]:On the interface Virtual-Template1:1, PPP link was closed because the status of the physical layer was Down.
2016-09-09 03:23+00:00 Huawei %%01IFNET/4/LINK_STATE(l)[4]:The line protocol PPP on the interface Virtual-Template1:1 has entered the UP state.
2016-09-09 03:23+00:00 Huawei %%01IFNET/4/LINK_STATE(l)[5]:The line protocol PPP on the interface Virtual-Template1:0 has entered the UP state.


  • x
  • convention:

Nana00
Created Sep 9, 2016 11:33:20 Helpful(0) Helpful(0)

L2TP VPN on AR509

Waiting for help

  • x
  • convention:

raniocha
Created Sep 15, 2016 15:41:59 Helpful(0) Helpful(0)

L2TP VPN on AR509

HI, 


you have i problem with authentication , the interface template didn't get up stat .

please verifier this and replay my with more logs

  • x
  • convention:

raniocha
Created Sep 15, 2016 15:44:51 Helpful(0) Helpful(0)

L2TP VPN on AR509

you can use this as exemple:

#
sysname LNS
#
l2tp enable
#
interface GigabitEthernet1/0/0
ip address 202.1.1.1 255.255.255.0
#
aaa
local-user huawei password cipher %@%@/|S75*sxcH2@FQL=wn#2@I`a%@%@
local-user huawei server-type ppp
#
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 1
#
interface Virtual-Template1
ppp authentication-mode pap
remote address pool lns
ip address 192.168.1.1 255.255.255.0
#
ip pool lns
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
#
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2
#

  • x
  • convention:

bmday
Created Nov 15, 2016 06:56:17 Helpful(0) Helpful(0)

Hi.

Two months ago, I solved the problem

That part of the configuration that works:
interface Virtual-Template1
ppp pap local-user USERNAME password cipher %@%@Y\h3(l[#&4@:8ECf/u{>,"d"%@%@
ppp ipcp dns admit-any
ppp ipcp dns request
tcp adjust-mss 1460
ip address ppp-negotiate
l2tp-auto-client enable
#
l2tp-group 2
undo tunnel authentication
tunnel name TUNNELNAME
start l2tp ip 172.31.255.254 fullusername USERNAME

L2TP does not work if I was forced to point out the type of authentication command:
ppp authentication-mode pap / chap

There is a nuance. If a user sets up the L2TP tunnel using a web interface, the configuration is automatically added:
ppp chap user my_login
ppp chap password cipher% @% @ / HCOOLg% UVW% wI% + YIrJ, "X \% @% @
ppp pap local-user my_login password cipher% @% @ / HCOOLg% UVW% wI% + YIrJ, "X \% @% @

This forces the change manually configured via RS232 or SSH / Telnet, delete:
ppp chap user my_login
ppp chap password cipher% @% @ / HCOOLg% UVW% wI% + YIrJ, "X \% @% @

If all this does not need to specify:
ppp authentication-mode pap / chap

IMHO, it is the lack of a Web-based interface. The web interface does not allow to choose PAP / CHAP, and forces the two types of authentication simultaneously.

Thanks to all. This post was last edited by bmday at 2016-11-15 06:59.
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login