# Problem getting VPN to work



## Ali3n0id (Feb 1, 2014)

Hi all, 

I've got a RasPi model B+ with a 4GB SD card and the latest Raspbian setup.

I want to use the VPN so I can monitor and use my network shares at home easily (and cheaply!)

I am using Dynamic DNS to connect to the Pi remotely and have had no problems...

I have followed this guide:

How to setup L2TP VPN server on Raspberry Pi? | Linux.Tips

ipsec verify


```
sudo ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.37/K3.12.22+ (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
 NETKEY:  Testing XFRM related proc values                      [OK]
        [OK]
        [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                          [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]
```
last few lines of /var/log/auth.log


```
Sep  7 11:51:05 0ri0n pluto[9849]: "L2TP-PSK-NAT"[1] 85.255.234.219 #1: Main mode peer ID is ID_IPV4_ADDR: '10.24.100.5'
Sep  7 11:51:05 0ri0n pluto[9849]: "L2TP-PSK-NAT"[1] 85.255.234.219 #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Sep  7 11:51:05 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: deleting connection "L2TP-PSK-NAT" instance with peer 85.255.234.219 {isakmp=#0/ipsec=#0}
Sep  7 11:51:05 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep  7 11:51:05 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: new NAT mapping for #1, was 85.255.234.219:24106, now 85.255.234.219:33130
Sep  7 11:51:05 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Sep  7 11:51:05 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: Dead Peer Detection (RFC 3706): enabled
Sep  7 11:51:06 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Sep  7 11:51:06 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: received and ignored informational message
Sep  7 11:51:06 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: the peer proposed: MY EXTERNAL IP/32:17/1701 -> 10.24.100.5/32:17/0
Sep  7 11:51:06 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #2: responding to Quick Mode proposal {msgid:9550148e}
Sep  7 11:51:06 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #2:     us: 192.168.0.14<192.168.0.14>[+S=C]:17/1701
Sep  7 11:51:06 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #2:   them: 85.255.234.219[10.24.100.5,+S=C]:17/0===10.24.100.5/32
Sep  7 11:51:06 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep  7 11:51:06 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep  7 11:51:17 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #2: Dead Peer Detection (RFC 3706): enabled
Sep  7 11:51:17 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep  7 11:51:17 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0fa32b53 <0x4fd049fe xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=85.255.234.219:33130 DPD=enabled}
Sep  7 11:51:48 0ri0n sshd[10056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.177.198.82  user=root
Sep  7 11:51:50 0ri0n sshd[10056]: Failed password for root from 220.177.198.82 port 2948 ssh2
Sep  7 11:51:52 0ri0n sshd[10056]: Failed password for root from 220.177.198.82 port 2948 ssh2
Sep  7 11:51:55 0ri0n sshd[10056]: Failed password for root from 220.177.198.82 port 2948 ssh2
Sep  7 11:51:57 0ri0n sshd[10056]: Failed password for root from 220.177.198.82 port 2948 ssh2
Sep  7 11:52:00 0ri0n sshd[10056]: Failed password for root from 220.177.198.82 port 2948 ssh2
Sep  7 11:52:02 0ri0n sshd[10056]: Failed password for root from 220.177.198.82 port 2948 ssh2
Sep  7 11:52:02 0ri0n sshd[10056]: Disconnecting: Too many authentication failures for root [preauth]
Sep  7 11:52:02 0ri0n sshd[10056]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.177.198.82  user=root
Sep  7 11:52:02 0ri0n sshd[10056]: PAM service(sshd) ignoring max retries; 6 > 3
Sep  7 11:52:20 0ri0n pluto[9849]: packet from 192.168.0.1:500: received Vendor ID payload [RFC 3947] method set to=109
Sep  7 11:52:20 0ri0n pluto[9849]: packet from 192.168.0.1:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Sep  7 11:52:20 0ri0n pluto[9849]: packet from 192.168.0.1:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Sep  7 11:52:20 0ri0n pluto[9849]: packet from 192.168.0.1:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep  7 11:52:20 0ri0n pluto[9849]: packet from 192.168.0.1:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Sep  7 11:52:20 0ri0n pluto[9849]: packet from 192.168.0.1:500: received Vendor ID payload [Dead Peer Detection]
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[3] 192.168.0.1 #3: responding to Main Mode from unknown peer 192.168.0.1
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[3] 192.168.0.1 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[3] 192.168.0.1 #3: STATE_MAIN_R1: sent MR1, expecting MI2
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[3] 192.168.0.1 #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[3] 192.168.0.1 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[3] 192.168.0.1 #3: STATE_MAIN_R2: sent MR2, expecting MI3
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[3] 192.168.0.1 #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.2'
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[3] 192.168.0.1 #3: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: deleting connection "L2TP-PSK-NAT" instance with peer 192.168.0.1 {isakmp=#0/ipsec=#0}
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: new NAT mapping for #3, was 192.168.0.1:500, now 192.168.0.1:4500
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: Dead Peer Detection (RFC 3706): enabled
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Sep  7 11:52:20 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: received and ignored informational message
Sep  7 11:52:21 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: the peer proposed: MY EXTERNAL IP/32:17/1701 -> 192.168.0.2/32:17/0
Sep  7 11:52:21 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #4: responding to Quick Mode proposal {msgid:30b78f81}
Sep  7 11:52:21 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #4:     us: 192.168.0.14<192.168.0.14>[+S=C]:17/1701
Sep  7 11:52:21 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #4:   them: 192.168.0.1[192.168.0.2,+S=C]:17/0===192.168.0.2/32
Sep  7 11:52:21 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep  7 11:52:21 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep  7 11:52:21 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #4: Dead Peer Detection (RFC 3706): enabled
Sep  7 11:52:21 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep  7 11:52:21 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0b075d46 <0x07ec6d5a xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=192.168.0.1:4500 DPD=enabled}
Sep  7 11:52:24 0ri0n pppd[10072]: pam_unix(ppp:session): session opened for user client1 by (uid=0)
Sep  7 11:52:24 0ri0n pppd[10072]: pam_unix(ppp:session): session closed for user client1
Sep  7 11:52:51 0ri0n pluto[9849]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 192.168.0.1 port 4500, complainant 192.168.0.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Sep  7 11:53:21 0ri0n pluto[9849]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 192.168.0.1 port 4500, complainant 192.168.0.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Sep  7 11:53:51 0ri0n pluto[9849]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 192.168.0.1 port 4500, complainant 192.168.0.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Sep  7 11:54:17 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: DPD: No response from peer - declaring peer dead
Sep  7 11:54:17 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219 #1: DPD: Clearing Connection
Sep  7 11:54:17 0ri0n pluto[9849]: "L2TP-PSK-NAT" #2: deleting state (STATE_QUICK_R2)
Sep  7 11:54:17 0ri0n pluto[9849]: "L2TP-PSK-NAT" #1: deleting state (STATE_MAIN_R3)
Sep  7 11:54:17 0ri0n pluto[9849]: "L2TP-PSK-NAT"[2] 85.255.234.219: deleting connection "L2TP-PSK-NAT" instance with peer 85.255.234.219 {isakmp=#0/ipsec=#0}
Sep  7 11:54:22 0ri0n pluto[9849]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 192.168.0.1 port 4500, complainant 192.168.0.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Sep  7 11:54:51 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: DPD: No response from peer - declaring peer dead
Sep  7 11:54:51 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1 #3: DPD: Clearing Connection
Sep  7 11:54:51 0ri0n pluto[9849]: "L2TP-PSK-NAT" #4: deleting state (STATE_QUICK_R2)
Sep  7 11:54:51 0ri0n pluto[9849]: "L2TP-PSK-NAT" #3: deleting state (STATE_MAIN_R3)
Sep  7 11:54:51 0ri0n pluto[9849]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 192.168.0.1 port 4500, complainant 192.168.0.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Sep  7 11:54:51 0ri0n pluto[9849]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 192.168.0.1 port 4500, complainant 192.168.0.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Sep  7 11:54:51 0ri0n pluto[9849]: "L2TP-PSK-NAT"[4] 192.168.0.1: deleting connection "L2TP-PSK-NAT" instance with peer 192.168.0.1 {isakmp=#0/ipsec=#0}
Sep  7 11:54:51 0ri0n pluto[9849]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 192.168.0.1 port 4500, complainant 192.168.0.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
```
last few lines of /var/log/syslog


```
Sep  7 11:52:02 0ri0n xl2tpd[10048]: check_control: Received out of order control packet on tunnel -1 (got 1, expected 0)
Sep  7 11:52:02 0ri0n xl2tpd[10048]: handle_packet: bad control packet!
Sep  7 11:52:24 0ri0n xl2tpd[10048]: control_finish: Peer requested tunnel 4770 twice, ignoring second one.
Sep  7 11:52:24 0ri0n xl2tpd[10048]: Connection established to 192.168.0.1, 42721.  Local: 22409, Remote: 4770 (ref=0/0).  LNS session is 'default'
Sep  7 11:52:24 0ri0n xl2tpd[10048]: start_pppd: I'm running:
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "/usr/sbin/pppd"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "passive"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "nodetach"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "192.168.0.14:192.168.0.235"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "refuse-pap"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "refuse-chap"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "auth"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "login"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "debug"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "file"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "/etc/ppp/options.xl2tpd"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "ipparam"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "192.168.0.1"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: "/dev/pts/2"
Sep  7 11:52:24 0ri0n xl2tpd[10048]: Call established with 192.168.0.1, Local: 56928, Remote: 38039, Serial: 1308863091
Sep  7 11:52:24 0ri0n pppd[10072]: pppd 2.4.5 started by root, uid 0
Sep  7 11:52:24 0ri0n pppd[10072]: using channel 9
Sep  7 11:52:24 0ri0n pppd[10072]: Using interface ppp0
Sep  7 11:52:24 0ri0n pppd[10072]: Connect: ppp0 <--> /dev/pts/2
Sep  7 11:52:24 0ri0n pppd[10072]: sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <auth eap> <magic 0x2780df75> <pcomp> <accomp>]
Sep  7 11:52:24 0ri0n pppd[10072]: rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xba9d550d> <pcomp> <accomp>]
Sep  7 11:52:24 0ri0n pppd[10072]: sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xba9d550d> <pcomp> <accomp>]
Sep  7 11:52:24 0ri0n pppd[10072]: rcvd [LCP ConfNak id=0x1 <auth chap MD5>]
Sep  7 11:52:24 0ri0n pppd[10072]: sent [LCP ConfReq id=0x2 <mru 1000> <asyncmap 0x0> <auth chap MD5> <magic 0x2780df75> <pcomp> <accomp>]
Sep  7 11:52:24 0ri0n pppd[10072]: rcvd [LCP ConfAck id=0x2 <mru 1000> <asyncmap 0x0> <auth chap MD5> <magic 0x2780df75> <pcomp> <accomp>]
Sep  7 11:52:24 0ri0n pppd[10072]: sent [LCP EchoReq id=0x0 magic=0x2780df75]
Sep  7 11:52:24 0ri0n pppd[10072]: sent [CHAP Challenge id=0x59 <7858e5687aa57ed583feb0ea4cd5b95e35acd6641f>, name = "l2tpd"]
Sep  7 11:52:24 0ri0n pppd[10072]: rcvd [LCP EchoRep id=0x0 magic=0xba9d550d]
Sep  7 11:52:24 0ri0n pppd[10072]: rcvd [CHAP Response id=0x59 <c57f7131e88c61afb71b6dead5a05ac3>, name = "client1"]
Sep  7 11:52:24 0ri0n pppd[10072]: sent [CHAP Success id=0x59 "Access granted"]
Sep  7 11:52:24 0ri0n pppd[10072]: Initializing PAM (2) for user client1
Sep  7 11:52:24 0ri0n pppd[10072]: ---> PAM INIT Result = 0
Sep  7 11:52:24 0ri0n pppd[10072]: Attempting PAM account checks
Sep  7 11:52:24 0ri0n pppd[10072]: PAM Account OK for client1
Sep  7 11:52:24 0ri0n pppd[10072]: PAM Session opened for user client1
Sep  7 11:52:24 0ri0n pppd[10072]: user client1 logged in on tty pts/2 intf ppp0
Sep  7 11:52:24 0ri0n pppd[10072]: Unsupported protocol 'Compression Control Protocol' (0x80fd) received
Sep  7 11:52:24 0ri0n pppd[10072]: found interface eth0 for proxy arp
Sep  7 11:52:24 0ri0n pppd[10072]: local  IP address 192.168.0.14
Sep  7 11:52:24 0ri0n pppd[10072]: remote IP address 192.168.0.235
Sep  7 11:52:24 0ri0n ifplugd(ppp0)[10090]: ifplugd 0.28 initializing.
Sep  7 11:52:24 0ri0n ifplugd(ppp0)[10090]: Using interface ppp0/00:00:00:00:00:00
Sep  7 11:52:24 0ri0n ifplugd(ppp0)[10090]: Using detection mode: IFF_RUNNING
Sep  7 11:52:24 0ri0n ifplugd(ppp0)[10090]: Initialization complete, link beat detected.
Sep  7 11:52:24 0ri0n pppd[10072]: LCP terminated by peer (User request)
Sep  7 11:52:24 0ri0n pppd[10072]: Connect time 0.0 minutes.
Sep  7 11:52:24 0ri0n pppd[10072]: Sent 0 bytes, received 0 bytes.
Sep  7 11:52:24 0ri0n ifplugd(ppp0)[10090]: Executing '/etc/ifplugd/ifplugd.action ppp0 up'.
Sep  7 11:52:24 0ri0n xl2tpd[10048]: result_code_avp: avp is incorrect size.  8 < 10
Sep  7 11:52:24 0ri0n xl2tpd[10048]: handle_avps: Bad exit status handling attribute 1 (Result Code) on mandatory packet.
Sep  7 11:52:24 0ri0n pppd[10072]: Modem hangup
Sep  7 11:52:24 0ri0n pppd[10072]: Connection terminated.
Sep  7 11:52:24 0ri0n xl2tpd[10048]: Terminating pppd: sending TERM signal to pid 10072
Sep  7 11:52:24 0ri0n xl2tpd[10048]: Connection 4770 closed to 192.168.0.1, port 42721 (Result Code: expected at least 10, got 8)
Sep  7 11:52:24 0ri0n pppd[10072]: Terminating on signal 15
Sep  7 11:52:24 0ri0n pppd[10072]: Exit.
Sep  7 11:52:24 0ri0n ifplugd(ppp0)[10090]: Killing child.
Sep  7 11:52:24 0ri0n ifplugd(ppp0)[10090]: client: Ignoring unknown interface ppp0=ppp0.
Sep  7 11:52:24 0ri0n ifplugd(ppp0)[10090]: Program execution failed, return value is 0.
Sep  7 11:52:26 0ri0n ifplugd(ppp0)[10090]: Link beat lost.

Sep  7 11:52:29 0ri0n xl2tpd[10048]: Unable to deliver closing message for tunnel 22409. Destroying anyway.
Sep  7 11:52:36 0ri0n ifplugd(ppp0)[10090]: Executing '/etc/ifplugd/ifplugd.action ppp0 down'.
Sep  7 11:52:36 0ri0n ifplugd(ppp0)[10090]: client: /sbin/ifdown: interface ppp0 not configured
Sep  7 11:52:36 0ri0n ifplugd(ppp0)[10090]: Program executed successfully.
```


----------



## hal8000 (Dec 23, 2006)

From your linux Mint 17 open a termininal and post output of:

nmap -p 1-65535 -T4 -A -v 192.168.0.14

The last address is the IP of your Pi. This should confirm that ports 1701 tcp and 4500upd and 500udp are open. Then issue the same command at your router:

nmap -p 1-65535 -T4 -A -v 192.168.0.1

Post this output as well please.


----------



## Ali3n0id (Feb 1, 2014)

Oooh I should I thought about doing that actually, although I did do a 

netstat -tulpan


```
netstat -tulpan
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State                                                           PID/Program name
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN                                                          -
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN                                                          -
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN                                                          -
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN                                                          -
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN                                                          -
tcp        0      0 0.0.0.0:5910            0.0.0.0:*               LISTEN                                                          30019/Xvnc
tcp        0      0 127.0.0.1:3350          0.0.0.0:*               LISTEN                                                          1846/gconfd-2
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN                                                          -
tcp        0      0 0.0.0.0:3389            0.0.0.0:*               LISTEN                                                          -
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN                                                          -
tcp        0      0 192.168.0.14:22         192.168.0.4:52390       ESTABLISHED                                                     -
tcp6       0      0 :::139                  :::*                    LISTEN                                                          -
tcp6       0      0 :::22                   :::*                    LISTEN                                                          -
tcp6       0      0 :::445                  :::*                    LISTEN                                                          -
udp        0      0 0.0.0.0:68              0.0.0.0:*                                                                               -
udp        0      0 10.8.0.1:123            0.0.0.0:*                                                                               -
udp        0      0 192.168.0.14:123        0.0.0.0:*                                                                               -
udp        0      0 127.0.0.1:123           0.0.0.0:*                                                                               -
udp        0      0 0.0.0.0:123             0.0.0.0:*                                                                               -
udp        0      0 192.168.0.255:137       0.0.0.0:*                                                                               -
udp        0      0 192.168.0.14:137        0.0.0.0:*                                                                               -
udp        0      0 0.0.0.0:137             0.0.0.0:*                                                                               -
udp        0      0 192.168.0.255:138       0.0.0.0:*                                                                               -
udp        0      0 192.168.0.14:138        0.0.0.0:*                                                                               -
udp        0      0 0.0.0.0:138             0.0.0.0:*                                                                               -
udp        0      0 127.0.0.1:4500          0.0.0.0:*                                                                               -
udp        0      0 192.168.0.14:4500       0.0.0.0:*                                                                               -
udp        0      0 10.8.0.1:4500           0.0.0.0:*                                                                               -
udp        0      0 0.0.0.0:1701            0.0.0.0:*                                                                               -
udp        0      0 192.168.0.14:1194       0.0.0.0:*                                                                               -
udp        0      0 0.0.0.0:53952           0.0.0.0:*                                                                               -
udp        0      0 127.0.0.1:500           0.0.0.0:*                                                                               -
udp        0      0 192.168.0.14:500        0.0.0.0:*                                                                               -
udp        0      0 10.8.0.1:500            0.0.0.0:*                                                                               -
udp6       0      0 fe80::ba27:ebff:fec:123 :::*                                                                                    -
udp6       0      0 ::1:123                 :::*                                                                                    -
udp6       0      0 :::123                  :::*                                                                                    -
udp6       0      0 ::1:500                 :::*                                                                                    -
```

nmap -p 1-65535 -T4 -A -v 192.168.0.14


```
Starting Nmap 6.47 ( http://nmap.org ) at 2014-09-09 19:09 GMT Daylight Time

NSE: Loaded 118 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 19:09

Scanning 192.168.0.14 [1 port]

Completed ARP Ping Scan at 19:09, 0.20s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 19:09

Completed Parallel DNS resolution of 1 host. at 19:09, 0.02s elapsed

Initiating SYN Stealth Scan at 19:09

Scanning 192.168.0.14 [65535 ports]

Discovered open port 3389/tcp on 192.168.0.14

Discovered open port 22/tcp on 192.168.0.14

Discovered open port 80/tcp on 192.168.0.14

Discovered open port 8080/tcp on 192.168.0.14

Discovered open port 445/tcp on 192.168.0.14

Discovered open port 21/tcp on 192.168.0.14

Discovered open port 139/tcp on 192.168.0.14

Discovered open port 5910/tcp on 192.168.0.14

Discovered open port 8000/tcp on 192.168.0.14

Completed SYN Stealth Scan at 19:09, 20.95s elapsed (65535 total ports)

Initiating Service scan at 19:09

Scanning 9 services on 192.168.0.14

Completed Service scan at 19:09, 11.04s elapsed (9 services on 1 host)

Initiating OS detection (try #1) against 192.168.0.14

NSE: Script scanning 192.168.0.14.

Initiating NSE at 19:09

Completed NSE at 19:10, 32.07s elapsed

Nmap scan report for 192.168.0.14

Host is up (0.00092s latency).

Not shown: 65526 closed ports

PORT     STATE SERVICE       VERSION

21/tcp   open  ftp           vsftpd 2.3.5

22/tcp   open  ssh           OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)

| ssh-hostkey: 

|   1024 37:f2:00:8f:9f:58:bc:a0:21:d0:fd:3f:fb:39:b9:f3 (DSA)

|   2048 a2:6c:4f:37:19:aa:49:2b:87:c6:75:d8:08:ca:87:5d (RSA)

|_  256 b5:2d:3c:f3:aa:ae:92:72:63:70:90:fd:6b:b7:6f:5d (ECDSA)

80/tcp   open  http          nginx 1.2.1

|_http-favicon: Unknown favicon MD5: 5B6D74F1453E20C09D6A20D909779AD7

|_http-methods: No Allow or Public header in OPTIONS response (status code 405)

|_http-title: Welcome to nginx!

139/tcp  open  netbios-ssn   Samba smbd 3.X (workgroup: ORION)

445/tcp  open  netbios-ssn   Samba smbd 3.X (workgroup: ORION)

3389/tcp open  ms-wbt-server xrdp

5910/tcp open  vnc           VNC (protocol 3.8)

| vnc-info: 

|   Protocol version: 3.8

|   Security types: 

|     VNC Authentication (2)

|_    Tight (16)

8000/tcp open  http          nginx 1.2.1

|_http-methods: No Allow or Public header in OPTIONS response (status code 302)

|_http-open-proxy: Proxy might be redirecting requests

|_http-title: Did not follow redirect to https://192.168.0.14:8000/

8080/tcp open  http-proxy    ziproxy http proxy 3.2.0

|_http-methods: No Allow or Public header in OPTIONS response (status code 400)

|_http-open-proxy: Proxy might be redirecting requests

|_http-title: 400 Bad Request

MAC Address: B8:27:EB:C4:31:50 (Raspberry Pi Foundation)

Device type: general purpose

Running: Linux 3.X

OS CPE: cpe:/o:linux:linux_kernel:3

OS details: Linux 3.11 - 3.14

Uptime guess: 7.292 days (since Tue Sep 02 12:09:28 2014)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=254 (Good luck!)

IP ID Sequence Generation: All zeros

Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel



Host script results:

| nbstat: NetBIOS name: 0RI0N, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)

| Names:

|   0RI0N<00>            Flags: <unique><active>

|   0RI0N<03>            Flags: <unique><active>

|   0RI0N<20>            Flags: <unique><active>

|   ORION<1e>            Flags: <group><active>

|_  ORION<00>            Flags: <group><active>

| smb-os-discovery: 

|   OS: Unix (Samba 3.6.6)

|   Computer name: 0ri0n

|   NetBIOS computer name: 

|   Domain name: 

|   FQDN: 0ri0n

|_  System time: 2014-09-09T19:09:50+01:00

| smb-security-mode: 

|   Account that was used for smb scripts: guest

|   User-level authentication

|   SMB Security: Challenge/response passwords supported

|_  Message signing disabled (dangerous, but default)

|_smbv2-enabled: Server doesn't support SMBv2 protocol



TRACEROUTE

HOP RTT     ADDRESS

1   0.92 ms 192.168.0.14



NSE: Script Post-scanning.

Initiating NSE at 19:10

Completed NSE at 19:10, 0.00s elapsed

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 68.47 seconds

           Raw packets sent: 65558 (2.885MB) | Rcvd: 65584 (2.624MB)
```
And on the gateway


```
Starting Nmap 6.47 ( http://nmap.org ) at 2014-09-09 19:33 GMT Daylight Time

NSE: Loaded 118 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 19:33

Scanning 192.168.0.1 [1 port]

Completed ARP Ping Scan at 19:33, 0.20s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 19:33

Completed Parallel DNS resolution of 1 host. at 19:33, 0.06s elapsed

Initiating SYN Stealth Scan at 19:33

Scanning 192.168.0.1 [65535 ports]

Discovered open port 53/tcp on 192.168.0.1

Discovered open port 80/tcp on 192.168.0.1

Discovered open port 1990/tcp on 192.168.0.1

Discovered open port 5431/tcp on 192.168.0.1

Discovered open port 30005/tcp on 192.168.0.1

Discovered open port 9901/tcp on 192.168.0.1

Discovered open port 7459/tcp on 192.168.0.1

Discovered open port 5916/tcp on 192.168.0.1

Completed SYN Stealth Scan at 19:33, 14.54s elapsed (65535 total ports)

Initiating Service scan at 19:33

Scanning 8 services on 192.168.0.1

Service scan Timing: About 75.00% done; ETC: 19:35 (0:00:31 remaining)

Completed Service scan at 19:36, 131.03s elapsed (8 services on 1 host)

Initiating OS detection (try #1) against 192.168.0.1

NSE: Script scanning 192.168.0.1.

Initiating NSE at 19:36

Completed NSE at 19:36, 30.11s elapsed

Nmap scan report for 192.168.0.1

Host is up (0.00063s latency).

Not shown: 65527 closed ports

PORT      STATE SERVICE    VERSION

53/tcp    open  domain?

80/tcp    open  http?

|_http-title: Sky Hub > Home

1990/tcp  open  tcpwrapped

5431/tcp  open  upnp       Belkin/Linksys wireless router UPnP (UPnP 1.0; BRCM400 1.0)

5916/tcp  open  unknown

7459/tcp  open  unknown

9901/tcp  open  tcpwrapped

30005/tcp open  unknown

2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port80-TCP:V=6.47%I=7%D=9/9%Time=540F4817%P=i686-pc-windows-windows%r(G

SF:etRequest,2002,"HTTP/1\.1\x20200\x20Ok\r\nServer:\x20sky_router\r\nCach

SF:e-Control:\x20no-cache\r\nDate:\x20Tue,\x2009\x20Sep\x202014\x2019:34:0

SF:8\x20GMT\r\nContent-Type:\x20text/html\r\nConnection:\x20close\r\n\r\n<

SF:!DOCTYPE\x20html\x20PUBLIC\x20\"-//W3C//DTD\x20XHTML\x201\.0\x20Transit

SF:ional//EN\"\x20\"http://www\.w3\.org/TR/xhtml1/DTD/xhtml1-transitional\

SF:.dtd\">\n<!--\x20v4\.2\x20-->\n<html\x20xmlns=\"http://www\.w3\.org/199

SF:9/xhtml\">\n<head>\n<meta\x20http-equiv=\"Content-Type\"\x20content=\"t

SF:ext/html;\x20charset=UTF-8\"\x20/>\n<title>Sky\x20Hub\x20>\x20Home</

SF:title>\n<link\x20type=\"text/css\"\x20rel=\"stylesheet\"\x20href=\"asse

SF:ts/css/fonts\.css\"/>\n<link\x20type=\"text/css\"\x20rel=\"stylesheet\"

SF:\x20href=\"assets/css/main\.css\"/>\n<!--\x20jh\x20scripts\x20start\x20

SF:-->\n<script\x20type=\"text/javascript\"\x20src=\"assets/js/libs/jquery

SF:/jquery-1\.7\.1\.js\"></script>\n<script\x20type=\"text/javascript\"\x2

SF:0src=\"assets/js/libs/jquery/jquery\.effects\.core\.js\"></script>\n<!-

SF:-\[if\x20LT\x20IE\x207\]>\n\t\t\t<script\x20type=\"text/javascript\"\x2

SF:0src=\"assets/js/libs/DD_belatedPNG_0\.0\.8a\.js\"></script>\n\t\t<!\[e

SF:ndif\]-->\n<sc")%r(HTTPOptions,126,"HTTP/1\.1\x20501\x20Not\x20Implemen

SF:ted\r\nServer:\x20sky_router\r\nCache-Control:\x20no-cache\r\nDate:\x20

SF:Tue,\x2009\x20Sep\x202014\x2019:34:09\x20GMT\r\nContent-Type:\x20text/h

SF:tml\r\nConnection:\x20close\r\n\r\n<HTML><HEAD><TITLE>501\x20Not\x20Imp

SF:lemented</TITLE></HEAD>\n<BODY><H4>501\x20Not\x20Implemented</H4>\nThat

SF:\x20method\x20is\x20not\x20implemented\.\n</BODY></HTML>\n")%r(RTSPRequ

SF:est,126,"HTTP/1\.1\x20501\x20Not\x20Implemented\r\nServer:\x20sky_route

SF:r\r\nCache-Control:\x20no-cache\r\nDate:\x20Tue,\x2009\x20Sep\x202014\x

SF:2019:34:09\x20GMT\r\nContent-Type:\x20text/html\r\nConnection:\x20close

SF:\r\n\r\n<HTML><HEAD><TITLE>501\x20Not\x20Implemented</TITLE></HEAD>\n<B

SF:ODY><H4>501\x20Not\x20Implemented</H4>\nThat\x20method\x20is\x20not\x20

SF:implemented\.\n</BODY></HTML>\n")%r(X11Probe,10C,"HTTP/1\.1\x20400\x20B

SF:ad\x20Request\r\nServer:\x20sky_router\r\nCache-Control:\x20no-cache\r\

SF:nDate:\x20Tue,\x2009\x20Sep\x202014\x2019:34:10\x20GMT\r\nContent-Type:

SF:\x20text/html\r\nConnection:\x20close\r\n\r\n<HTML><HEAD><TITLE>400\x20

SF:Bad\x20Request</TITLE></HEAD>\n<BODY><H4>400\x20Bad\x20Request</H4>\nNo

SF:\x20request\x20found\.\n</BODY></HTML>\n");

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port7459-TCP:V=6.47%I=7%D=9/9%Time=540F4816%P=i686-pc-windows-windows%r

SF:(NULL,18E,"HTTP/HTTP/0\.0\x20408\x20Timeout\r\nServer:\x20tinyproxy/1\.

SF:8\.2\r\nContent-Type:\x20text/html\r\nConnection:\x20close\r\n\r\n<\?xm

SF:l\x20version=\"1\.0\"\x20encoding=\"UTF-8\"\x20\?>\n<!DOCTYPE\x20html\x

SF:20PUBLIC\x20\"-//W3C//DTD\x20XHTML\x201\.1//EN\"\x20\"http://www\.w3\.o

SF:rg/TR/xhtml11/DTD/xhtml11\.dtd\">\n<html>\n<head><title>408\x20Timeout<

SF:/title></head>\n<body>\n<h1>Timeout</h1>\n<p>Server\x20timeout\x20waiti

SF:ng\x20for\x20the\x20HTTP\x20request\x20from\x20the\x20client\.</p>\n<hr

SF:\x20/>\n</body>\n</html>\n")%r(GetRequest,6E,"HTTP/1\.1\x20302\x20tempo

SF:rary\x20redirect\r\nLocation:\x20http://192\.168\.0\.1/sky_self_heal\.h

SF:tml\n\r\nContent-Type:\x20text/html\r\n\r\n")%r(HTTPOptions,6E,"HTTP/1\

SF:.1\x20302\x20temporary\x20redirect\r\nLocation:\x20http://192\.168\.0\.

SF:1/sky_self_heal\.html\n\r\nContent-Type:\x20text/html\r\n\r\n")%r(RTSPR

SF:equest,17B,"HTTP/HTTP/0\.0\x20400\x20Bad\x20Request\r\nServer:\x20tinyp

SF:roxy/1\.8\.2\r\nContent-Type:\x20text/html\r\nConnection:\x20close\r\n\

SF:r\n<\?xml\x20version=\"1\.0\"\x20encoding=\"UTF-8\"\x20\?>\n<!DOCTYPE\x

SF:20html\x20PUBLIC\x20\"-//W3C//DTD\x20XHTML\x201\.1//EN\"\x20\"http://ww

SF:w\.w3\.org/TR/xhtml11/DTD/xhtml11\.dtd\">\n<html>\n<head><title>400\x20

SF:Bad\x20Request</title></head>\n<body>\n<h1>Bad\x20Request</h1>\n<p>Requ

SF:est\x20has\x20an\x20invalid\x20format</p>\n<hr\x20/>\n</body>\n</html>\

SF:n")%r(Help,191,"HTTP/HTTP/0\.0\x20400\x20Bad\x20Request\r\nServer:\x20t

SF:inyproxy/1\.8\.2\r\nContent-Type:\x20text/html\r\nConnection:\x20close\

SF:r\n\r\n<\?xml\x20version=\"1\.0\"\x20encoding=\"UTF-8\"\x20\?>\n<!DOCTY

SF:PE\x20html\x20PUBLIC\x20\"-//W3C//DTD\x20XHTML\x201\.1//EN\"\x20\"http:

SF://www\.w3\.org/TR/xhtml11/DTD/xhtml11\.dtd\">\n<html>\n<head><title>400

SF:\x20Bad\x20Request</title></head>\n<body>\n<h1>Bad\x20Request</h1>\n<p>

SF:Could\x20not\x20retrieve\x20all\x20the\x20headers\x20from\x20the\x20cli

SF:ent\.</p>\n<hr\x20/>\n</body>\n</html>\n")%r(FourOhFourRequest,6E,"HTTP

SF:/1\.1\x20302\x20temporary\x20redirect\r\nLocation:\x20http://192\.168\.

SF:0\.1/sky_self_heal\.html\n\r\nContent-Type:\x20text/html\r\n\r\n");

MAC Address: 7C:4C:A5:B2:D0:E4 (BSkyB)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:linux_kernel:2.6

OS details: Linux 2.6.9 - 2.6.30

Uptime guess: 26.935 days (since Wed Aug 13 21:10:43 2014)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=192 (Good luck!)

IP ID Sequence Generation: All zeros

Service Info: OS: Linux 2.4; Device: router; CPE: cpe:/o:linux:linux_kernel:2.4



TRACEROUTE

HOP RTT     ADDRESS

1   0.63 ms 192.168.0.1



NSE: Script Post-scanning.

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 180.07 seconds

           Raw packets sent: 65555 (2.885MB) | Rcvd: 65559 (2.623MB)
```
It doesn't seem to show the correct open ports on the router, this is how I've setup the Firewall rules :banghead:

Gyazo - bb1bffc357598246ff63afdd2b7f6b38.png


----------

