Comments (8)
DimitriPapadopoulos
commented on July 18, 2024
That's pppd negotiating the IP address, I guess that's how the server is set.
https://github.com/adrienverge/openfortivpn/wiki#reporting-issues
from openfortivpn.
bartelsielski
commented on July 18, 2024
openfortivpn 1.21.0 output
DEBUG: openfortivpn 1.21.0
DEBUG: Loaded configuration file "<REDACTED>".
DEBUG: Loaded password from configuration file "<REDACTED>"
DEBUG: Configuration host = "<REDACTED>"
DEBUG: Configuration realm = ""
DEBUG: Configuration port = "<REDACTED>"
DEBUG: Configuration username = "<REDACTED>"
DEBUG: Resolving gateway host ip
DEBUG: Establishing ssl connection
DEBUG: SO_KEEPALIVE: OFF
DEBUG: TCP_KEEPIDLE: 7200
DEBUG: TCP_KEEPINTVL: 75
DEBUG: TCP_KEEPCNT: 9
DEBUG: SO_SNDBUF: 16384
DEBUG: SO_RCVBUF: 131072
DEBUG: server_addr: <SERVER_IP>
DEBUG: server_port: <REDACTED>
DEBUG: gateway_ip: <SERVER_IP>
DEBUG: gateway_port: <REDACTED>
DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG: Setting minimum protocol version to: 0x303.
DEBUG: Gateway certificate validation failed.
DEBUG: Gateway certificate digest found in white list.
INFO: Connected to gateway.
DEBUG: Cookie: SVPNCOOKIE=Qiuz77QBQXQq8Vf/ZMBi/wl60q5mmC2JwQk0fhShW+YsPD7eGSoGoG914LY8RzGZNxuF43n2kYp3Y3Xlh98h0ls6RKw3yk7ZMgcYu47IMy44ISVbGhEfllLFCjjKmT52Vly1/+G/Z7ayAQcGBkmDaEYGwv0OWEnPv+9C6jBLwp1j4pxGsnJvqhe4nRHvA1BeY0Cty3crNIFEqQxn+MgooyvZ4glITQhpn7Gcmn8KNF3OeVGz1ctPMLced0nwok7+T+VIoLlGGEEzSMvnp888RMaOHOwJ/pRKF4T+Xv6LCAPJjPGikrUI3MUSV87KFo88yGdwdyRysaqD0J1WwR1zxRVq6TIBxIs=
INFO: Authenticated.
DEBUG: Cookie: SVPNCOOKIE=Qiuz77QBQXQq8Vf/ZMBi/wl60q5mmC2JwQk0fhShW+YsPD7eGSoGoG914LY8RzGZNxuF43n2kYp3Y3Xlh98h0ls6RKw3yk7ZMgcYu47IMy44ISVbGhEfllLFCjjKmT52Vly1/+G/Z7ayAQcGBkmDaEYGwv0OWEnPv+9C6jBLwp1j4pxGsnJvqhe4nRHvA1BeY0Cty3crNIFEqQxn+MgooyvZ4glITQhpn7Gcmn8KNF3OeVGz1ctPMLced0nwok7+T+VIoLlGGEEzSMvnp888RMaOHOwJ/pRKF4T+Xv6LCAPJjPGikrUI3MUSV87KFo88yGdwdyRysaqD0J1WwR1zxRVq6TIBxIs=
INFO: Remote gateway has allocated a VPN.
DEBUG: SO_KEEPALIVE: OFF
DEBUG: TCP_KEEPIDLE: 7200
DEBUG: TCP_KEEPINTVL: 75
DEBUG: TCP_KEEPCNT: 9
DEBUG: SO_SNDBUF: 16384
DEBUG: SO_RCVBUF: 131072
DEBUG: server_addr: <SERVER_IP>
DEBUG: server_port: <REDACTED>
DEBUG: gateway_ip: <SERVER_IP>
DEBUG: gateway_port: <REDACTED>
DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG: Setting minimum protocol version to: 0x303.
DEBUG: Gateway certificate validation failed.
DEBUG: Gateway certificate digest found in white list.
DEBUG: Retrieving configuration
DEBUG: Found dns server 172.16.10.49 in xml config
DEBUG: Found dns server 172.16.10.11 in xml config
DEBUG: Establishing the tunnel
DEBUG: ppp_path: /usr/bin/pppd
DEBUG: Switch to tunneling mode
DEBUG: Starting IO through the tunnel
DEBUG: pppd_read thread
DEBUG: ssl_read thread
DEBUG: if_config thread
DEBUG: ssl_write thread
DEBUG: pppd_write thread
DEBUG: pppd ---> gateway (16 bytes)
DEBUG: gateway ---> pppd (12 bytes)
DEBUG: gateway ---> pppd (16 bytes)
DEBUG: pppd ---> gateway (12 bytes)
DEBUG: pppd ---> gateway (10 bytes)
DEBUG: pppd ---> gateway (17 bytes)
DEBUG: pppd ---> gateway (18 bytes)
DEBUG: pppd ---> gateway (16 bytes)
DEBUG: gateway ---> pppd (12 bytes)
DEBUG: pppd ---> gateway (12 bytes)
DEBUG: gateway ---> pppd (10 bytes)
DEBUG: gateway ---> pppd (6 bytes)
DEBUG: gateway ---> pppd (17 bytes)
DEBUG: gateway ---> pppd (12 bytes)
DEBUG: gateway ---> pppd (24 bytes)
DEBUG: pppd ---> gateway (6 bytes)
DEBUG: pppd ---> gateway (6 bytes)
DEBUG: pppd ---> gateway (12 bytes)
DEBUG: gateway ---> pppd (6 bytes)
DEBUG: gateway ---> pppd (12 bytes)
DEBUG: pppd ---> gateway (12 bytes)
DEBUG: gateway ---> pppd (12 bytes)
INFO: Got addresses: [172.16.200.8], ns [172.16.10.49, 172.16.10.11]
INFO: Negotiation complete.
DEBUG: Got Address: 172.16.200.8
DEBUG: if_config: not ready yet...
DEBUG: pppd ---> gateway (42 bytes)
DEBUG: pppd ---> gateway (124 bytes)
DEBUG: pppd ---> gateway (206 bytes)
DEBUG: pppd ---> gateway (288 bytes)
DEBUG: pppd ---> gateway (370 bytes)
DEBUG: pppd ---> gateway (452 bytes)
DEBUG: pppd ---> gateway (534 bytes)
DEBUG: pppd ---> gateway (616 bytes)
DEBUG: pppd ---> gateway (698 bytes)
DEBUG: pppd ---> gateway (780 bytes)
DEBUG: pppd ---> gateway (862 bytes)
DEBUG: pppd ---> gateway (944 bytes)
DEBUG: pppd ---> gateway (42 bytes)
DEBUG: pppd ---> gateway (185 bytes)
DEBUG: pppd ---> gateway (203 bytes)
DEBUG: Got Address: 172.16.200.8
DEBUG: Interface Name: <REDACTED>
DEBUG: Interface Addr: 172.16.200.8
INFO: Interface <REDACTED> is UP.
INFO: Adding VPN nameservers...
DEBUG: Attempting to run /usr/bin/resolvconf.
DEBUG: resolvconf_call: /usr/bin/resolvconf -a "<REDACTED>.openfortivpn"
Dropped protocol specifier '.openfortivpn' from '<REDACTED>.openfortivpn'. Using '<REDACTED>' (ifindex=29).
INFO: Tunnel is up and running.
DEBUG: pppd ---> gateway (66 bytes)
DEBUG: pppd ---> gateway (1224 bytes)
DEBUG: pppd ---> gateway (185 bytes)
DEBUG: pppd ---> gateway (185 bytes)
DEBUG: pppd ---> gateway (66 bytes)
DEBUG: pppd ---> gateway (1224 bytes)
DEBUG: pppd ---> gateway (167 bytes)
DEBUG: pppd ---> gateway (203 bytes)
DEBUG: pppd ---> gateway (66 bytes)
DEBUG: pppd ---> gateway (1224 bytes)
DEBUG: pppd ---> gateway (167 bytes)
DEBUG: pppd ---> gateway (260 bytes)
DEBUG: pppd ---> gateway (66 bytes)
DEBUG: pppd ---> gateway (1224 bytes)
DEBUG: pppd ---> gateway (167 bytes)
DEBUG: pppd ---> gateway (66 bytes)
DEBUG: pppd ---> gateway (1224 bytes)
DEBUG: pppd ---> gateway (66 bytes)
DEBUG: pppd ---> gateway (1224 bytes)
DEBUG: pppd ---> gateway (66 bytes)
DEBUG: pppd ---> gateway (10 bytes)
DEBUG: pppd ---> gateway (1224 bytes)
^C
INFO: Cancelling threads...
INFO: Cleanup, joining threads...
DEBUG: Disconnecting
INFO: Setting <REDACTED> interface down.
INFO: Removing VPN nameservers...
DEBUG: resolvconf_call: /usr/bin/resolvconf -d "<REDACTED>.openfortivpn"
Dropped protocol specifier '.openfortivpn' from '<REDACTED>.openfortivpn'. Using '<REDACTED>' (ifindex=29).
DEBUG: Waiting for pppd to exit...
DEBUG: waitpid: pppd exit status code 16
INFO: pppd: The link was terminated by the modem hanging up.
INFO: Terminated pppd.
INFO: Closed connection to gateway.
DEBUG: SO_KEEPALIVE: OFF
DEBUG: TCP_KEEPIDLE: 7200
DEBUG: TCP_KEEPINTVL: 75
DEBUG: TCP_KEEPCNT: 9
DEBUG: SO_SNDBUF: 16384
DEBUG: SO_RCVBUF: 131072
DEBUG: server_addr: <SERVER_IP>
DEBUG: server_port: <REDACTED>
DEBUG: gateway_ip: <SERVER_IP>
DEBUG: gateway_port: <REDACTED>
DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG: Setting minimum protocol version to: 0x303.
DEBUG: Gateway certificate validation failed.
DEBUG: Gateway certificate digest found in white list.
INFO: Logged out.
pppd 2.5.0 log
Warning: couldn't open ppp database /run/pppd/pppd2.tdb
using channel 19
Using interface <REDACTED>
Connect: <REDACTED> <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <mru 1354> <magic 0xe56fa4ce>]
rcvd [LCP ConfReq id=0x1 <magic 0x7addf828>]
sent [LCP ConfAck id=0x1 <magic 0x7addf828>]
rcvd [LCP ConfAck id=0x1 <mru 1354> <magic 0xe56fa4ce>]
sent [LCP EchoReq id=0x0 magic=0xe56fa4ce]
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::ddab:65d5:717f:b286>]
rcvd [IPCP ConfReq id=0x1 <addr <SERVER_IP>>]
sent [IPCP ConfAck id=0x1 <addr <SERVER_IP>>]
rcvd [LCP EchoRep id=0x0 magic=0x7addf828]
rcvd [CCP ConfReq id=0x1]
sent [CCP ConfAck id=0x1]
rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [CCP ConfReq id=0x2]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a dd ab 65 d5 71 7f b2 86 c8 08]
Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received
rcvd [CCP ConfAck id=0x2]
rcvd [IPCP ConfNak id=0x2 <addr 172.16.200.8>]
sent [IPCP ConfReq id=0x3 <addr 172.16.200.8>]
rcvd [IPCP ConfAck id=0x3 <addr 172.16.200.8>]
Cannot determine ethernet address for proxy ARP
local IP address 172.16.200.8
remote IP address <SERVER_IP>
Script /etc/ppp/ip-up started (pid 1135762)
Script /etc/ppp/ip-up finished (pid 1135762), status = 0x0
Hangup (SIGHUP)
Modem hangup
Connect time 0.7 minutes.
Sent 16638 bytes, received 0 bytes.
Script /etc/ppp/ip-down started (pid 1135914)
Connection terminated.
Script /etc/ppp/ip-down finished (pid 1135914), status = 0x0
ppp v2.4.9 log (started by openfortivpn 1.20.5)
using channel 20
Renamed interface ppp0 to <REDACTED>
Using interface <REDACTED>
Connect: <REDACTED> <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <mru 1354> <magic 0xf9af34b8>]
rcvd [LCP ConfReq id=0x1 <magic 0xc73b3307>]
sent [LCP ConfAck id=0x1 <magic 0xc73b3307>]
rcvd [LCP ConfAck id=0x1 <mru 1354> <magic 0xf9af34b8>]
sent [LCP EchoReq id=0x0 magic=0xf9af34b8]
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::7d2e:7a27:6baa:23d0>]
rcvd [IPCP ConfReq id=0x1 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x1 <addr 169.254.2.1>]
rcvd [LCP EchoRep id=0x0 magic=0xc73b3307]
rcvd [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 7d 2e 7a 27 6b aa 23 d0 c8 05]
Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received
rcvd [CCP ConfReq id=0x1]
sent [CCP ConfAck id=0x1]
rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [CCP ConfReq id=0x2]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [IPCP ConfReq id=0x2 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x2 <addr 169.254.2.1>]
rcvd [CCP ConfAck id=0x2]
rcvd [IPCP ConfNak id=0x2 <addr 172.16.200.5>]
sent [IPCP ConfReq id=0x3 <addr 172.16.200.5>]
rcvd [IPCP ConfReq id=0x3 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x3 <addr 169.254.2.1>]
rcvd [IPCP ConfAck id=0x3 <addr 172.16.200.5>]
rcvd [IPCP ConfReq id=0x4 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x4 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x5 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x6 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x6 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x7 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x7 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x8 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x8 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x9 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x9 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xa <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0xa <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xb <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0xb <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xc <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0xc <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xd <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0xd <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xe <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0xe <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xf <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0xf <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x10 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x10 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x11 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x11 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x12 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x12 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x13 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x13 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x14 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x14 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x15 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x15 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x16 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x16 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x17 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x17 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x18 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x18 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x19 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x19 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1a <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x1a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1b <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x1b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1c <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x1c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1d <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x1d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1e <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x1e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1f <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x1f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x20 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x20 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x21 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x21 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x22 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x22 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x23 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x23 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x24 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x24 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x25 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x25 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x26 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x26 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x27 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x27 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x28 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x28 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x29 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x29 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2a <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x2a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2b <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x2b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2c <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x2c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2d <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x2d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2e <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x2e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2f <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x2f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x30 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x30 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x31 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x31 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x32 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x32 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x33 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x33 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x34 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x34 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x35 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x35 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x36 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x36 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x37 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x37 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x38 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x38 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x39 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x39 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3a <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x3a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3b <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x3b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3c <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x3c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3d <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x3d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3e <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x3e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3f <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x3f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x40 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x40 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x41 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x41 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x42 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x42 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x43 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x43 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x44 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x44 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x45 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x45 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x46 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x46 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x47 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x47 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x48 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x48 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x49 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x49 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4a <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x4a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4b <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x4b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4c <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x4c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4d <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x4d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4e <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x4e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4f <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x4f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x50 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x50 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x51 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x51 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x52 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x52 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x53 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x53 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x54 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x54 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x55 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x55 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x56 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x56 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x57 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x57 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x58 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x58 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x59 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x59 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5a <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x5a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5b <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x5b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5c <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x5c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5d <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x5d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5e <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x5e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5f <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x5f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x60 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x60 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x61 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x61 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x62 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x62 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x63 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x63 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x64 <addr <SERVER_IP>>]
sent [IPCP ConfNak id=0x64 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x65 <addr <SERVER_IP>>]
sent [IPCP ConfRej id=0x65 <addr <SERVER_IP>>]
rcvd [IPCP ConfReq id=0x66 <addrs <SERVER_IP> 172.16.200.5>]
sent [IPCP ConfRej id=0x66 <addrs <SERVER_IP> 172.16.200.5>]
rcvd [IPCP ConfReq id=0x67]
sent [IPCP ConfAck id=0x67]
Cannot determine ethernet address for proxy ARP
local IP address 172.16.200.5
remote IP address 169.254.2.1
Script /etc/ppp/ip-up started (pid 1136334)
Script /etc/ppp/ip-up finished (pid 1136334), status = 0x0
Hangup (SIGHUP)
Modem hangup
Connect time 0.1 minutes.
Sent 1784 bytes, received 0 bytes.
Script /etc/ppp/ip-down started (pid 1136348)
Connection terminated.
Script /etc/ppp/ip-down finished (pid 1136348), status = 0x0
Replaced the server IP address in the logs with <SERVER_IP>.
from openfortivpn.
DimitriPapadopoulos
commented on July 18, 2024
So you believe the problem with pppd 2.5.0 lies here:
local IP address 172.16.200.8
remote IP address <SERVER_IP>
as opposed to pppd 2.4.9:
local IP address 172.16.200.5
remote IP address 169.254.2.1
However, this seems beyond the control of openfortivpn, that's a negotiation between pppd and the FortiGate. I am not sure how to fix that, this looks like a misconfiguration on the FortiGate or a bug in the version of pppd you are using.
from openfortivpn.
berenddeschouwer
commented on July 18, 2024
I see the same problem on an older FortiGate.
169.254.0.0/16 is reserved for link-local addresses, according to https://en.wikipedia.org/wiki/Reserved_IP_addresses
That IP is set in src/tunnel.c, line 257.
The first time it shows up (ppp 2.4.9), is when the server sends
IPCP ConfReq id=0x2 <some-ip>
and ppp-2.4.9 responds
IPCP ConfNak id=0x2 <addr 169.254.2.1>
this then repeats a few times
Eventually ppp 2.4.9 and the fortigate agree to disagree, and the tunnel is configured with a link-local address anyway.
rcvd [IPCP ConfReq id=0x66 <some-ip>
sent [IPCP ConfRej id=0x66 <some-ip>
After 90 attempts, pppd 2.4.9 sends "confrej" instead of "confnak"
but negotiation is "complete", so the tunnel is set up with ppp 2.4.9
ppp 2.5.0 drops the tunnel.
The ipcp-accept-remote tells ppp to accept , as opposed to the link-local address. My fortigate server sends it's public IP as it's link IP.
If the fortigate is running a firewall, it will now receive private (vpn) traffic with public ips, and drop the packets.
So the bugs:
- fortigate server shouldn't send it's public IP as a link IP
- ppp 2.4.9 shouldn't ever have completed negotiation when rejecting the config
- openfortivpn hardcodes both a link IP and ipcp-accept-remote
However, these bugs cancel each other out.
Next step: Remove the option ":169.254.2.1" from src/tunnel.c and try again.
from openfortivpn.
berenddeschouwer
commented on July 18, 2024
So removing option ":169.254.2.1" in src/tunnel.c also removes the need for "ipcp-accept-remote".
However, it does not fix connectivity to FortiGate servers where the FortiGate is giving an incorrect link-local IP address.
from openfortivpn.
DimitriPapadopoulos
commented on July 18, 2024
openfortivpn hardcodes both a link IP and ipcp-accept-remote
Is that a problem? From the pppd(8) man page:
<local_IP_address>:<remote_IP_address>
Set the local and/or remote interface IP addresses. Either one may be omitted. The IP addresses can be specified with a host name or in decimal dot notation (e.g. 150.234.56.78). The default local address is the (first) IP address of the system (unless the noipdefault option is given). The remote address will be obtained from the peer if not specified in any option. Thus, in simple cases, this option is not required. If a local and/or remote IP address is specified with this option, pppd will not accept a different value from the peer in the IPCP negotiation, unless the ipcp-accept-local and/or ipcp-accept-remote options are given, respectively.
ipcp-accept-remote
With this option, pppd will accept the peer's idea of its (remote) IP address, even if the remote IP address was specified in an option.
I have already tried omitting remote_IP_address, but (some version of) pppd fails without it.
from openfortivpn.
DimitriPapadopoulos
commented on July 18, 2024
I'm happy to apply a patch if you can work out a solution, but it has to work with 2.4.9 (when configured with --enable-legacy-pppd) and 2.5.0 (configured without --enable-legacy-pppd).
from openfortivpn.
berenddeschouwer
commented on July 18, 2024
No, I do think this is a mistake in the configuration on the server. I do not think it's possible to fix this inside openfortivpn with pppd 2.5.0.
pppd 2.4.9 worked by accident, because it configures a different remote IP than the remote wants. This is a mistake, but in this case two wrongs make a right.
pppd 2.5.0 won't work with the same server configuration. This is a behavioural change towards correctness. pppd would need to add an option "ipcp-override-remote" to restore the incorrect 2.4.9 behaviour.
from openfortivpn.
Related Issues (20)
- Detecting VPN Disconnections sooner for retry HOT 5
- URI missing as configuration parameter HOT 2
- Using openvpn breaks openfortivpn HOT 3
- Invalid session ID error when trying to connect from a different network HOT 5
- Use private key file from Windows?
- macOS 14.2.1 and 1.21.0 blocks HOT 5
- modify firewall HOT 3
- connecting with @ in username and context in host HOT 3
- Empty cookie error after server upgrade from 7.2.7 to 7.2.8 HOT 10
- "Error writing to SSL connection" on FreeBSD
- 405 Method Not Allowed HOT 1
- openfortivpn on MAC gets stuck HOT 6
- openfortivpn version 1.22.0
- Wrong value in the 'Accept-Encoding' header HOT 2
- openfortivpn version 1.22.1
- IPCP terminated by peer (conflicting remote IP address) HOT 8
- Explain OTP Flag HOT 1
- v1.20.3 on OpenWRT - Hughes Internet HOT 9
- Older macOS do not provide `vdprintf`: `Undefined symbols: "_vdprintf"` HOT 11
- openfortivpn 1.3.0 not working on ubuntu 24.04 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openfortivpn.