I am having a difficult time establishing an outside connection to my home server. I have a Mac Mini server attached to a time capsule which has control of my DNS, Port forwarding, network, etc. Also, I do not have a router with any extra capabilities for airport utility to try and manage I have a SB5101 SURFboard cable modem which directly leads to the input of my Time Capsule, then a wired connection leading to the server.
I am not fully sure which type of authentication or encryption to use so I have been trying them all out. It has been suggested to me that PPTP is no longer a good idea for security but that it's probably the easiest to test out this connection problem since it can go the lowest with encryption and generally gets through without as much trouble. PPTP does not connect. I have setup an L2TP shared key on my server and I can see in my logs that it is validating and accepting it, however this also does not connect.
Typically the whole thing gets past all the steps up until the username/password verification and then it fails with either an error 629 or 619 saying the remote connection failed, refused by host or that the user/pass is not recognized, or the authentication type is not allowed.
Here are the logs in my server system.log that are in reference to the VPN processes on L2TP:
- IPSec Phase 2 started (Initiated by peer).
- IKE Packet: receive success. (Responder, Quick-Mode message 1).
- >>>>> phase change status = Phase 2 started
- IKE Packet: transmit success. (Responder, Quick-Mode message 2).
- IKE Packet: receive success. (Responder, Quick-Mode message 3).
- IKEv1 Phase 2 Responder: success. (Responder, Quick-Mode).
- IPSec Phase 2 established (Initiated by peer).
- Invalid pfkey proto: 0
- >>>>> phase change status = Phase 2 established
- IKE Packet: receive success. (Information message).
- IPSec Phase 2 started (Initiated by peer).
- IKE Packet: receive success. (Responder, Quick-Mode message 1).
- >>>>> phase change status = Phase 2 started
- IKE Packet: transmit success. (Responder, Quick-Mode message 2).
- IKE Packet: receive success. (Responder, Quick-Mode message 3).
- IKEv1 Phase 2 Responder: success. (Responder, Quick-Mode).
- IPSec Phase 2 established (Initiated by peer).
- IKE Packet: receive success. (Information message).
- Invalid pfkey proto: 0
...And this continues until...
[same IP addresses are censored with X's]
- sshd[16459]: reverse mapping checking getaddrinfo for customer-XXX-XX-XXX-XX.whatever.com.mx [187.210.18.197] failed - POSSIBLE BREAK-IN ATTEMPT!
- sshd[16459]: Invalid user xbian from XXX-XX-XXX-XX
- sshd[16459]: input_userauth_request: invalid user xbian [preauth]
sshd[16459]: Connection closed by XXX-XX-XXX-XX [preauth]
apsd[55]: Failed entitlement check 'com.apple.private.aps-connection-initiate' for ManagedClientAgent[16448]
apsd[55]: Peer connection [pid=XXXXX] lacks APSConnectionInitiateEntitlement
sshd[16348]: error: PAM: authentication error for root from (Different IP - I wrote this) XXX-XXX-XXX-XX via (LAN address of my server - I wrote this) 10.0.XX.XXX
If the error isn't here then I don't know where to look.
Aucun commentaire:
Enregistrer un commentaire