Re: Issue 22386 in chromium-os: L2TP/IPsec VPN fails to connect to Check Point VPN server

11 views
Skip to first unread message

chrom...@googlecode.com

unread,
Nov 2, 2011, 3:46:00 PM11/2/11
to chromium...@chromium.org
Updates:
Status: Fixed

Comment #4 on issue 22386 by benc...@chromium.org: L2TP/IPsec VPN fails to
connect to Check Point VPN server
http://code.google.com/p/chromium-os/issues/detail?id=22386

Fixed in ToT.

chrom...@googlecode.com

unread,
Nov 2, 2011, 3:50:05 PM11/2/11
to chromium...@chromium.org
Updates:
Cc: r...@chromium.org
Labels: -Mstone-R17 Mstone-R16 Team-Systems Merge-Requested

Comment #5 on issue 22386 by benc...@chromium.org: L2TP/IPsec VPN fails to

connect to Check Point VPN server
http://code.google.com/p/chromium-os/issues/detail?id=22386

(No comment was entered for this change.)

chrom...@googlecode.com

unread,
Nov 3, 2011, 1:42:46 AM11/3/11
to chromium...@chromium.org

Comment #9 on issue 22386 by bugdro...@chromium.org: L2TP/IPsec VPN fails
to connect to Check Point VPN server
http://code.google.com/p/chromium-os/issues/detail?id=22386#c9

Commit: e80851fda152737008c679f9ce50dad4ffbce2c4
Email: ben...@chromium.org

vpn-manager: Not to refuse PAP authentication by default.

This CL changes the default value of the refuse_pap flag from true to
false in L2tpManager, which makes xl2tpd not to refuse PAP
authentication by default.

BUG=chromium-os:22386
TEST=Verified the following:
1. Connected successfully to Check Point VPN server (with a patched
version of xl2tpd to remove some AVPs in L2TP control packets).
2. Connected successfully to Windows 2008 RRAS server, Cisco ASA 5505
and StrongSWAN VPN server with L2TP/IPsec pre-shared key to make sure
the existing VPN support still works fine.
3. Ran network_VPN autotest test suite.

Change-Id: I1dd1149d693c8f206dfd8e75f599543c8b4623f8
Reviewed-on: https://gerrit.chromium.org/gerrit/11100
Reviewed-by: Ken Mixter <kmi...@chromium.org>
Tested-by: Ben Chan <ben...@chromium.org>

M l2tp_manager.cc
M l2tp_manager_test.cc

chrom...@googlecode.com

unread,
Nov 3, 2011, 1:46:50 AM11/3/11
to chromium...@chromium.org

Comment #11 on issue 22386 by bugdro...@chromium.org: L2TP/IPsec VPN fails
to connect to Check Point VPN server
http://code.google.com/p/chromium-os/issues/detail?id=22386#c11

Commit: ee19cc5fa88c3e5ddfe46863090c12567838d7b4
Email: ben...@chromium.org

Patch xl2tpd-1.3.0 to exclude certain AVPs from L2TP control packets.

Certain AVPs (see RFC 2661 for details) included in L2TP control packets
by xl2tpd seem to be rejected by some VPN servers such as Check Point
VPN. Those AVPs are either optional or not used in our use cases. This
CL patches xl2tpd-1.3.0 to work around the issue by excluding those AVPs
from L2TP control packets.

BUG=chromium-os:22386
TEST=Verified the following:

1. Connected successfully to Check Point VPN server.


2. Connected successfully to Windows 2008 RRAS server, Cisco ASA 5505
and StrongSWAN VPN server with L2TP/IPsec pre-shared key to make sure
the existing VPN support still works fine.

3. network_VPN autotest test suite passed.

Change-Id: I44a28cc956c3a55a49f5a3df2b0bcf73c4a8bf28
Reviewed-on: https://gerrit.chromium.org/gerrit/11102


Reviewed-by: Ken Mixter <kmi...@chromium.org>
Tested-by: Ben Chan <ben...@chromium.org>

A net-dialup/xl2tpd/files/xl2tpd-1.3.0-avp-workaround.patch
A net-dialup/xl2tpd/xl2tpd-1.3.0-r1.ebuild
M net-dialup/xl2tpd/xl2tpd-1.3.0.ebuild
M profiles/targets/chromeos/package.keywords

chrom...@googlecode.com

unread,
Nov 3, 2011, 1:50:52 AM11/3/11
to chromium...@chromium.org

Comment #10 on issue 22386 by bugdro...@chromium.org: L2TP/IPsec VPN fails
to connect to Check Point VPN server
http://code.google.com/p/chromium-os/issues/detail?id=22386#c10

Commit: f85276e8e7a096661965641165835d9c645f576a
Email: ben...@chromium.org

net-dialup/xl2tpd: import xl2tpd 1.3.0 from upstream Gentoo

This CL is identical to that one committed to third_party/portage-stable
a while ago (http://gerrit.chromium.org/gerrit/8176) but copied to
third_party/chromiumos-overlay so that we can apply local patches.

BUG=chromium-os:22386
TEST=emerge xl2tpd-1.3.0 for x86-generic and arm-generic

Change-Id: I17015b549001b751871342ffc48798f6aa24694a
Reviewed-on: https://gerrit.chromium.org/gerrit/11101


Reviewed-by: Ken Mixter <kmi...@chromium.org>
Tested-by: Ben Chan <ben...@chromium.org>

A net-dialup/xl2tpd/files/xl2tpd-1.3.0-LDFLAGS.patch
A net-dialup/xl2tpd/files/xl2tpd-dnsretry.patch
A net-dialup/xl2tpd/xl2tpd-1.3.0.ebuild

chrom...@googlecode.com

unread,
Nov 3, 2011, 1:54:55 AM11/3/11
to chromium...@chromium.org
Updates:
Status: Fixed
Labels: -Merge-Approved Merge-Merged

Comment #12 on issue 22386 by benc...@chromium.org: L2TP/IPsec VPN fails to

connect to Check Point VPN server
http://code.google.com/p/chromium-os/issues/detail?id=22386

Merged into R16 branch

chrom...@googlecode.com

unread,
Nov 10, 2011, 11:44:56 PM11/10/11
to chromium...@chromium.org
Updates:
Status: Verified

Comment #13 on issue 22386 by deep...@chromium.org: L2TP/IPsec VPN fails to

connect to Check Point VPN server
http://code.google.com/p/chromium-os/issues/detail?id=22386

Verified in 1193.49.0 with 16.0.912.36 (r109393).

Reply all
Reply to author
Forward
0 new messages