-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Peer refused to agree to our IP address and connection is terminated #1076
Comments
I don't know how to tackle this. As noted in #920, the error originates in The real fix would be to merge branch tun and get rid of |
Note that in the |
I try the ipcp-accept-remote and the tunnel now always connect, but there is no traffic in the vpn, i cannot reach the subnets on the other side, routes are well created... what i notice is that after the tunnel is up, in debug only exists traffic in one way: ppp -> gateway, the gateway is not responding not sure if is normal..
How can i help you to speedup the tun implementation? |
I just try openconnect, it uses tun, and is OK, the connection is establish always. |
I just need help with fixing routing. I agree about exploring vpnc-scripts, see #678. But then vpnc-scripts is not well-maitained either: |
sure, i just start playing with vpnc-scripts , i miss the options to set no-route or no-dns (on my setup i want to create them manually), the positive side is that we can easily modify the script. I can help you test the tun branch, i have debian environment is it ok for you? |
Sure. I'm on Ubuntu 22.04 myself. Perhaps we can simulate no-route or no-dns by resetting environment variables passed as arguments to vpnc-scripts? |
I ran into this issue after updating ppp to 2.5.0. Gentoo main tree does not yet have an updated openfortivpn. Even so, I have been using the old patch for an ifup issue (setting DNS for systemd-resolved) and do not know how to migrate to vpnc-scripts. |
Migrating to vpnc-scripts implies someone contributing the actual code to openfortivpn. Using tun instead of |
…nection fails with 'Peer refused to agree to his IP address' message. see adrienverge/openfortivpn/issues/1076 Signed-off-by: Petru Ciobanu <[email protected]>
net-dialup/ppp-2.5.0 is incompatible. A new connection fails with 'Peer refused to agree to his IP address' message. see adrienverge/openfortivpn/issues/1076 Signed-off-by: Petru Ciobanu <[email protected]> Closes: #30818 Signed-off-by: Joonas Niilola <[email protected]>
I'm trying to catch up here. If I can help with the routing in the context ov vpnc-scripts, just let me know |
This appears for me in 1.20.5 but not in 1.20.4:
|
The workaround of adding |
It looks like we need to add
I will need help at least with the latter. |
I tried this in the nix-shell with version 1.20.4 and it works fine. If I try using 1.20.5 I get the same problem of "Peer refused to agree to his IP address" and it won't work. I'm a bit new to nixos, so I just need to figure out how to use an older package in the configuration.nix until this issue is fixed. |
@AdrianChungie try something like:
|
It all seems to be a misunderstanding between ppp and openfortivpn, more on the ppp side client 1.20.1 with ppp-2.4.9-r6 ok client 1.20.1 with ppp-2.5.0-r2 Peer refused to agree to his IP address After adding
But this one is related to the Alpine ppp package, details here Bottom line |
I also got |
I'm also on Arch Linux with recently updated openfortivpn 1.20.5, pppd 2.5.0 and networkmanager-fortisslvpn 1.4.0. |
I've got the same problem since today. |
Same here, on Archlinux. |
Yes, the problem seems to be on ppp 2.5.0. |
Can confirm rolling back to |
I've got the same problem today. Rolling back to ppp |
I have fixed this issue by enabling or adding
in the /etc/ppp/options |
For those using networkmanager-fortisslvpn on Archlinux, you can find a solution reading this comment in AUR. |
Can confirm that this resolved the issue for me as well. After uncommenting these config lines, VPN connected without issue. |
PSA for people using nixos like me, you need:
|
I think we need to make |
Hmm VPN stopped working Fedora 39. Interesting. Well seems Fedora's still on 1.19. |
Hi @leppaott , same case. I fixit with add the next line to options, the same indicate in the issue, and work arround in this issuue. cat /etc/ppp/options The cause is fedora 39 update pppd to https://packages.fedoraproject.org/pkgs/ppp/ppp/fedora-39.html --> ppp-2.5.0-3.fc39 in Fedora 39 |
Fixed it for me! Had to edit the file, add the new line & simply retried connecting. Thanks! |
@ameijboom Are you using Fedora 39 too? |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
I was, however after some more testing, I realised I can’t access any resources on the network. So while I can connect, it’s basically useless right now. |
@ameijboom Thank you for the feedback. So while adding |
Yes, with this modification, all my vpns that connect with openfortivpn it's working. Perhaps its my configuration, I've two scritps:
Content of configVPMhost = xxx.example.com
sudo systemd-resolve --interface=ppp0 --set-dns=XXXXXXX --set-dns=YYYYYY --set-domain=example.com |
Thank You from /etc/ppp/options |
Hi,
I'm having the same issue as #920, sometimes i got "Peer refused to agree to our IP address".
I'm using the version 1.20.1, on debian bullseye.
the file /etc/ppp/options is the original one.
Here is the log when it happens:
I try to enable ppp log but only got:
The text was updated successfully, but these errors were encountered: