<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2523" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>Hi
All,</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>I have managed to
get the IPSec/L2TP parts of the VPN working, but I'm now having issues with the
PPP connection.</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>This is a Windows XP
Pro SP2 connecting to a Fedora Core 2 Server running OpenSwan 2.2.0 using x509
certificates.</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>The Windows
IPSec/VPN client connects, negotiates keys then falls over on the PPP setup with
the error:</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>"Error 732: Your
computer and the remote computer could not agree on PPP control
protocols."</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>I have setup the
connection with LCP and compression turned on. Using EAP.</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>As for on the linux
box I'm getting this in /var/log/messages :</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004></SPAN> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>Oct 19 16:21:37
fedora-1 pppd[6566]: pppd 2.4.2 started by root, uid 0<BR>Oct 19 16:21:37
fedora-1 pppd[6566]: Using interface ppp0<BR>Oct 19 16:21:37 fedora-1
pppd[6566]: Connect: ppp0 <--> /dev/pts/4 (This is when the XP
Client errors out)<BR>Oct 19 16:22:07 fedora-1 pppd[6566]: LCP: timeout sending
Config-Requests (This comes a while after, as you can see)<BR>Oct 19
16:22:07 fedora-1 pppd[6566]: Connection terminated.<BR>Oct 19 16:22:07 fedora-1
pppd[6566]: tcflush failed: Input/output error<BR>Oct 19 16:22:07 fedora-1
pppd[6566]: Exit.<BR></FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>My current
/etc/l2tp/l2tp.conf is:</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>load-handler
"sync-pppd.so"<BR>load-handler "cmd.so"</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>listen-port
1701<BR>listen-addr 192.168.42.250</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>section
sync-pppd</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>lns-pppd-opts
"192.168.42.0:192.168.42.254 refuse-chap require-pap name
vpn.pmsi-consulting.com lcp-echo-failure 3 lcp-echo-interval 5"<BR>lac-pppd-opts
"name vpn.pmsi-consulting.com noipdefault ipcp-accept-local ipcp-accept-remote
lcp-echo-failure 3 lcp-echo-interval 5 file
/etc/l2tp/ppp.options"</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>section peer<BR>peer
0.0.0.0<BR>mask 0<BR>port 1701<BR>lac-handler sync-pppd<BR>lns-handler
sync-pppd<BR>hide-avps yes</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2># Configure the cmd
handler. You MUST have a "section cmd" line # even if you don't set any
options.<BR>section cmd<BR></FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>And for my
/etc/l2tp/ppp.options :</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial
size=2>ipcp-accept-local<BR>ipcp-accept-remote<BR>lcp-echo-failure
3<BR>lcp-echo-interval 5<BR>ms-dns 192.168.42.13<BR>ms-wins
192.168.42.13<BR>noccp<BR>noauth<BR>crtscts<BR>deflate<BR>bsdcomp<BR>idle
1800<BR>mtu 1000<BR>mru
1000<BR>nodefaultroute<BR>debug<BR>lock<BR>proxyarp<BR>connect-delay
500<BR></FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>I reckon that is has
somthing todo with compression. I have tried many combinations of on/off both on
the server and the client. </FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>Can anyone shead any
light on this?</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial size=2>Kind
regards,</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial
size=2>Daniel.</FONT></SPAN></DIV>
<DIV><SPAN class=444501815-19102004><FONT face=Arial
size=2> </DIV></FONT></SPAN>
<DIV><SPAN class=444501815-19102004></SPAN><FONT face=Arial
size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Daniel Bartlett</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>PMSI Consulting<BR></FONT><A
href="blocked::http://www.pmsi-consulting.com"><FONT face=Arial
size=2>www.pmsi-consulting.com</FONT></A><BR><FONT face=Arial size=2>White Lion
House, 64 Highgate High Street, London, N6 5HX, UK</FONT><FONT face=Arial
size=2><BR>______________________________________________________<BR>This
communication may contain information that is privileged & confidential. It
is for the exclusive use of the intended recipient(s). If you have received this
e-mail in error please notify the sender. Note that if you are not the intended
recipient(s), any form of distribution, copying or use of this communication or
the information in it is strictly prohibited and may be unlawful.</FONT></DIV>
<DIV> </DIV></BODY></HTML>