[Openswan Users] PPP LCP Issues
Daniel Bartlett
dbartlett at pmsi-consulting.com
Wed Oct 20 10:08:28 CEST 2004
Hi,
> > I have managed to get the IPSec/L2TP parts of the VPN working, but
I'm
> > now having issues with the PPP connection.
> > This is a Windows XP Pro SP2 connecting to a Fedora Core 2 Server
> > running OpenSwan 2.2.0 using x509 certificates.
> >
> > The Windows IPSec/VPN client connects, negotiates keys then falls
over
> > on the PPP setup with the error:
> > "Error 732: Your computer and the remote computer could not agree on
> > PPP control protocols."
> > I have setup the connection with LCP and compression turned on.
Using EAP.
> EAP? Why is that? What happens if you try PAP/CHAP?
EAP is because of the use of x509 Certificates. The authentication is
done based on same CA for certificate, unless its in the CRL list.
Occasionally I have tried turning PAP on (sever side) and the connection
drops with password incorrect(I guess that it is sending my domain
password) so I think this is erroring out after that.
> There are some other settings that you could try, e.g. disable (MPPE)
encryption, disable (the patent encumbered MPPC) compression, disable
LCP extensions.
> > Oct 19 16:22:07 fedora-1 pppd[6566]: LCP: timeout sending
> > Config-Requests (This comes a while after, as you can see)
> Do you actually see (encapsulated) PPP packets being sent to the
client with tcpdump? You could also enable Windows PPP debugging (see:
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Windowsdebug)
I have sniffed as as far as I can see they are encapuslated, well they
are going over port 500 not 1701 so I think they are.
I have enabled the debugging, but all I can see is requests like:
...Configure-Req...
...
...Configure-Reject...
...
...Configure-Ack...
...
...Configure-Nak...
And as my knowedge of PPP is quite limited I cannot understand them...
Regards,
Daniel.
More information about the Users
mailing list