[Openswan Users] PPP LCP Issues

Daniel Bartlett dbartlett at pmsi-consulting.com
Wed Oct 20 10:08:28 CEST 2004


> > I have managed to get the IPSec/L2TP parts of the VPN working, but
> > now having issues with the PPP connection.
> > This is a Windows XP Pro SP2 connecting to a Fedora Core 2 Server 
> > running OpenSwan 2.2.0 using x509 certificates.
> >  
> > The Windows IPSec/VPN client connects, negotiates keys then falls
> > on the PPP setup with the error:
> > "Error 732: Your computer and the remote computer could not agree on

> > PPP control protocols."
> > I have setup the connection with LCP and compression turned on.
Using EAP.

> EAP? Why is that? What happens if you try PAP/CHAP?

EAP is because of the use of x509 Certificates. The authentication is
done based on same CA for certificate, unless its in the CRL list.
Occasionally I have tried turning PAP on (sever side) and the connection
drops with password incorrect(I guess that it is sending my domain
password) so I think this is erroring out after that.

> There are some other settings that you could try, e.g. disable (MPPE)
encryption, disable (the patent encumbered MPPC) compression, disable
LCP extensions.

> > Oct 19 16:22:07 fedora-1 pppd[6566]: LCP: timeout sending 
> > Config-Requests   (This comes a while after, as you can see)

> Do you actually see (encapsulated) PPP packets being sent to the
client with tcpdump? You could also enable Windows PPP debugging (see:
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#Windowsdebug)

I have sniffed as as far as I can see they are encapuslated, well they
are going over port 500 not 1701 so I think they are.

I have enabled the debugging, but all I can see is requests like: 
And as my knowedge of PPP is quite limited I cannot understand them...


More information about the Users mailing list