[Openswan Users] Issues with L2TPNS and Openswan on Fedora Core 4

Wed Aug 3 20:20:27 CEST 2005

Yea, if you want to use radius back into a Windows AD infrastructure,
then I guess you have to use L2TPNS.  I was authenticating with local
unix accounts, and I think the debian guys do their own package
maintance, so the package sees more fixes that the official source.

I've found that the Windows Radius was very picky with my Access
Point, PDA, and using 802.1X.  Maybe it has similar issues with IPSEC?

(Authentication took so long to occur, that the device thought it had
timed out, and tried again, then got authenticated and connected...
Then the second request would kick the device off the network)

On 03/08/05, Tim P <panterafreak at gmail.com> wrote:
> Yes I tried that route but I don't think I ever completed it.  I used
> that package, might be that I confused it with L2TPNS and it didn't
> start properly (running both at same time).  Ideally I have only
> windows xp clients with sp2 connecting to the vpn and they all
> authenticate vs my 2003 active directory.  I have a radius server
> interfaced with ldap as well as a samba connection (with winbind) that
> I was working on figuring out.  I think the reason I went with another
> l2tp daemon is that l2tpd hasn't been updated since 2002 according to
> sourceforge.  I am currently running fedora core 4 as my base os, does
> that change anything?
> 
> On 8/2/05, Norman Rasmussen <normanr at gmail.com> wrote:
> > I'm using the debian l2tp daemon (based off http://www.marko.net/l2tp
> > and http://www.sourceforge.net/projects/l2tpd apparently from the man
> > page)
> >
> > My client in WinXP SP2, and it happily connects via the l2tp daemon to
> > ppp and authenticates.   Is there any particular reason why you are
> > using l2tpns?
> >
> > What's you client? and have you tried using ppp authentication instead
> > of l2tp authentication?
> >
> > On 02/08/05, Tim P <panterafreak at gmail.com> wrote:
> > > I fixed this issue because I needed to set my bind address to either
> > > the outside address or a new address that resided on my internal
> > > subnet (forget which, dont have the machine accessible right now).
> > >
> > > I have a new problem in that the L2TP server never seems to do
> > > anything with the vpn request for l2tp authentication.  I have a good
> > > ipsec tunnel (you said it looked good when you saw the output) and the
> > > radius authentication works fine but I can't seem to get L2TP to show
> > > anything in the logs when a request comes through.  Essentially ipsec
> > > kills the tunnel after a minute or so when no authentication is
> > > completed.
> > >
> > > On 8/2/05, Jacco de Leeuw <jacco2 at dds.nl> wrote:
> > > > Tim P wrote:
> > > >
> > > > > I am using L2TPNS for my L2TP server and when it brings up the tun0
> > > > > interface (actually when I start the service/executable) it seems to
> > > > > kill my second nic in the box.  I have eth0 as my "outside" nic and
> > > > > eth1 as my "inside" nic.  When tun0 becomes active I am no longer able
> > > > > to ping on the inside network.
> > > >
> > > > It "kills" your internal interface? What does that mean?
> > > > You are pinging from what to what? The IPsec connection is not even up
> > > > at that stage?
> > > >
> > > >
> > > > > set bind_address 192.168.0.1
> > > > >
> > > > > I am hosting freeradius on the vpn box, I can use 127.0.0.1 correct?
> > > >
> > > > AFAIK, yes.
> > > >
> > > > > Bind_address I have set to my eth1 (inside) nic address, is that correct?
> > > >
> > > > What if you use your 'outside' nic address?
> > > >
> > > > Jacco
> > > > --
> > > > Jacco de Leeuw                         mailto:jacco2 at dds.nl
> > > > Zaandam, The Netherlands           http://www.jacco2.dds.nl
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at openswan.org
> > > > http://lists.openswan.org/mailman/listinfo/users
> > > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at openswan.org
> > > http://lists.openswan.org/mailman/listinfo/users
> > >
> >
> >
> > --
> > - Norman Rasmussen
> >  - Email: norman at rasmussen.co.za
> >  - Home page: http://norman.rasmussen.co.za/
> >
> 

-- 
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/