[Openswan Users] openswan + l2tpd + iptables problem

mechanix at debian.org mechanix at debian.org
Wed Oct 18 16:00:18 EDT 2006 

Hi all,

On Wed, Oct 18, 2006 at 03:46:05PM +0200, mechanix at debian.org wrote:
> On Wed, Oct 18, 2006 at 02:32:54PM +0200, Jacco de Leeuw wrote:
> > 
> > Filip wrote:
> > >
> > >rcvd [CCP ConfReq id=0x11 <mppe +H -M -S -L -D +C>]
> > >sent [CCP ConfRej id=0x11 <mppe +H -M -S -L -D +C>]
> > 
> > The Windows client keeps asking for MPPE encryption. Did you configure
> > the VPN Wizard to use "Advanced (custom settings)" or
> > "Geavanceerd (aangepaste instellingen)"? Disable "Encryption required"
> > or "Codering vereisen".
> > 
> > Alternative, you could add "noccp" to options.ppp.l2tpd
> 
> I can't try it until this evening, but I will.
> 
> I see that there's a ppp_mppe kernel module on the non-working gateway.
> I'll try loading it and adding require-mppe as well.

I tried both -- not together -- require-mppe and noccp but without any
luck. I haven't recreated the CMAK profile to disable encryption yet.

However, I enabled PPP tracing on the XP client, and from what I can see
the responses after initial handshake and authentication never actually
reach it.
I took a closer look at the logs, and it seems that the pppd mtu option
from the configuration file is simply ignored. The client asks for a mru
of 1400, and pppd just acknowledges that, and then possibly starts sending
packets which are to big and do not get through. This seems to happen at
both gateways, only on the other mtu/mru isn't a problem.

> Actually, is there some way to have optional mppe? There's only nomppe
> which is default and disables it completely AFAICT from the pppd manpage,
> and require-mppe which looks like it would seem to make it mandatory.
<...> 
> BE gateway log (I closed the connection from the client after a successful
> ping):
> 
> ...
> Oct 17 21:15:17 pluto pppd[8508]: sent [LCP ConfReq id=0x1 <mru 1200> <asyncmap 0x0> <auth chap MS-v2> <magic 0x31ec0f5a> <pcomp> <accomp>]
> Oct 17 21:15:17 pluto pppd[8508]: rcvd [LCP ConfAck id=0x1 <mru 1200> <asyncmap 0x0> <auth chap MS-v2> <magic 0x31ec0f5a> <pcomp> <accomp>]
> Oct 17 21:15:17 pluto pppd[8508]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x30b27fb> <pcomp> <accomp> <endpoint [local:32.73.ba.5c.47.c0.4e.92.bc.98.69.d7.cb.e7.1b.5f.00.00.00.01]>]
> Oct 17 21:15:17 pluto pppd[8508]: sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x30b27fb> <pcomp> <accomp> <endpoint [local:32.73.ba.5c.47.c0.4e.92.bc.98.69.d7.cb.e7.1b.5f.00.00.00.01]>]

KR,

Filip

-- 
http://slider.rack66.net/~mechanix/blog/

More information about the Users mailing list