[Openswan Users] Need your help related to l2tpd-openswan

Utkarsh Shah utkarsh at elitecore.com
Thu Jun 14 08:35:41 EDT 2007


Hi Jacoo,

Thanks for your help.

Jacco de Leeuw wrote:
> Utkarsh Shah wrote:
>
>> 1. When L2TP server is behind NAT box, it doesn't work.
>
> http://www.jacco2.dds.nl/networking/openswan-l2tp.html#serverNATed
>
> Or do you mean you are forwarding L2TP from the Openswan server to
> some other L2TP server located behind it?
I have same network scenario which you have described.
After editing registry, I am able to successfully establish IPSec SA but 
not able to establish l2tp connection.
i checked tcp dump and found that udp1701 packets were comming on ipsec0 
interface but they are not received by l2tp daemon
still i m checking on it.. may be its my mistake in configuration.
>
>> 2. MS-CHAP or CHAP protocol support, in case of external authentication.
>>     i.e. we have radius server to authenticate user. if user selects 
>> chap or ms-chap at l2tp client, password will be passed encrypted.
>>     and we are not be able pass decrypted password and at external 
>> server we need plain password.
>
> What is your question exactly?
>
> The lack of encryption in PAP should not be much of a problem. It is
> encrypted within IPsec anyway.
I want external authentication for l2tp users
i am able to do it if PAP is used
i want to use chap or ms-chap
external server accepts plain password
please guide me to achieve it.
>
>> Please guide me to achieve above requirement. Will xl2tp will help ??
>
> xl2tpd is an updated version but I think it will work the same as l2tpd
> in this respect.
>
> Jacco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070614/d56c65c4/attachment-0001.html 


More information about the Users mailing list