[Openswan Users] Problems with ppp authentication

Peter McGill petermcgill at goco.net
Thu Sep 18 10:25:59 EDT 2008 

Hennes,

Generally only the client authenticates with the server,
the server does not authenticate to the client.
The problem your describing sounds to me like your asking
the server to authenticate to your client.

I would suggest:
refuse authentication = no
require authentication = no

Also check that your ppp options file does not ask for auth.
#auth
noauth
#+pap
#-pap
#+chap
#-chap

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Hennes
> Sent: September 18, 2008 10:02 AM
> To: users at openswan.org
> Subject: [Openswan Users] Problems with ppp authentication
> 
> Hi at all!
> 
>  
> 
> I have the following problem:
> 
>  
> 
> I try to connect my linux client (centos 5.2; openswan 
> 2.6.16; xl2tpd 1.1.12) to a cisco 2811 router.
> 
>  
> 
> And the client wants the server to authenticate itself, so I 
> tried to handle this with the option refuse/require authentication.
> 
> Because the cisco specialists also told me to try this, 
> because they think their configuration is correct, maybe or 
> maybe not. 
> 
> So I have to change my config, but it doesn't work at all. 
> 
>  
> 
> output: refuse authentication = no
> 
>  
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Connecting to host 
> 172.16.0.1, port 1701 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Connection established 
> to 172.16.0.1, 1701.  Local: 59623, Remote: 5931 (ref=0/0). 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Calling on tunnel 59623 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Call established with 
> 172.16.0.1, Local: 23024, Remote: 9, Serial: 2 (ref=0/0) 
> 
> Sep 17 19:49:34 ac-conn1 pppd[5779]: pppd 2.4.4 started by root, uid 0
> 
> Sep 17 19:49:34 ac-conn1 pppd[5779]: Using interface ppp0
> 
> Sep 17 19:49:34 ac-conn1 pppd[5779]: Connect: ppp0 <--> /dev/pts/6
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: handle_avps:  dont 
> know how to handle atribute 46. 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: handle_avps:  dont 
> know how to handle atribute 104. 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: control_finish: 
> Connection closed to 172.16.0.1, serial 2 (Locally generated 
> disconnect) 
> 
> Sep 17 19:49:44 ac-conn1 xl2tpd[5679]: control_finish: 
> Connection closed to 172.16.0.1, port 1701 (), Local: 59623, 
> Remote: 5931 
> 
>  
> 
> output: refuse authentication = yes or require authentication = yes/no
> 
>  
> 
> Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Connecting to host 
> 172.16.0.1, port 1701 
> 
> Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Connection established 
> to 172.16.0.1, 1701.  Local: 27322, Remote: 33910 (ref=0/0). 
> 
> Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Calling on tunnel 27322 
> 
> Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Call established with 
> 172.16.0.1, Local: 10145, Remote: 10, Serial: 1 (ref=0/0) 
> 
> Sep 17 20:02:33 ac-conn1 kernel: CSLIP: code copyright 1989 
> Regents of the University of California
> 
> Sep 17 20:02:33 ac-conn1 kernel: PPP generic driver version 2.4.2
> 
> Sep 17 20:02:33 ac-conn1 pppd[5732]: pppd 2.4.4 started by root, uid 0
> 
> Sep 17 20:02:33 ac-conn1 pppd[5732]: Using interface ppp0
> 
> Sep 17 20:02:33 ac-conn1 pppd[5732]: Connect: ppp0 <--> /dev/pts/2
> 
> Sep 17 20:03:03 ac-conn1 pppd[5732]: No response to PAP 
> authenticate-requests
> 
> Sep 17 20:03:03 ac-conn1 pppd[5732]: Connection terminated.
> 
> Sep 17 20:03:03 ac-conn1 pppd[5732]: Exit.
> 
> Sep 17 20:03:03 ac-conn1 xl2tpd[5687]: call_close: Call 10145 
> to 172.16.0.1 disconnected 
> 
> Sep 17 20:03:13 ac-conn1 xl2tpd[5687]: control_finish: 
> Connection closed to 172.16.0.1, port 1701 (), Local: 27322, 
> Remote: 33910 
> 
>  
> 
>  
> 
> And the cisco debug:
> 
>  
> 
> refuse authentication = no
> 
>  
> 
> *Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Using vpn set call direction
> 
> *Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Treating connection 
> as a callin
> 
> *Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Session 
> handle[F5000009] Session id[7]
> 
> *Sep 17 2008 22:04:44.819 MEST: ppp7 PPP: Authorization required
> 
>  
> 
>  
> 
> refuse authentication = yes or require authentication = yes/no
> 
>  
> 
> *Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Using vpn set call direction
> 
> *Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Treating connection 
> as a callin
> 
> *Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Session 
> handle[1800000B] Session id[9]
> 
> *Sep 17 2008 22:21:38.803 MEST: ppp9 PPP: Authorization required
> 
> *Sep 17 2008 22:21:38.811 MEST: ppp9 PAP: I AUTH-REQ id 1 len 
> 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:38.811 MEST: ppp9 PAP: Authenticating peer ac-conn1
> 
> *Sep 17 2008 22:21:38.811 MEST: ppp9 PPP: Sent PAP LOGIN Request
> 
> *Sep 17 2008 22:21:38.811 MEST: ppp9 PPP: Received LOGIN Response PASS
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 PPP: Sent LCP AUTHOR Request
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 PPP: Sent IPCP AUTHOR Request
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 LCP: Received AAA 
> AUTHOR Response PASS
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 IPCP: Received AAA 
> AUTHOR Response PASS
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 PAP: O AUTH-ACK id 1 len 5
> 
> *Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: I AUTH-REQ id 2 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: O AUTH-ACK id 2 len 5
> 
> *Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: I AUTH-REQ id 3 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: O AUTH-ACK id 3 len 5
> 
> *Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: I AUTH-REQ id 4 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: I AUTH-REQ id 5 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: O AUTH-ACK id 5 len 5
> 
> *Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: I AUTH-REQ id 6 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: O AUTH-ACK id 6 len 5
> 
> *Sep 17 2008 22:21:56.811 MEST: Vi2.1 PAP: I AUTH-REQ id 7 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:56.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:56.815 MEST: Vi2.1 PAP: O AUTH-ACK id 7 len 5
> 
> *Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: I AUTH-REQ id 8 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: O AUTH-ACK id 8 len 5
> 
> *Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: I AUTH-REQ id 9 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: O AUTH-ACK id 9 len 5
> 
> *Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: I AUTH-REQ id 10 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: O AUTH-ACK id 10 len 5
> 
>  
> 
> Maybe someone has an answer why it doesn't work, or why the 
> pppd doesn't match with the acknowledge.
> 
>  
> 
> Thanks Hennes
> 
>  
> 
>

More information about the Users mailing list