[Openswan Users] Problems with ppp authentication

Hennes hennes_666 at gmx.net
Thu Sep 18 15:56:10 EDT 2008


This is my conf 


/etc/ppp/options.l2tpd.client 

ipcp-accept-local
ipcp-accept-remote
refuse-eap
noccp
noauth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
connect-delay 5000


/etc/xl2tpd/xl2tpd.conf

[global]
; listen-addr = 192.168.1.98
;
; requires openswan-3.1 or higher
; ipsec saref = yes
;
; debug tunnel = yes

[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.99
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

; Connect as a client to a server at 123.123.123.123

[lac L2TPserver]
lns = 172.16.0.1
refuse chap = yes
require pap = yes
;require authentication = yes
; Name should be the same as the username in the PPP authentication!
name = ac-conn1
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes


and the messages when I try to connect

/var/log/secure

Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: initiating Main Mode
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: STATE_MAIN_I2: sent MI2, expecting MR2
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: received Vendor ID payload [Cisco-Unity]
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: received Vendor ID payload [Dead Peer Detection]
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: ignoring unknown Vendor ID payload [2b567366900e67107e0d6704cdde4cf7]
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: received Vendor ID payload [XAUTH]
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: I am sending my cert
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: I am sending a certificate request
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: STATE_MAIN_I3: sent MI3, expecting MR3
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=gematik AG 5, CN=anwasa.gematik.de, S=Konzentrator, G=VPN, SN=00004'
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_256 prf=oakley_sha group=modp1536}
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_ar in duplicate_state, please report to dev at openswan.org
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_er in duplicate_state, please report to dev at openswan.org
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pi in duplicate_state, please report to dev at openswan.org
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pr in duplicate_state, please report to dev at openswan.org
Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #6: initiating Quick Mode RSASIG+ENCRYPT+PFS+DONTREKEY+UP+IKEv2ALLOW {using isakmp#5 msgid:e6b45c2c proposal=AES(12)_256-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1536}
Sep 15 18:49:24 ac-conn1 pluto[4871]: "l2tp-cert" #6: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=e6b45c2c
Sep 15 18:49:24 ac-conn1 pluto[4871]: "l2tp-cert" #6: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Sep 15 18:49:24 ac-conn1 pluto[4871]: "l2tp-cert" #6: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xca04bc5a <0x6e17c06c xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none}

/var/log/messages

Sep 15 18:49:19 ac-conn1 xl2tpd[5928]: init_network: Unable to bind socket: Address already in use. Terminating. 
Sep 15 18:49:29 ac-conn1 xl2tpd[5671]: Connecting to host 172.16.0.1, port 1701 
Sep 15 18:49:29 ac-conn1 xl2tpd[5671]: Connection established to 172.16.0.1, 1701.  Local: 55315, Remote: 2115 (ref=0/0). 
Sep 15 18:49:29 ac-conn1 xl2tpd[5671]: Calling on tunnel 55315 
Sep 15 18:49:29 ac-conn1 xl2tpd[5671]: Call established with 172.16.0.1, Local: 17930, Remote: 3, Serial: 2 (ref=0/0) 
Sep 15 18:49:29 ac-conn1 pppd[5941]: pppd 2.4.4 started by root, uid 0
Sep 15 18:49:29 ac-conn1 pppd[5941]: Using interface ppp0
Sep 15 18:49:29 ac-conn1 pppd[5941]: Connect: ppp0 <--> /dev/pts/4
Sep 15 18:49:59 ac-conn1 pppd[5941]: No response to PAP authenticate-requests
Sep 15 18:49:59 ac-conn1 pppd[5941]: Connection terminated.
Sep 15 18:49:59 ac-conn1 pppd[5941]: Exit.
Sep 15 18:49:59 ac-conn1 xl2tpd[5671]: call_close: Call 17930 to 172.16.0.1 disconnected 
Sep 15 18:50:09 ac-conn1 xl2tpd[5671]: control_finish: Connection closed to 172.16.0.1, port 1701 (), Local: 55315, Remote: 2115



I don't really know what's the problem and I think it’s a problem of the remote side because earlier I selected 
OpenSUSE 11, l2tpd 0.69, and openswan 2.4.7 and got these messages 



Sep  2 00:04:22 linux-vpn-client pluto[4265]:   loaded host cert file '/etc/ipsec.d/certs/usercrt.pem' (1858 bytes)
Sep  2 00:04:22 linux-vpn-client pluto[4265]: added connection description "l2tp-cert"

Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: initiating Main Mode
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: ignoring Vendor ID payload [Cisco-Unity]
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: received Vendor ID payload [Dead Peer Detection]
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: ignoring unknown Vendor ID payload [74154bed40f1d162d45b946bc29def3b]
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: ignoring Vendor ID payload [XAUTH]
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: I am sending my cert
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: I am sending a certificate request
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=gematik AG 5, CN=anwasa.gematik.de, S=Konzentrator, G=VPN, SN=00004'
Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_256 prf=oakley_sha group=modp1536}

Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #2: initiating Quick Mode RSASIG+ENCRYPT+PFS+UP {using isakmp#1}
Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x8df4d3af <0x173d7427 xfrm=AES_256-HMAC_SHA1 NATD=none DPD=none}

Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: do_control: Got message c L2TPserver (12 bytes long)
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ourtid = 16665, entropy_buf = 4119
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: l2tp_call:Connecting to host 172.16.0.1, port 1701
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: control, cid = 0, Ns = 0, Nr = 1
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: handle_avps: handling avp's for tunnel 16665, call 0
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: protocol_version_avp: peer is using version 1, revision 0.
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: firmware_rev_avp: peer reports firmware version 4384 (0x1120)
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: hostname_avp: peer reports hostname 'vpn_gw'
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: vendor_avp: peer reports vendor 'Cisco Systems, Inc.�#'
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: receive_window_size_avp: peer wants RWS of 1024.  Will use flow control.
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: assigned_tunnel_avp: using peer's tunnel 38218
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: framing_caps_avp: supported peer frames:
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: bearer_caps_avp: supported peer bearers:
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: control_finish: Connection established to 172.16.0.1, 1701.  Local: 16665, Remote: 38218.

Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ourcid = 3643, entropy_buf = e3b
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: lac_call: Calling on tunnel 16665
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: control, cid = 0, Ns = 1, Nr = 3
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: control, cid = 0, Ns = 1, Nr = 3
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: handle_avps: handling avp's for tunnel 16665, call 3643
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: message_type_avp: message type 11 (Incoming-Call-Reply)
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: assigned_call_avp: using peer's call 2
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: control_finish: Call established with 172.16.0.1, Local: 3643, Remote: 2, Serial: 1

Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: start_pppd: I'm running:  
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "/usr/sbin/pppd" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "passive" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "-detach" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ":" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "refuse-chap" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "auth" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "require-pap" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "name" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "ac-conn1" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "debug" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "file" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "/etc/ppp/options.l2tpd.client" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "/dev/ttyp0" 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: control, cid = 0, Ns = 2, Nr = 4
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: control, cid = 2, Ns = 2, Nr = 4
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: handle_avps: handling avp's for tunnel 16665, call 3643
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: message_type_avp: message type 16 (Set-Link-Info)
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ignore_avp : Ignoring AVP
Sep  2 00:06:30 linux-vpn-client kernel: PPP generic driver version 2.4.2
Sep  2 00:06:30 linux-vpn-client pppd[5266]: pppd 2.4.4 started by root, uid 0
Sep  2 00:06:30 linux-vpn-client pppd[5266]: using channel 1
Sep  2 00:06:30 linux-vpn-client pppd[5266]: Using interface ppp0
Sep  2 00:06:30 linux-vpn-client pppd[5266]: Connect: ppp0 <--> /dev/ttyp0
Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [LCP ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <magic 0xd14136d1> <pcomp> <accomp>]
Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [LCP ConfReq id=0x1 <asyncmap 0xa0000> <auth pap> <magic 0x21985742> <pcomp> <accomp>]
Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [LCP ConfAck id=0x1 <asyncmap 0xa0000> <auth pap> <magic 0x21985742> <pcomp> <accomp>]
Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [LCP ConfNak id=0x1 <mru 1500>]
Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xd14136d1> <pcomp> <accomp>]
Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0xd14136d1> <pcomp> <accomp>]
Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [LCP EchoReq id=0x0 magic=0xd14136d1]
Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0x1 user="ac-conn1" password=<hidden>]
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: control, cid = 2, Ns = 3, Nr = 4
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: handle_avps: handling avp's for tunnel 16665, call 3643
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: message_type_avp: message type 16 (Set-Link-Info)
Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ignore_avp : Ignoring AVP
Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [LCP EchoRep id=0x0 magic=0x21985742]
Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [proto=0x201] 00 05 00
Sep  2 00:06:30 linux-vpn-client pppd[5266]: discarding proto 0x201 in phase 5
Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 01 00 0a 03 06 ac 10 00 01
Sep  2 00:06:30 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:31 linux-vpn-client pppd[5266]: rcvd [LCP EchoReq id=0x1 magic=0x21985742 d1 41 36 d1]
Sep  2 00:06:31 linux-vpn-client pppd[5266]: sent [LCP EchoRep id=0x1 magic=0xd14136d1 d1 41 36 d1]
Sep  2 00:06:32 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 02 00 0a 03 06 ac 10 00 01
Sep  2 00:06:32 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:33 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0x2 user="ac-conn1" password=<hidden>]
Sep  2 00:06:33 linux-vpn-client pppd[5266]: rcvd [proto=0x202] 00 05 00
Sep  2 00:06:33 linux-vpn-client pppd[5266]: discarding proto 0x202 in phase 5
Sep  2 00:06:34 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 03 00 0a 03 06 ac 10 00 01
Sep  2 00:06:34 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:36 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0x3 user="ac-conn1" password=<hidden>]
Sep  2 00:06:36 linux-vpn-client pppd[5266]: rcvd [proto=0x203] 00 05 00
Sep  2 00:06:36 linux-vpn-client pppd[5266]: discarding proto 0x203 in phase 5
Sep  2 00:06:36 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 04 00 0a 03 06 ac 10 00 01
Sep  2 00:06:36 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:38 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 05 00 0a 03 06 ac 10 00 01
Sep  2 00:06:38 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:39 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0x4 user="ac-conn1" password=<hidden>]
Sep  2 00:06:39 linux-vpn-client pppd[5266]: rcvd [proto=0x204] 00 05 00
Sep  2 00:06:39 linux-vpn-client pppd[5266]: discarding proto 0x204 in phase 5
Sep  2 00:06:40 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 06 00 0a 03 06 ac 10 00 01
Sep  2 00:06:40 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:41 linux-vpn-client pppd[5266]: rcvd [LCP EchoReq id=0x2 magic=0x21985742 d1 41 36 d1]
Sep  2 00:06:41 linux-vpn-client pppd[5266]: sent [LCP EchoRep id=0x2 magic=0xd14136d1 d1 41 36 d1]
Sep  2 00:06:42 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0x5 user="ac-conn1" password=<hidden>]
Sep  2 00:06:42 linux-vpn-client pppd[5266]: rcvd [proto=0x205] 00 05 00
Sep  2 00:06:42 linux-vpn-client pppd[5266]: discarding proto 0x205 in phase 5
Sep  2 00:06:42 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 07 00 0a 03 06 ac 10 00 01
Sep  2 00:06:42 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:44 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 08 00 0a 03 06 ac 10 00 01
Sep  2 00:06:44 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:45 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0x6 user="ac-conn1" password=<hidden>]
Sep  2 00:06:45 linux-vpn-client pppd[5266]: rcvd [proto=0x206] 00 05 00
Sep  2 00:06:45 linux-vpn-client pppd[5266]: discarding proto 0x206 in phase 5
Sep  2 00:06:46 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 09 00 0a 03 06 ac 10 00 01
Sep  2 00:06:46 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:48 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0x7 user="ac-conn1" password=<hidden>]
Sep  2 00:06:48 linux-vpn-client pppd[5266]: rcvd [proto=0x207] 00 05 00
Sep  2 00:06:48 linux-vpn-client pppd[5266]: discarding proto 0x207 in phase 5
Sep  2 00:06:48 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 0a 00 0a 03 06 ac 10 00 01
Sep  2 00:06:48 linux-vpn-client pppd[5266]: discarding proto 0x1 in phase 5
Sep  2 00:06:51 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0x8 user="ac-conn1" password=<hidden>]
Sep  2 00:06:51 linux-vpn-client pppd[5266]: rcvd [proto=0x208] 00 05 00
Sep  2 00:06:51 linux-vpn-client pppd[5266]: discarding proto 0x208 in phase 5
Sep  2 00:06:52 linux-vpn-client pppd[5266]: rcvd [LCP EchoReq id=0x3 magic=0x21985742 d1 41 36 d1]
Sep  2 00:06:52 linux-vpn-client pppd[5266]: sent [LCP EchoRep id=0x3 magic=0xd14136d1 d1 41 36 d1]
Sep  2 00:06:54 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0x9 user="ac-conn1" password=<hidden>]
Sep  2 00:06:54 linux-vpn-client pppd[5266]: rcvd [proto=0x209] 00 05 00
Sep  2 00:06:54 linux-vpn-client pppd[5266]: discarding proto 0x209 in phase 5
Sep  2 00:06:57 linux-vpn-client pppd[5266]: sent [PAP AuthReq id=0xa user="ac-conn1" password=<hidden>]
Sep  2 00:06:57 linux-vpn-client pppd[5266]: rcvd [proto=0x20a] 00 05 00
Sep  2 00:06:57 linux-vpn-client pppd[5266]: discarding proto 0x20a in phase 5
Sep  2 00:07:00 linux-vpn-client pppd[5266]: sent [LCP EchoReq id=0x1 magic=0xd14136d1]
Sep  2 00:07:00 linux-vpn-client pppd[5266]: rcvd [LCP EchoRep id=0x1 magic=0x21985742]
Sep  2 00:07:00 linux-vpn-client pppd[5266]: No response to PAP authenticate-requests
Sep  2 00:07:00 linux-vpn-client pppd[5266]: sent [LCP TermReq id=0x3 "Failed to authenticate ourselves to peer"]
Sep  2 00:07:00 linux-vpn-client pppd[5266]: rcvd [LCP TermAck id=0x3]
Sep  2 00:07:00 linux-vpn-client pppd[5266]: Connection terminated.
Sep  2 00:07:01 linux-vpn-client pppd[5266]: Exit.
Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: child_handler : pppd died for call 2
Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: read_packet: Error 9 (Bad file descriptor)
Sep  2 00:07:01 linux-vpn-client syslog-ng[3107]: last message repeated 10 times
Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: read_packet: Too many errors.  Declaring call dead.
Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: network_thread: tossing read packet, error = Bad file descriptor (9).  Closing call.
Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: call_close: Call 3643 to 172.16.0.1 disconnected
Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: check_control: control, cid = 0, Ns = 4, Nr = 5
Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: check_control: control, cid = 0, Ns = 4, Nr = 5
Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: handle_avps: handling avp's for tunnel 16665, call 0
Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: message_type_avp: message type 4 (Stop-Control-Connection-Notification)
Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: result_code_avp: peer closing for reason 1 (General request to clear control connection), error = 0 ()
Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: assigned_tunnel_avp: using peer's tunnel 38218
Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: control_finish: Peer tried to disconnect with invalid TID (38218 != 16665)
Sep  2 00:07:35 linux-vpn-client l2tpd[4302]: control_xmit: Maximum retries exceeded for tunnel 16665.  Closing.
Sep  2 00:07:35 linux-vpn-client l2tpd[4302]: call_close : Connection 38218 closed to 172.16.0.1, port 1701 (Timeout)
Sep  2 00:07:40 linux-vpn-client l2tpd[4302]: control_xmit: Unable to deliver closing message for tunnel 16665. Destroying anyway.
Sep  2 00:08:02 linux-vpn-client l2tpd[4302]: do_control: Got message d L2TPserver (12 bytes long)
Sep  2 00:08:02 linux-vpn-client l2tpd[4302]: do_control: Session 'L2TPserver' not up


I myself think the client has a problem with the acknowledge of the server because always it says "discarding" to all it receives.

Thanks hennes 

-----Ursprüngliche Nachricht-----
Von: Peter McGill [mailto:petermcgill at goco.net] 
Gesendet: Donnerstag, 18. September 2008 16:26
An: 'Hennes'; users at openswan.org
Betreff: RE: [Openswan Users] Problems with ppp authentication

Hennes,

Generally only the client authenticates with the server,
the server does not authenticate to the client.
The problem your describing sounds to me like your asking
the server to authenticate to your client.

I would suggest:
refuse authentication = no
require authentication = no

Also check that your ppp options file does not ask for auth.
#auth
noauth
#+pap
#-pap
#+chap
#-chap

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Hennes
> Sent: September 18, 2008 10:02 AM
> To: users at openswan.org
> Subject: [Openswan Users] Problems with ppp authentication
> 
> Hi at all!
> 
>  
> 
> I have the following problem:
> 
>  
> 
> I try to connect my linux client (centos 5.2; openswan 
> 2.6.16; xl2tpd 1.1.12) to a cisco 2811 router.
> 
>  
> 
> And the client wants the server to authenticate itself, so I 
> tried to handle this with the option refuse/require authentication.
> 
> Because the cisco specialists also told me to try this, 
> because they think their configuration is correct, maybe or 
> maybe not. 
> 
> So I have to change my config, but it doesn't work at all. 
> 
>  
> 
> output: refuse authentication = no
> 
>  
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Connecting to host 
> 172.16.0.1, port 1701 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Connection established 
> to 172.16.0.1, 1701.  Local: 59623, Remote: 5931 (ref=0/0). 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Calling on tunnel 59623 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Call established with 
> 172.16.0.1, Local: 23024, Remote: 9, Serial: 2 (ref=0/0) 
> 
> Sep 17 19:49:34 ac-conn1 pppd[5779]: pppd 2.4.4 started by root, uid 0
> 
> Sep 17 19:49:34 ac-conn1 pppd[5779]: Using interface ppp0
> 
> Sep 17 19:49:34 ac-conn1 pppd[5779]: Connect: ppp0 <--> /dev/pts/6
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: handle_avps:  dont 
> know how to handle atribute 46. 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: handle_avps:  dont 
> know how to handle atribute 104. 
> 
> Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: control_finish: 
> Connection closed to 172.16.0.1, serial 2 (Locally generated 
> disconnect) 
> 
> Sep 17 19:49:44 ac-conn1 xl2tpd[5679]: control_finish: 
> Connection closed to 172.16.0.1, port 1701 (), Local: 59623, 
> Remote: 5931 
> 
>  
> 
> output: refuse authentication = yes or require authentication = yes/no
> 
>  
> 
> Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Connecting to host 
> 172.16.0.1, port 1701 
> 
> Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Connection established 
> to 172.16.0.1, 1701.  Local: 27322, Remote: 33910 (ref=0/0). 
> 
> Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Calling on tunnel 27322 
> 
> Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Call established with 
> 172.16.0.1, Local: 10145, Remote: 10, Serial: 1 (ref=0/0) 
> 
> Sep 17 20:02:33 ac-conn1 kernel: CSLIP: code copyright 1989 
> Regents of the University of California
> 
> Sep 17 20:02:33 ac-conn1 kernel: PPP generic driver version 2.4.2
> 
> Sep 17 20:02:33 ac-conn1 pppd[5732]: pppd 2.4.4 started by root, uid 0
> 
> Sep 17 20:02:33 ac-conn1 pppd[5732]: Using interface ppp0
> 
> Sep 17 20:02:33 ac-conn1 pppd[5732]: Connect: ppp0 <--> /dev/pts/2
> 
> Sep 17 20:03:03 ac-conn1 pppd[5732]: No response to PAP 
> authenticate-requests
> 
> Sep 17 20:03:03 ac-conn1 pppd[5732]: Connection terminated.
> 
> Sep 17 20:03:03 ac-conn1 pppd[5732]: Exit.
> 
> Sep 17 20:03:03 ac-conn1 xl2tpd[5687]: call_close: Call 10145 
> to 172.16.0.1 disconnected 
> 
> Sep 17 20:03:13 ac-conn1 xl2tpd[5687]: control_finish: 
> Connection closed to 172.16.0.1, port 1701 (), Local: 27322, 
> Remote: 33910 
> 
>  
> 
>  
> 
> And the cisco debug:
> 
>  
> 
> refuse authentication = no
> 
>  
> 
> *Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Using vpn set call direction
> 
> *Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Treating connection 
> as a callin
> 
> *Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Session 
> handle[F5000009] Session id[7]
> 
> *Sep 17 2008 22:04:44.819 MEST: ppp7 PPP: Authorization required
> 
>  
> 
>  
> 
> refuse authentication = yes or require authentication = yes/no
> 
>  
> 
> *Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Using vpn set call direction
> 
> *Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Treating connection 
> as a callin
> 
> *Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Session 
> handle[1800000B] Session id[9]
> 
> *Sep 17 2008 22:21:38.803 MEST: ppp9 PPP: Authorization required
> 
> *Sep 17 2008 22:21:38.811 MEST: ppp9 PAP: I AUTH-REQ id 1 len 
> 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:38.811 MEST: ppp9 PAP: Authenticating peer ac-conn1
> 
> *Sep 17 2008 22:21:38.811 MEST: ppp9 PPP: Sent PAP LOGIN Request
> 
> *Sep 17 2008 22:21:38.811 MEST: ppp9 PPP: Received LOGIN Response PASS
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 PPP: Sent LCP AUTHOR Request
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 PPP: Sent IPCP AUTHOR Request
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 LCP: Received AAA 
> AUTHOR Response PASS
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 IPCP: Received AAA 
> AUTHOR Response PASS
> 
> *Sep 17 2008 22:21:38.819 MEST: Vi2.1 PAP: O AUTH-ACK id 1 len 5
> 
> *Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: I AUTH-REQ id 2 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: O AUTH-ACK id 2 len 5
> 
> *Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: I AUTH-REQ id 3 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: O AUTH-ACK id 3 len 5
> 
> *Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: I AUTH-REQ id 4 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: I AUTH-REQ id 5 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: O AUTH-ACK id 5 len 5
> 
> *Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: I AUTH-REQ id 6 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: O AUTH-ACK id 6 len 5
> 
> *Sep 17 2008 22:21:56.811 MEST: Vi2.1 PAP: I AUTH-REQ id 7 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:56.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:56.815 MEST: Vi2.1 PAP: O AUTH-ACK id 7 len 5
> 
> *Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: I AUTH-REQ id 8 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: O AUTH-ACK id 8 len 5
> 
> *Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: I AUTH-REQ id 9 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: O AUTH-ACK id 9 len 5
> 
> *Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: I AUTH-REQ id 10 
> len 19 from "ac-conn1"
> 
> *Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: Resending Auth-Ack
> 
> *Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: O AUTH-ACK id 10 len 5
> 
>  
> 
> Maybe someone has an answer why it doesn't work, or why the 
> pppd doesn't match with the acknowledge.
> 
>  
> 
> Thanks Hennes
> 
>  
> 
> 



More information about the Users mailing list