[Openswan Users] Problems with ppp authentication

Peter McGill petermcgill at goco.net
Thu Sep 18 16:14:03 EDT 2008


Hennes,

There is a tutorial for Linux IPSec/L2TP client here:
http://www.jacco2.dds.nl/networking/linux-l2tp.html

It looks like you got two lines backwards in meaning,
should be:

[lac L2TPserver]
lns = 172.16.0.1
require chap = yes
refuse pap = yes
require authentication = yes


Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: Hennes [mailto:hennes_666 at gmx.net] 
> Sent: September 18, 2008 3:56 PM
> To: petermcgill at goco.net
> Cc: users at openswan.org
> Subject: AW: [Openswan Users] Problems with ppp authentication
> 
> This is my conf 
> 
> 
> /etc/ppp/options.l2tpd.client 
> 
> ipcp-accept-local
> ipcp-accept-remote
> refuse-eap
> noccp
> noauth
> crtscts
> idle 1800
> mtu 1410
> mru 1410
> nodefaultroute
> debug
> lock
> connect-delay 5000
> 
> 
> /etc/xl2tpd/xl2tpd.conf
> 
> [global]
> ; listen-addr = 192.168.1.98
> ;
> ; requires openswan-3.1 or higher
> ; ipsec saref = yes
> ;
> ; debug tunnel = yes
> 
> [lns default]
> ip range = 192.168.1.128-192.168.1.254
> local ip = 192.168.1.99
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = LinuxVPNserver
> ppp debug = yes
> pppoptfile = /etc/ppp/options.xl2tpd
> length bit = yes
> 
> ; Connect as a client to a server at 123.123.123.123
> 
> [lac L2TPserver]
> lns = 172.16.0.1
> refuse chap = yes
> require pap = yes
> ;require authentication = yes
> ; Name should be the same as the username in the PPP authentication!
> name = ac-conn1
> ppp debug = yes
> pppoptfile = /etc/ppp/options.l2tpd.client
> length bit = yes
> 
> 
> and the messages when I try to connect
> 
> /var/log/secure
> 
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> initiating Main Mode
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> STATE_MAIN_I2: sent MI2, expecting MR2
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> received Vendor ID payload [Cisco-Unity]
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> received Vendor ID payload [Dead Peer Detection]
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> ignoring unknown Vendor ID payload [2b567366900e67107e0d6704cdde4cf7]
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> received Vendor ID payload [XAUTH]
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: I am 
> sending my cert
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: I am 
> sending a certificate request
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> STATE_MAIN_I3: sent MI3, expecting MR3
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: Main 
> mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=gematik AG 5, 
> CN=anwasa.gematik.de, S=Konzentrator, G=VPN, SN=00004'
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG 
> cipher=aes_256 prf=oakley_sha group=modp1536}
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> alloc_bytes1() was mistakenly asked to malloc 0 bytes for 
> st_skey_ar in duplicate_state, please report to dev at openswan.org
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> alloc_bytes1() was mistakenly asked to malloc 0 bytes for 
> st_skey_er in duplicate_state, please report to dev at openswan.org
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> alloc_bytes1() was mistakenly asked to malloc 0 bytes for 
> st_skey_pi in duplicate_state, please report to dev at openswan.org
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #5: 
> alloc_bytes1() was mistakenly asked to malloc 0 bytes for 
> st_skey_pr in duplicate_state, please report to dev at openswan.org
> Sep 15 18:49:23 ac-conn1 pluto[4871]: "l2tp-cert" #6: 
> initiating Quick Mode 
> RSASIG+ENCRYPT+PFS+DONTREKEY+UP+IKEv2ALLOW {using isakmp#5 
> msgid:e6b45c2c proposal=AES(12)_256-SHA1(2)_160 
> pfsgroup=OAKLEY_GROUP_MODP1536}
> Sep 15 18:49:24 ac-conn1 pluto[4871]: "l2tp-cert" #6: 
> ignoring informational payload, type IPSEC_RESPONDER_LIFETIME 
> msgid=e6b45c2c
> Sep 15 18:49:24 ac-conn1 pluto[4871]: "l2tp-cert" #6: 
> transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
> Sep 15 18:49:24 ac-conn1 pluto[4871]: "l2tp-cert" #6: 
> STATE_QUICK_I2: sent QI2, IPsec SA established transport mode 
> {ESP=>0xca04bc5a <0x6e17c06c xfrm=AES_256-HMAC_SHA1 
> NATOA=none NATD=none DPD=none}
> 
> /var/log/messages
> 
> Sep 15 18:49:19 ac-conn1 xl2tpd[5928]: init_network: Unable 
> to bind socket: Address already in use. Terminating. 
> Sep 15 18:49:29 ac-conn1 xl2tpd[5671]: Connecting to host 
> 172.16.0.1, port 1701 
> Sep 15 18:49:29 ac-conn1 xl2tpd[5671]: Connection established 
> to 172.16.0.1, 1701.  Local: 55315, Remote: 2115 (ref=0/0). 
> Sep 15 18:49:29 ac-conn1 xl2tpd[5671]: Calling on tunnel 55315 
> Sep 15 18:49:29 ac-conn1 xl2tpd[5671]: Call established with 
> 172.16.0.1, Local: 17930, Remote: 3, Serial: 2 (ref=0/0) 
> Sep 15 18:49:29 ac-conn1 pppd[5941]: pppd 2.4.4 started by root, uid 0
> Sep 15 18:49:29 ac-conn1 pppd[5941]: Using interface ppp0
> Sep 15 18:49:29 ac-conn1 pppd[5941]: Connect: ppp0 <--> /dev/pts/4
> Sep 15 18:49:59 ac-conn1 pppd[5941]: No response to PAP 
> authenticate-requests
> Sep 15 18:49:59 ac-conn1 pppd[5941]: Connection terminated.
> Sep 15 18:49:59 ac-conn1 pppd[5941]: Exit.
> Sep 15 18:49:59 ac-conn1 xl2tpd[5671]: call_close: Call 17930 
> to 172.16.0.1 disconnected 
> Sep 15 18:50:09 ac-conn1 xl2tpd[5671]: control_finish: 
> Connection closed to 172.16.0.1, port 1701 (), Local: 55315, 
> Remote: 2115
> 
> 
> 
> I don't really know what's the problem and I think it’s a 
> problem of the remote side because earlier I selected 
> OpenSUSE 11, l2tpd 0.69, and openswan 2.4.7 and got these messages 
> 
> 
> 
> Sep  2 00:04:22 linux-vpn-client pluto[4265]:   loaded host 
> cert file '/etc/ipsec.d/certs/usercrt.pem' (1858 bytes)
> Sep  2 00:04:22 linux-vpn-client pluto[4265]: added 
> connection description "l2tp-cert"
> 
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> initiating Main Mode
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> STATE_MAIN_I2: sent MI2, expecting MR2
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> ignoring Vendor ID payload [Cisco-Unity]
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> received Vendor ID payload [Dead Peer Detection]
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> ignoring unknown Vendor ID payload [74154bed40f1d162d45b946bc29def3b]
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> ignoring Vendor ID payload [XAUTH]
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> I am sending my cert
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> I am sending a certificate request
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> Sep  2 00:04:23 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> STATE_MAIN_I3: sent MI3, expecting MR3
> Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=gematik AG 5, 
> CN=anwasa.gematik.de, S=Konzentrator, G=VPN, SN=00004'
> Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
> Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #1: 
> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG 
> cipher=aes_256 prf=oakley_sha group=modp1536}
> 
> Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #2: 
> initiating Quick Mode RSASIG+ENCRYPT+PFS+UP {using isakmp#1}
> Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #2: 
> ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
> Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #2: 
> transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
> Sep  2 00:04:24 linux-vpn-client pluto[4265]: "l2tp-cert" #2: 
> STATE_QUICK_I2: sent QI2, IPsec SA established 
> {ESP=>0x8df4d3af <0x173d7427 xfrm=AES_256-HMAC_SHA1 NATD=none 
> DPD=none}
> 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: do_control: Got 
> message c L2TPserver (12 bytes long)
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ourtid = 16665, 
> entropy_buf = 4119
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> l2tp_call:Connecting to host 172.16.0.1, port 1701
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: 
> control, cid = 0, Ns = 0, Nr = 1
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: handle_avps: 
> handling avp's for tunnel 16665, call 0
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> message_type_avp: message type 2 (Start-Control-Connection-Reply)
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> protocol_version_avp: peer is using version 1, revision 0.
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> firmware_rev_avp: peer reports firmware version 4384 (0x1120)
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: hostname_avp: 
> peer reports hostname 'vpn_gw'
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: vendor_avp: 
> peer reports vendor 'Cisco Systems, Inc. #'
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> receive_window_size_avp: peer wants RWS of 1024.  Will use 
> flow control.
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> assigned_tunnel_avp: using peer's tunnel 38218
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> framing_caps_avp: supported peer frames:
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> bearer_caps_avp: supported peer bearers:
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: control_finish: 
> Connection established to 172.16.0.1, 1701.  Local: 16665, 
> Remote: 38218.
> 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ourcid = 3643, 
> entropy_buf = e3b
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: lac_call: 
> Calling on tunnel 16665
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: 
> control, cid = 0, Ns = 1, Nr = 3
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: 
> control, cid = 0, Ns = 1, Nr = 3
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: handle_avps: 
> handling avp's for tunnel 16665, call 3643
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> message_type_avp: message type 11 (Incoming-Call-Reply)
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> assigned_call_avp: using peer's call 2
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: control_finish: 
> Call established with 172.16.0.1, Local: 3643, Remote: 2, Serial: 1
> 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: start_pppd: I'm 
> running:  
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "/usr/sbin/pppd" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "passive" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "-detach" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ":" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "refuse-chap" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "auth" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "require-pap" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "name" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "ac-conn1" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "debug" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "file" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> "/etc/ppp/options.l2tpd.client" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: "/dev/ttyp0" 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: 
> control, cid = 0, Ns = 2, Nr = 4
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: 
> control, cid = 2, Ns = 2, Nr = 4
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: handle_avps: 
> handling avp's for tunnel 16665, call 3643
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> message_type_avp: message type 16 (Set-Link-Info)
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ignore_avp : 
> Ignoring AVP
> Sep  2 00:06:30 linux-vpn-client kernel: PPP generic driver 
> version 2.4.2
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: pppd 2.4.4 
> started by root, uid 0
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: using channel 1
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: Using interface ppp0
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: Connect: ppp0 
> <--> /dev/ttyp0
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [LCP 
> ConfReq id=0x1 <mru 1410> <asyncmap 0x0> <magic 0xd14136d1> 
> <pcomp> <accomp>]
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [LCP 
> ConfReq id=0x1 <asyncmap 0xa0000> <auth pap> <magic 
> 0x21985742> <pcomp> <accomp>]
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [LCP 
> ConfAck id=0x1 <asyncmap 0xa0000> <auth pap> <magic 
> 0x21985742> <pcomp> <accomp>]
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [LCP 
> ConfNak id=0x1 <mru 1500>]
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [LCP 
> ConfReq id=0x2 <asyncmap 0x0> <magic 0xd14136d1> <pcomp> <accomp>]
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [LCP 
> ConfAck id=0x2 <asyncmap 0x0> <magic 0xd14136d1> <pcomp> <accomp>]
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [LCP 
> EchoReq id=0x0 magic=0xd14136d1]
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0x1 user="ac-conn1" password=<hidden>]
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: check_control: 
> control, cid = 2, Ns = 3, Nr = 4
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: handle_avps: 
> handling avp's for tunnel 16665, call 3643
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: 
> message_type_avp: message type 16 (Set-Link-Info)
> Sep  2 00:06:30 linux-vpn-client l2tpd[4302]: ignore_avp : 
> Ignoring AVP
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [LCP 
> EchoRep id=0x0 magic=0x21985742]
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x201] 00 05 00
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: discarding proto 
> 0x201 in phase 5
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 01 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:30 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:31 linux-vpn-client pppd[5266]: rcvd [LCP 
> EchoReq id=0x1 magic=0x21985742 d1 41 36 d1]
> Sep  2 00:06:31 linux-vpn-client pppd[5266]: sent [LCP 
> EchoRep id=0x1 magic=0xd14136d1 d1 41 36 d1]
> Sep  2 00:06:32 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 02 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:32 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:33 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0x2 user="ac-conn1" password=<hidden>]
> Sep  2 00:06:33 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x202] 00 05 00
> Sep  2 00:06:33 linux-vpn-client pppd[5266]: discarding proto 
> 0x202 in phase 5
> Sep  2 00:06:34 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 03 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:34 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:36 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0x3 user="ac-conn1" password=<hidden>]
> Sep  2 00:06:36 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x203] 00 05 00
> Sep  2 00:06:36 linux-vpn-client pppd[5266]: discarding proto 
> 0x203 in phase 5
> Sep  2 00:06:36 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 04 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:36 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:38 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 05 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:38 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:39 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0x4 user="ac-conn1" password=<hidden>]
> Sep  2 00:06:39 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x204] 00 05 00
> Sep  2 00:06:39 linux-vpn-client pppd[5266]: discarding proto 
> 0x204 in phase 5
> Sep  2 00:06:40 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 06 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:40 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:41 linux-vpn-client pppd[5266]: rcvd [LCP 
> EchoReq id=0x2 magic=0x21985742 d1 41 36 d1]
> Sep  2 00:06:41 linux-vpn-client pppd[5266]: sent [LCP 
> EchoRep id=0x2 magic=0xd14136d1 d1 41 36 d1]
> Sep  2 00:06:42 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0x5 user="ac-conn1" password=<hidden>]
> Sep  2 00:06:42 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x205] 00 05 00
> Sep  2 00:06:42 linux-vpn-client pppd[5266]: discarding proto 
> 0x205 in phase 5
> Sep  2 00:06:42 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 07 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:42 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:44 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 08 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:44 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:45 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0x6 user="ac-conn1" password=<hidden>]
> Sep  2 00:06:45 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x206] 00 05 00
> Sep  2 00:06:45 linux-vpn-client pppd[5266]: discarding proto 
> 0x206 in phase 5
> Sep  2 00:06:46 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 09 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:46 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:48 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0x7 user="ac-conn1" password=<hidden>]
> Sep  2 00:06:48 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x207] 00 05 00
> Sep  2 00:06:48 linux-vpn-client pppd[5266]: discarding proto 
> 0x207 in phase 5
> Sep  2 00:06:48 linux-vpn-client pppd[5266]: rcvd [proto=0x1] 
> 0a 00 0a 03 06 ac 10 00 01
> Sep  2 00:06:48 linux-vpn-client pppd[5266]: discarding proto 
> 0x1 in phase 5
> Sep  2 00:06:51 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0x8 user="ac-conn1" password=<hidden>]
> Sep  2 00:06:51 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x208] 00 05 00
> Sep  2 00:06:51 linux-vpn-client pppd[5266]: discarding proto 
> 0x208 in phase 5
> Sep  2 00:06:52 linux-vpn-client pppd[5266]: rcvd [LCP 
> EchoReq id=0x3 magic=0x21985742 d1 41 36 d1]
> Sep  2 00:06:52 linux-vpn-client pppd[5266]: sent [LCP 
> EchoRep id=0x3 magic=0xd14136d1 d1 41 36 d1]
> Sep  2 00:06:54 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0x9 user="ac-conn1" password=<hidden>]
> Sep  2 00:06:54 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x209] 00 05 00
> Sep  2 00:06:54 linux-vpn-client pppd[5266]: discarding proto 
> 0x209 in phase 5
> Sep  2 00:06:57 linux-vpn-client pppd[5266]: sent [PAP 
> AuthReq id=0xa user="ac-conn1" password=<hidden>]
> Sep  2 00:06:57 linux-vpn-client pppd[5266]: rcvd 
> [proto=0x20a] 00 05 00
> Sep  2 00:06:57 linux-vpn-client pppd[5266]: discarding proto 
> 0x20a in phase 5
> Sep  2 00:07:00 linux-vpn-client pppd[5266]: sent [LCP 
> EchoReq id=0x1 magic=0xd14136d1]
> Sep  2 00:07:00 linux-vpn-client pppd[5266]: rcvd [LCP 
> EchoRep id=0x1 magic=0x21985742]
> Sep  2 00:07:00 linux-vpn-client pppd[5266]: No response to 
> PAP authenticate-requests
> Sep  2 00:07:00 linux-vpn-client pppd[5266]: sent [LCP 
> TermReq id=0x3 "Failed to authenticate ourselves to peer"]
> Sep  2 00:07:00 linux-vpn-client pppd[5266]: rcvd [LCP TermAck id=0x3]
> Sep  2 00:07:00 linux-vpn-client pppd[5266]: Connection terminated.
> Sep  2 00:07:01 linux-vpn-client pppd[5266]: Exit.
> Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: child_handler : 
> pppd died for call 2
> Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: read_packet: 
> Error 9 (Bad file descriptor)
> Sep  2 00:07:01 linux-vpn-client syslog-ng[3107]: last 
> message repeated 10 times
> Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: read_packet: 
> Too many errors.  Declaring call dead.
> Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: network_thread: 
> tossing read packet, error = Bad file descriptor (9).  Closing call.
> Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: call_close: 
> Call 3643 to 172.16.0.1 disconnected
> Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: check_control: 
> control, cid = 0, Ns = 4, Nr = 5
> Sep  2 00:07:01 linux-vpn-client l2tpd[4302]: check_control: 
> control, cid = 0, Ns = 4, Nr = 5
> Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: handle_avps: 
> handling avp's for tunnel 16665, call 0
> Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: 
> message_type_avp: message type 4 
> (Stop-Control-Connection-Notification)
> Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: 
> result_code_avp: peer closing for reason 1 (General request 
> to clear control connection), error = 0 ()
> Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: 
> assigned_tunnel_avp: using peer's tunnel 38218
> Sep  2 00:07:11 linux-vpn-client l2tpd[4302]: control_finish: 
> Peer tried to disconnect with invalid TID (38218 != 16665)
> Sep  2 00:07:35 linux-vpn-client l2tpd[4302]: control_xmit: 
> Maximum retries exceeded for tunnel 16665.  Closing.
> Sep  2 00:07:35 linux-vpn-client l2tpd[4302]: call_close : 
> Connection 38218 closed to 172.16.0.1, port 1701 (Timeout)
> Sep  2 00:07:40 linux-vpn-client l2tpd[4302]: control_xmit: 
> Unable to deliver closing message for tunnel 16665. Destroying anyway.
> Sep  2 00:08:02 linux-vpn-client l2tpd[4302]: do_control: Got 
> message d L2TPserver (12 bytes long)
> Sep  2 00:08:02 linux-vpn-client l2tpd[4302]: do_control: 
> Session 'L2TPserver' not up
> 
> 
> I myself think the client has a problem with the acknowledge 
> of the server because always it says "discarding" to all it receives.
> 
> Thanks hennes 
> 
> -----Ursprüngliche Nachricht-----
> Von: Peter McGill [mailto:petermcgill at goco.net] 
> Gesendet: Donnerstag, 18. September 2008 16:26
> An: 'Hennes'; users at openswan.org
> Betreff: RE: [Openswan Users] Problems with ppp authentication
> 
> Hennes,
> 
> Generally only the client authenticates with the server,
> the server does not authenticate to the client.
> The problem your describing sounds to me like your asking
> the server to authenticate to your client.
> 
> I would suggest:
> refuse authentication = no
> require authentication = no
> 
> Also check that your ppp options file does not ask for auth.
> #auth
> noauth
> #+pap
> #-pap
> #+chap
> #-chap
> 
> Peter McGill
> IT Systems Analyst
> Gra Ham Energy Limited 
> 
> > -----Original Message-----
> > From: users-bounces at openswan.org 
> > [mailto:users-bounces at openswan.org] On Behalf Of Hennes
> > Sent: September 18, 2008 10:02 AM
> > To: users at openswan.org
> > Subject: [Openswan Users] Problems with ppp authentication
> > 
> > Hi at all!
> > 
> >  
> > 
> > I have the following problem:
> > 
> >  
> > 
> > I try to connect my linux client (centos 5.2; openswan 
> > 2.6.16; xl2tpd 1.1.12) to a cisco 2811 router.
> > 
> >  
> > 
> > And the client wants the server to authenticate itself, so I 
> > tried to handle this with the option refuse/require authentication.
> > 
> > Because the cisco specialists also told me to try this, 
> > because they think their configuration is correct, maybe or 
> > maybe not. 
> > 
> > So I have to change my config, but it doesn't work at all. 
> > 
> >  
> > 
> > output: refuse authentication = no
> > 
> >  
> > 
> > Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Connecting to host 
> > 172.16.0.1, port 1701 
> > 
> > Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Connection established 
> > to 172.16.0.1, 1701.  Local: 59623, Remote: 5931 (ref=0/0). 
> > 
> > Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Calling on tunnel 59623 
> > 
> > Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Call established with 
> > 172.16.0.1, Local: 23024, Remote: 9, Serial: 2 (ref=0/0) 
> > 
> > Sep 17 19:49:34 ac-conn1 pppd[5779]: pppd 2.4.4 started by 
> root, uid 0
> > 
> > Sep 17 19:49:34 ac-conn1 pppd[5779]: Using interface ppp0
> > 
> > Sep 17 19:49:34 ac-conn1 pppd[5779]: Connect: ppp0 <--> /dev/pts/6
> > 
> > Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: handle_avps:  dont 
> > know how to handle atribute 46. 
> > 
> > Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: handle_avps:  dont 
> > know how to handle atribute 104. 
> > 
> > Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: control_finish: 
> > Connection closed to 172.16.0.1, serial 2 (Locally generated 
> > disconnect) 
> > 
> > Sep 17 19:49:44 ac-conn1 xl2tpd[5679]: control_finish: 
> > Connection closed to 172.16.0.1, port 1701 (), Local: 59623, 
> > Remote: 5931 
> > 
> >  
> > 
> > output: refuse authentication = yes or require 
> authentication = yes/no
> > 
> >  
> > 
> > Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Connecting to host 
> > 172.16.0.1, port 1701 
> > 
> > Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Connection established 
> > to 172.16.0.1, 1701.  Local: 27322, Remote: 33910 (ref=0/0). 
> > 
> > Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Calling on tunnel 27322 
> > 
> > Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Call established with 
> > 172.16.0.1, Local: 10145, Remote: 10, Serial: 1 (ref=0/0) 
> > 
> > Sep 17 20:02:33 ac-conn1 kernel: CSLIP: code copyright 1989 
> > Regents of the University of California
> > 
> > Sep 17 20:02:33 ac-conn1 kernel: PPP generic driver version 2.4.2
> > 
> > Sep 17 20:02:33 ac-conn1 pppd[5732]: pppd 2.4.4 started by 
> root, uid 0
> > 
> > Sep 17 20:02:33 ac-conn1 pppd[5732]: Using interface ppp0
> > 
> > Sep 17 20:02:33 ac-conn1 pppd[5732]: Connect: ppp0 <--> /dev/pts/2
> > 
> > Sep 17 20:03:03 ac-conn1 pppd[5732]: No response to PAP 
> > authenticate-requests
> > 
> > Sep 17 20:03:03 ac-conn1 pppd[5732]: Connection terminated.
> > 
> > Sep 17 20:03:03 ac-conn1 pppd[5732]: Exit.
> > 
> > Sep 17 20:03:03 ac-conn1 xl2tpd[5687]: call_close: Call 10145 
> > to 172.16.0.1 disconnected 
> > 
> > Sep 17 20:03:13 ac-conn1 xl2tpd[5687]: control_finish: 
> > Connection closed to 172.16.0.1, port 1701 (), Local: 27322, 
> > Remote: 33910 
> > 
> >  
> > 
> >  
> > 
> > And the cisco debug:
> > 
> >  
> > 
> > refuse authentication = no
> > 
> >  
> > 
> > *Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Using vpn set 
> call direction
> > 
> > *Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Treating connection 
> > as a callin
> > 
> > *Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Session 
> > handle[F5000009] Session id[7]
> > 
> > *Sep 17 2008 22:04:44.819 MEST: ppp7 PPP: Authorization required
> > 
> >  
> > 
> >  
> > 
> > refuse authentication = yes or require authentication = yes/no
> > 
> >  
> > 
> > *Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Using vpn set 
> call direction
> > 
> > *Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Treating connection 
> > as a callin
> > 
> > *Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Session 
> > handle[1800000B] Session id[9]
> > 
> > *Sep 17 2008 22:21:38.803 MEST: ppp9 PPP: Authorization required
> > 
> > *Sep 17 2008 22:21:38.811 MEST: ppp9 PAP: I AUTH-REQ id 1 len 
> > 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:21:38.811 MEST: ppp9 PAP: Authenticating 
> peer ac-conn1
> > 
> > *Sep 17 2008 22:21:38.811 MEST: ppp9 PPP: Sent PAP LOGIN Request
> > 
> > *Sep 17 2008 22:21:38.811 MEST: ppp9 PPP: Received LOGIN 
> Response PASS
> > 
> > *Sep 17 2008 22:21:38.819 MEST: Vi2.1 PPP: Sent LCP AUTHOR Request
> > 
> > *Sep 17 2008 22:21:38.819 MEST: Vi2.1 PPP: Sent IPCP AUTHOR Request
> > 
> > *Sep 17 2008 22:21:38.819 MEST: Vi2.1 LCP: Received AAA 
> > AUTHOR Response PASS
> > 
> > *Sep 17 2008 22:21:38.819 MEST: Vi2.1 IPCP: Received AAA 
> > AUTHOR Response PASS
> > 
> > *Sep 17 2008 22:21:38.819 MEST: Vi2.1 PAP: O AUTH-ACK id 1 len 5
> > 
> > *Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: I AUTH-REQ id 2 
> > len 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: O AUTH-ACK id 2 len 5
> > 
> > *Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: I AUTH-REQ id 3 
> > len 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: O AUTH-ACK id 3 len 5
> > 
> > *Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: I AUTH-REQ id 4 
> > len 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: I AUTH-REQ id 5 
> > len 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: O AUTH-ACK id 5 len 5
> > 
> > *Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: I AUTH-REQ id 6 
> > len 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: O AUTH-ACK id 6 len 5
> > 
> > *Sep 17 2008 22:21:56.811 MEST: Vi2.1 PAP: I AUTH-REQ id 7 
> > len 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:21:56.811 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:21:56.815 MEST: Vi2.1 PAP: O AUTH-ACK id 7 len 5
> > 
> > *Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: I AUTH-REQ id 8 
> > len 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: O AUTH-ACK id 8 len 5
> > 
> > *Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: I AUTH-REQ id 9 
> > len 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: O AUTH-ACK id 9 len 5
> > 
> > *Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: I AUTH-REQ id 10 
> > len 19 from "ac-conn1"
> > 
> > *Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: Resending Auth-Ack
> > 
> > *Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: O AUTH-ACK id 10 len 5
> > 
> >  
> > 
> > Maybe someone has an answer why it doesn't work, or why the 
> > pppd doesn't match with the acknowledge.
> > 
> >  
> > 
> > Thanks Hennes
> > 
> >  
> > 
> > 
> 



More information about the Users mailing list