[Openswan Users] Problems with ppp authentication

Simon Hensgens simon.hensgens at web.de
Thu Sep 18 09:25:20 EDT 2008 

Hi at all!

 

I have the following problem:

 

I try to connect my linux client (centos 5.2; openswan 2.6.16; xl2tpd
1.1.12) to a cisco 2811 router.

 

And the client wants the server to authenticate itself, so I tried to handle
this with the option refuse/require authentication.

Because the cisco specialists also told me to try this, because they think
their configuration is correct, maybe or maybe not. 

So I have to change my config, but it doesn't work at all. 

 

output: refuse authentication = no

 

Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Connecting to host 172.16.0.1, port
1701 

Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Connection established to 172.16.0.1,
1701.  Local: 59623, Remote: 5931 (ref=0/0). 

Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Calling on tunnel 59623 

Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: Call established with 172.16.0.1,
Local: 23024, Remote: 9, Serial: 2 (ref=0/0) 

Sep 17 19:49:34 ac-conn1 pppd[5779]: pppd 2.4.4 started by root, uid 0

Sep 17 19:49:34 ac-conn1 pppd[5779]: Using interface ppp0

Sep 17 19:49:34 ac-conn1 pppd[5779]: Connect: ppp0 <--> /dev/pts/6

Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: handle_avps:  dont know how to handle
atribute 46. 

Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: handle_avps:  dont know how to handle
atribute 104. 

Sep 17 19:49:34 ac-conn1 xl2tpd[5679]: control_finish: Connection closed to
172.16.0.1, serial 2 (Locally generated disconnect) 

Sep 17 19:49:44 ac-conn1 xl2tpd[5679]: control_finish: Connection closed to
172.16.0.1, port 1701 (), Local: 59623, Remote: 5931 

 

output: refuse authentication = yes or require authentication = yes/no

 

Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Connecting to host 172.16.0.1, port
1701 

Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Connection established to 172.16.0.1,
1701.  Local: 27322, Remote: 33910 (ref=0/0). 

Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Calling on tunnel 27322 

Sep 17 20:02:33 ac-conn1 xl2tpd[5687]: Call established with 172.16.0.1,
Local: 10145, Remote: 10, Serial: 1 (ref=0/0) 

Sep 17 20:02:33 ac-conn1 kernel: CSLIP: code copyright 1989 Regents of the
University of California

Sep 17 20:02:33 ac-conn1 kernel: PPP generic driver version 2.4.2

Sep 17 20:02:33 ac-conn1 pppd[5732]: pppd 2.4.4 started by root, uid 0

Sep 17 20:02:33 ac-conn1 pppd[5732]: Using interface ppp0

Sep 17 20:02:33 ac-conn1 pppd[5732]: Connect: ppp0 <--> /dev/pts/2

Sep 17 20:03:03 ac-conn1 pppd[5732]: No response to PAP
authenticate-requests

Sep 17 20:03:03 ac-conn1 pppd[5732]: Connection terminated.

Sep 17 20:03:03 ac-conn1 pppd[5732]: Exit.

Sep 17 20:03:03 ac-conn1 xl2tpd[5687]: call_close: Call 10145 to 172.16.0.1
disconnected 

Sep 17 20:03:13 ac-conn1 xl2tpd[5687]: control_finish: Connection closed to
172.16.0.1, port 1701 (), Local: 27322, Remote: 33910 

 

 

And the cisco debug:

 

refuse authentication = no

 

*Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Using vpn set call direction

*Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Treating connection as a callin

*Sep 17 2008 22:04:44.555 MEST: ppp7 PPP: Session handle[F5000009] Session
id[7]

*Sep 17 2008 22:04:44.819 MEST: ppp7 PPP: Authorization required

 

 

refuse authentication = yes or require authentication = yes/no

 

*Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Using vpn set call direction

*Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Treating connection as a callin

*Sep 17 2008 22:21:38.527 MEST: ppp9 PPP: Session handle[1800000B] Session
id[9]

*Sep 17 2008 22:21:38.803 MEST: ppp9 PPP: Authorization required

*Sep 17 2008 22:21:38.811 MEST: ppp9 PAP: I AUTH-REQ id 1 len 19 from
"ac-conn1"

*Sep 17 2008 22:21:38.811 MEST: ppp9 PAP: Authenticating peer ac-conn1

*Sep 17 2008 22:21:38.811 MEST: ppp9 PPP: Sent PAP LOGIN Request

*Sep 17 2008 22:21:38.811 MEST: ppp9 PPP: Received LOGIN Response PASS

*Sep 17 2008 22:21:38.819 MEST: Vi2.1 PPP: Sent LCP AUTHOR Request

*Sep 17 2008 22:21:38.819 MEST: Vi2.1 PPP: Sent IPCP AUTHOR Request

*Sep 17 2008 22:21:38.819 MEST: Vi2.1 LCP: Received AAA AUTHOR Response PASS

*Sep 17 2008 22:21:38.819 MEST: Vi2.1 IPCP: Received AAA AUTHOR Response
PASS

*Sep 17 2008 22:21:38.819 MEST: Vi2.1 PAP: O AUTH-ACK id 1 len 5

*Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: I AUTH-REQ id 2 len 19 from
"ac-conn1"

*Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:21:41.811 MEST: Vi2.1 PAP: O AUTH-ACK id 2 len 5

*Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: I AUTH-REQ id 3 len 19 from
"ac-conn1"

*Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:21:44.811 MEST: Vi2.1 PAP: O AUTH-ACK id 3 len 5

*Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: I AUTH-REQ id 4 len 19 from
"ac-conn1"

*Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:21:47.811 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: I AUTH-REQ id 5 len 19 from
"ac-conn1"

*Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:21:50.811 MEST: Vi2.1 PAP: O AUTH-ACK id 5 len 5

*Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: I AUTH-REQ id 6 len 19 from
"ac-conn1"

*Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:21:53.811 MEST: Vi2.1 PAP: O AUTH-ACK id 6 len 5

*Sep 17 2008 22:21:56.811 MEST: Vi2.1 PAP: I AUTH-REQ id 7 len 19 from
"ac-conn1"

*Sep 17 2008 22:21:56.811 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:21:56.815 MEST: Vi2.1 PAP: O AUTH-ACK id 7 len 5

*Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: I AUTH-REQ id 8 len 19 from
"ac-conn1"

*Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:21:59.815 MEST: Vi2.1 PAP: O AUTH-ACK id 8 len 5

*Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: I AUTH-REQ id 9 len 19 from
"ac-conn1"

*Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:22:02.815 MEST: Vi2.1 PAP: O AUTH-ACK id 9 len 5

*Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: I AUTH-REQ id 10 len 19 from
"ac-conn1"

*Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: Resending Auth-Ack

*Sep 17 2008 22:22:05.815 MEST: Vi2.1 PAP: O AUTH-ACK id 10 len 5

 

Maybe someone has an answer why it doesn't work, or why the pppd doesn't
match with the acknowledge.

 

Thanks Hennes

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080918/bb37d863/attachment-0001.html

More information about the Users mailing list