[Openswan Users] Ubuntu 10 -> OSX 10.6.4
Turbo Fredriksson
turbo at bayour.com
Tue Mar 8 05:25:09 EST 2011
[sorry for mailing you privatly about this, it was supposed to go to
the list
where maybe someone else can help :)]
On 8 mar 2011, at 10.34, Holger Kummert wrote:
> Am 04.03.2011 15:14, schrieb Turbo Fredriksson:
>> I was under the impression that xL2TPd was to authenticate. When I
>> made pppd do it instead, everything worked fine!
>
> Could you show the log for this, please?
----- s n i p -----
==> /var/log/syslog <==
Mar 8 11:03:13 JeOS xl2tpd[10737]: Enabling IPsec SAref processing
for L2TP transport mode SAs
Mar 8 11:03:13 JeOS xl2tpd[10737]: IPsec SAref does not work with
L2TP kernel mode yet, enabling forceuserspace=yes
Mar 8 11:03:13 JeOS xl2tpd[10737]: setsockopt recvref[22]: Protocol
not available
Mar 8 11:03:13 JeOS xl2tpd[10737]: This binary does not support
kernel L2TP.
Mar 8 11:03:13 JeOS xl2tpd[10738]: xl2tpd version xl2tpd-1.2.6
started on JeOS PID:10738
Mar 8 11:03:13 JeOS xl2tpd[10738]: Written by Mark Spencer, Copyright
(C) 1998, Adtran, Inc.
Mar 8 11:03:13 JeOS xl2tpd[10738]: Forked by Scott Balmos and David
Stipp, (C) 2001
Mar 8 11:03:13 JeOS xl2tpd[10738]: Inherited by Jeff McAdams, (C) 2002
Mar 8 11:03:13 JeOS xl2tpd[10738]: Forked again by Xelerance (www.xelerance.com
) (C) 2006
Mar 8 11:03:13 JeOS xl2tpd[10738]: Listening on IP address 0.0.0.0,
port 1701
Mar 8 11:03:24 JeOS xl2tpd[10738]: get_call: allocating new tunnel
for host COMPANY_IP, port 1701.
Mar 8 11:03:24 JeOS xl2tpd[10738]: Connecting to host COMPANY_IP,
port 1701
Mar 8 11:03:24 JeOS xl2tpd[10738]: control_finish: message type is
(null)(0). Tunnel is 0, call is 0.
Mar 8 11:03:24 JeOS xl2tpd[10738]: control_finish: sending SCCRQ
Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 60, tunnel = 59268, call = 0 ref=0 refhim=0
Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: message type is
Start-Control-Connection-Reply(2). Tunnel is 950, call is 0.
Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: sending SCCCN
Mar 8 11:03:25 JeOS xl2tpd[10738]: Connection established to
COMPANY_IP, 1701. Local: 59268, Remote: 950 (ref=0/0).
Mar 8 11:03:25 JeOS xl2tpd[10738]: Calling on tunnel 59268
Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: message type is
(null)(0). Tunnel is 950, call is 0.
Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: sending ICRQ
Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 28, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: message type is
Incoming-Call-Reply(11). Tunnel is 950, call is 31435.
Mar 8 11:03:25 JeOS xl2tpd[10738]: control_finish: Sending ICCN
Mar 8 11:03:25 JeOS xl2tpd[10738]: Call established with COMPANY_IP,
Local: 39805, Remote: 31435, Serial: 1 (ref=0/0)
Mar 8 11:03:25 JeOS xl2tpd[10738]: start_pppd: I'm running:
Mar 8 11:03:25 JeOS xl2tpd[10738]: "/usr/sbin/pppd"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "passive"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "nodetach"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "refuse-pap"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "auth"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "require-chap"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "name"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "turbof"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "debug"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "file"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "/etc/ppp/options.l2tpd.client"
Mar 8 11:03:25 JeOS xl2tpd[10738]: "/dev/pts/2"
Mar 8 11:03:25 JeOS pppd[10739]: pppd 2.4.5 started by root, uid 0
Mar 8 11:03:25 JeOS pppd[10739]: using channel 5
Mar 8 11:03:25 JeOS pppd[10739]: Using interface ppp0
Mar 8 11:03:25 JeOS pppd[10739]: Connect: ppp0 <--> /dev/pts/2
Mar 8 11:03:25 JeOS pppd[10739]: sent [LCP ConfReq id=0x1 <mru 1410>
<asyncmap 0x0> <magic 0x115f4ab4> <pcomp> <accomp>]
Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 37, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 36, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:25 JeOS pppd[10739]: rcvd [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap MS-v2> <magic 0x7b9130eb> <pcomp> <accomp>]
Mar 8 11:03:25 JeOS pppd[10739]: sent [LCP ConfAck id=0x1 <asyncmap
0x0> <auth chap MS-v2> <magic 0x7b9130eb> <pcomp> <accomp>]
Mar 8 11:03:25 JeOS pppd[10739]: rcvd [LCP ConfAck id=0x1 <mru 1410>
<asyncmap 0x0> <magic 0x115f4ab4> <pcomp> <accomp>]
Mar 8 11:03:25 JeOS pppd[10739]: sent [LCP EchoReq id=0x0
magic=0x115f4ab4]
Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 12, tunnel = 59268, call = 0 ref=0 refhim=0
Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 49, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:25 JeOS pppd[10739]: rcvd [LCP EchoReq id=0x0
magic=0x7b9130eb]
Mar 8 11:03:25 JeOS pppd[10739]: sent [LCP EchoRep id=0x0
magic=0x115f4ab4]
Mar 8 11:03:25 JeOS pppd[10739]: rcvd [CHAP Challenge id=0x27
<3c514c4f68796a0071464b6f3d2e1d15>, name = ""]
Mar 8 11:03:25 JeOS pppd[10739]: sent [CHAP Response id=0x27
<
40c9cf21c31749908d961fb6f3b0372c0000000000000000e219acf6f3f62d7cc0c9d6717cc5e2c2bbf6eca30501162600
>, name = "turbof"]
Mar 8 11:03:25 JeOS pppd[10739]: rcvd [LCP EchoRep id=0x0
magic=0x7b9130eb]
Mar 8 11:03:25 JeOS xl2tpd[10738]: network_thread: select timeout
Mar 8 11:03:27 JeOS xl2tpd[10738]: last message repeated 2 times
Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 73, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:27 JeOS pppd[10739]: rcvd [CHAP Success id=0x27
"S=B4BDDFBB1AE0F82BD0A22F1EE6CD0A53C8700412 M=Access granted"]
Mar 8 11:03:27 JeOS pppd[10739]: CHAP authentication succeeded
Mar 8 11:03:27 JeOS pppd[10739]: sent [IPCP ConfReq id=0x1 <compress
VJ 0f 01> <addr 0.0.0.0>]
Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 14, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:27 JeOS pppd[10739]: rcvd [IPCP ConfReq id=0x1 <addr
COMPANY_IP>]
Mar 8 11:03:27 JeOS pppd[10739]: sent [IPCP ConfAck id=0x1 <addr
COMPANY_IP>]
Mar 8 11:03:27 JeOS pppd[10739]: rcvd [proto=0x8235] 01 01 00 04
Mar 8 11:03:27 JeOS pppd[10739]: Unsupported protocol 'Apple Client
Server Protocol Control' (0x8235) received
Mar 8 11:03:27 JeOS pppd[10739]: sent [LCP ProtRej id=0x2 82 35 01 01
00 04]
Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:27 JeOS pppd[10739]: rcvd [IPCP ConfRej id=0x1 <compress
VJ 0f 01>]
Mar 8 11:03:27 JeOS pppd[10739]: sent [IPCP ConfReq id=0x2 <addr
0.0.0.0>]
Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:27 JeOS pppd[10739]: rcvd [IPCP ConfNak id=0x2 <addr
10.0.0.74>]
Mar 8 11:03:27 JeOS pppd[10739]: sent [IPCP ConfReq id=0x3 <addr
10.0.0.74>]
Mar 8 11:03:27 JeOS xl2tpd[10738]: network_thread: recv packet from
COMPANY_IP, size = 20, tunnel = 59268, call = 39805 ref=0 refhim=0
Mar 8 11:03:27 JeOS pppd[10739]: rcvd [IPCP ConfAck id=0x3 <addr
10.0.0.74>]
Mar 8 11:03:27 JeOS pppd[10739]: Cannot determine ethernet address
for proxy ARP
Mar 8 11:03:27 JeOS pppd[10739]: local IP address 10.0.0.74
Mar 8 11:03:27 JeOS pppd[10739]: remote IP address COMPANY_IP
Mar 8 11:03:27 JeOS pppd[10739]: Script /etc/ppp/ip-up started (pid
10742)
Mar 8 11:03:27 JeOS pppd[10739]: Script /etc/ppp/ip-up finished (pid
10742), status = 0x0
Mar 8 11:03:55 JeOS pppd[10739]: sent [LCP EchoReq id=0x1
magic=0x115f4ab4]
----- s n i p -----
What just dawned on me is that remote address is COMPANY_IP, i.e., the
external, live IP. Not one in the 10.0.0.0/24 net I should get...
>> ----- s n i p -----
>> Mar 4 15:04:07 JeOS pppd[1020]: Cannot determine ethernet address
>> for proxy ARP
>> Mar 4 15:04:07 JeOS pppd[1020]: local IP address 10.0.0.53
>> Mar 4 15:04:07 JeOS pppd[1020]: remote IP address<COMPANY_SERVER_IP>
>> Mar 4 15:04:07 JeOS pppd[1020]: Script /etc/ppp/ip-up started (pid
>> 1025)
>> Mar 4 15:04:07 JeOS pppd[1020]: Script /etc/ppp/ip-up finished
>> (pid 1025), status = 0x0
>> Mar 4 15:04:35 JeOS pppd[1020]: sent [LCP EchoReq id=0x1
>> magic=0xade7ef41]
>> Mar 4 15:05:06 JeOS pppd[1020]: sent [LCP EchoReq id=0x2
>> magic=0xade7ef41]
>> Mar 4 15:05:36 JeOS pppd[1020]: sent [LCP EchoReq id=0x3
>> magic=0xade7ef41]
>> Mar 4 15:06:06 JeOS pppd[1020]: sent [LCP EchoReq id=0x4
>> magic=0xade7ef41]
>> Mar 4 15:06:36 JeOS pppd[1020]: No response to 4 echo-requests
>
> This looks very strange. I wonder if ppp-negotation was really
> successful.
It did say 'CHAP authentication succeeded'... Is it pppd or xl2tpd
that should
do the auth? I can't seem to get xl2tpd to do a CHAP auth...
These are my xl2tpd.conf and options.l2tpd.client files:
----- s n i p -----
[global]
auth file = /etc/xl2tpd/l2tp-secrets
ipsec saref = yes
debug network = yes
debug packet = yes
debug state = yes
debug tunnel = yes
[lac COMPANY]
lns = COMPANY_IP
;
require chap = yes
refuse pap = yes
require authentication = yes
; Name should be the same as the username in the PPP authentication!
name = turbof
;
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
----- s n i p -----
----- s n i p -----
ipcp-accept-local
ipcp-accept-remote
refuse-chap
refuse-pap
refuse-eap
require-mschap-v2
noccp
noauth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
connect-delay 5000
lcp-echo-interval 30
lcp-echo-failure 0
----- s n i p -----
THe pppd auth will still happen even if I comment the refuse-* and
require* stuff in the options file, so I've forgot what I did to
make pppd do the auth :).
But what DID happen was that xl2tpd couldn't find a suitable auth
mechanism...
--
Try not. Do. Or do not. There is no try!
- Yoda
More information about the Users
mailing list