[Openswan Users] xl2tp authentication problem with Cisco LAC
Chris Maverley
c.maverley at permanet.ie
Tue Aug 25 11:13:30 EDT 2015
Hi There,
I need to establish a l2tp tunnel from a cisco LAC. The l2tp tunnel needs to
be authenticated. We are using the correct shared secret but I can't get
past this error. The CHAP challenge is failing. Everthing works if we don't
use l2tp tunnel authentication.
LAC config:
vpdn-group Test
request-dialin
protocol l2tp
domain xxxxxx
initiate-to ip 185.xx.xx.xx
initiate-to ip 185.xx.xx.xx
local name xxxxxx
l2tp tunnel password 0 secret
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: get_call:
allocating new tunnel for host 10.1.1.204, port 1701.
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
handling avp's for tunnel 41428, call 0
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
message_type_avp: message type 1 (Start-Control-Connection-Request)
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
protocol_version_avp: peer is using version 1, revision 0.
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
framing_caps_avp: supported peer frames:
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
firmware_rev_avp: peer reports firmware version 4400 (0x1130)
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: hostname_avp:
peer reports hostname 'permanet'
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: vendor_avp:
peer reports vendor 'Cisco Systems, Inc.'
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
assigned_tunnel_avp: using peer's tunnel 62103
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
receive_window_size_avp: peer wants RWS of 1024. Will use flow control.
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: challenge_avp:
challenge avp found
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
don't know how to handle atribute 56.
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
don't know how to handle atribute 57.
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
don't know how to handle atribute 110.
Aug 25 16:01:29 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
don't know how to handle atribute 111.
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: get_call:
allocating new tunnel for host 10.1.1.204, port 1701.
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
handling avp's for tunnel 63932, call 27345600
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
message_type_avp: message type 1 (Start-Control-Connection-Request)
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
protocol_version_avp: peer is using version 1, revision 0.
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
framing_caps_avp: supported peer frames:
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
firmware_rev_avp: peer reports firmware version 4400 (0x1130)
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: hostname_avp:
peer reports hostname 'permanet'
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: vendor_avp:
peer reports vendor 'Cisco Systems, Inc.'
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
assigned_tunnel_avp: using peer's tunnel 62103
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
receive_window_size_avp: peer wants RWS of 1024. Will use flow control.
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: challenge_avp:
challenge avp found
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
don't know how to handle atribute 56.
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
don't know how to handle atribute 57.
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
don't know how to handle atribute 110.
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
don't know how to handle atribute 111.
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: control_finish:
Peer requested tunnel 62103 twice, ignoring second one.
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: build_fdset:
closing down tunnel 63932
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: handle_avps:
handling avp's for tunnel 41428, call 0
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
message_type_avp: message type 4 (Stop-Control-Connection-Notification)
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
result_code_avp: peer closing for reason 4 (Requester is not authorized to
establish a control channel), error = 0 (process challenge response failed
mismatch)
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]:
assigned_tunnel_avp: using peer's tunnel 62103
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: control_finish:
Connection closed to 10.1.1.204, port 1701 (process challenge response
failed mismatch), Local: 41428, Remote: 62103
Aug 25 16:01:30 pnetadmin-ProLiant-DL160-Gen9 xl2tpd[18563]: build_fdset:
closing down tunnel 41428
Looking forward to some tips.
Chris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150825/14050af4/attachment.html>
More information about the Users
mailing list