Re: Windows IPSec/L2TP VPN client and Linux server with RADIUS, and PPP.

To: debian-isp@lists.debian.org
Subject: Re: Windows IPSec/L2TP VPN client and Linux server with RADIUS, and PPP.
From: Jim Barber <jim.barber@ddihealth.com>
Date: Wed, 07 Sep 2005 16:09:20 +0800
Message-id: <[🔎] 431EA030.7090208@ddihealth.com>
In-reply-to: <[🔎] C67FBCB411B4024382B11B96D68E49E4079281@server.local.GetOffice>
References: <[🔎] C67FBCB411B4024382B11B96D68E49E4079281@server.local.GetOffice>

Tim Warnock wrote:

-----Original Message-----
From: Jim Barber [mailto:jim.barber@ddihealth.com]Sent: Wednesday, 7 September 2005 5:28 PM
To: debian-isp@lists.debian.org
Subject: Windows IPSec/L2TP VPN client and Linux server withRADIUS, and PPP.
	[lns default]
	ip range = 10.10.0.248 - 10.10.0.254
	local ip = 10.10.0.220
	require chap = yes
	refuse pap = yes
	require authentication = yes
	hostname = vpn1
	ppp debug = yes
	pppoptfile = /etc/ppp/options.l2tpd
	length bit = yes

Try turning off all authentication in l2tpd and let pppd take care of
it.

Thanks
Tim Warnock

ISP Technical Manager
GetOnIt! Nationwide Internet.
1300 88 00 97

timoid (at) getonit.net.au


Thanks Tim, I hadn't though of trying that.

I changed the /etc/l2tpd/l2tpd.conf file so it looks like:

	[lns default]
	ip range = 10.10.0.248 - 10.10.0.254
	local ip = 10.10.0.220
	hostname = vpn1
	ppp debug = yes
	pppoptfile = /etc/ppp/options.l2tpd
	length bit = yes

Then I bounced the l2tpd daemon and tried to connect again.
No luck unfortunately :(
Still no MS-CHAP information being passed to the RADIUS server.

From what I'v read, these authentication directives in this file apply
to the ppp daemon.

To enable l2tp authentication you are supposed to use the 'auth file'
and 'challenge' parameters.

Let me try and find the quote...
As per the following website:
	http://www.jacco2.dds.nl/networking/freeswan-l2tp.html

"It turns out that L2TP also supports authentication.
 The problem is that you cannot specify those passwords anywhere in the
 Windows/Mac L2TP clients. I guess none of the vendors thought that
 L2TP authentication was important. And rightly so, because it does not
 seem very useful anyway. IPsec and PPP authentication should be enough
 for anyone.

 The confusion comes from the 'require authentication' parameter in
 l2tpd.conf. This parameter has nothing to do with enabling L2TP
 authentication. It is actually for PPP authentication (i.e. PAP/CHAP).
 The Windows clients use this by default, so you should enable PPP
 authentication by including 'require authentication' in your l2tpd
 configuration file.

 L2TP authentication, on the other hand, can be enabled by specifying
 the parameters 'auth file' and 'challenge'.
"

Thanks.

----------
Jim Barber
DDI Health

Reply to:

References:
- RE: Windows IPSec/L2TP VPN client and Linux server with RADIUS, and PPP.
  - From: "Tim Warnock" <timoid@getonit.net.au>

Prev by Date: Re: 3Com - 3c905B ethernet card
Next by Date: Re: 3Com - 3c905B ethernet card
Previous by thread: RE: Windows IPSec/L2TP VPN client and Linux server with RADIUS, and PPP.
Next by thread: Areca SATA cards
Index(es):
- Date
- Thread