Tim Warnock wrote:
-----Original Message-----From: Jim Barber [mailto:jim.barber@ddihealth.com] Sent: Wednesday, 7 September 2005 5:28 PMTo: debian-isp@lists.debian.orgSubject: Windows IPSec/L2TP VPN client and Linux server with RADIUS, and PPP.[lns default] ip range = 10.10.0.248 - 10.10.0.254 local ip = 10.10.0.220 require chap = yes refuse pap = yes require authentication = yes hostname = vpn1 ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd length bit = yesTry turning off all authentication in l2tpd and let pppd take care of it. Thanks Tim Warnock ISP Technical Manager GetOnIt! Nationwide Internet. 1300 88 00 97timoid (at) getonit.net.au
Thanks Tim, I hadn't though of trying that. I changed the /etc/l2tpd/l2tpd.conf file so it looks like: [lns default] ip range = 10.10.0.248 - 10.10.0.254 local ip = 10.10.0.220 hostname = vpn1 ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd length bit = yes Then I bounced the l2tpd daemon and tried to connect again. No luck unfortunately :( Still no MS-CHAP information being passed to the RADIUS server. From what I'v read, these authentication directives in this file apply to the ppp daemon. To enable l2tp authentication you are supposed to use the 'auth file' and 'challenge' parameters. Let me try and find the quote... As per the following website: http://www.jacco2.dds.nl/networking/freeswan-l2tp.html "It turns out that L2TP also supports authentication. The problem is that you cannot specify those passwords anywhere in the Windows/Mac L2TP clients. I guess none of the vendors thought that L2TP authentication was important. And rightly so, because it does not seem very useful anyway. IPsec and PPP authentication should be enough for anyone. The confusion comes from the 'require authentication' parameter in l2tpd.conf. This parameter has nothing to do with enabling L2TP authentication. It is actually for PPP authentication (i.e. PAP/CHAP). The Windows clients use this by default, so you should enable PPP authentication by including 'require authentication' in your l2tpd configuration file. L2TP authentication, on the other hand, can be enabled by specifying the parameters 'auth file' and 'challenge'. " Thanks. ---------- Jim Barber DDI Health