Yep, that was exactly it. Thank you, again.
On Aug 15, 2012, at 16:01, YASUOKA Masahiko <yasu...@yasuoka.net> wrote: > Hi, > >> real.local.concentrate: tun0 > > this should be > > realm.local.concentrate: tun0 > > I hope this will help you. > > --yasuoka > > On Wed, 15 Aug 2012 09:11:06 -0700 > Johan Beisser <j...@caustic.org> wrote: >> I've hit a bit of a wall digging around getting L2TP working with OpenBSD 5.1. >> >> I've enabled pipex in kernel: >> # sysctl -a | grep -E '(pipex|gre)' >> net.inet.gre.allow=0 >> net.inet.gre.wccp=0 >> net.pipex.enable=1 >> >> Before anyone asks, yes, I had GRE enabled as well. But, I'm not >> looking to run PPTP via npppd, only L2TP. I've tested with it >> activated, and the config with pptpd.enabled: false >> >> I've configured a very basic npppd.conf, per the instructions in >> http://www.undeadly.org/cgi?action=article&sid=20120427125048 and >> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/npppd/HOWTO_PIPEX_NPPPD.tx t?rev=1.8 >> >> Everything connects, it appears to authenticate fine, but after that >> iOS attempts to negotiate ppp. I'm assuming this is the relevant part >> of the npppd debugging output (for my own privacy, I've replaced >> non-RFC addresses with A.B.C.D for the client and E.F.G.H for the >> server, respectively): >> >> 2012-08-15 08:37:03:NOTICE: l2tpd ctrl=2 logtype=Started RecvSCCRQ >> from=A.B.C.D:50002/udp tunnel_id=2/21 protocol=1.0 winsize=4 >> hostname=users-thing vendor=(no vendorname) firm=0000 >> 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 SendSCCRP >> 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 RecvSCCN >> 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 SendZLB >> 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 call=9490 RecvICRQ session_id=948 >> 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 call=9490 SendICRP session_id=9490 >> 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 call=9490 RecvICCN >> session_id=948 calling_number= tx_conn_speed=1000000 framing=async >> 2012-08-15 08:37:03:NOTICE: l2tpd ctrl=2 call=9490 logtype=PPPBind ppp=1 >> 2012-08-15 08:37:03:INFO: ppp id=1 layer=base logtype=Started >> tunnel=L2TP(A.B.C.D:50002) >> 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 call=9490 SendZLB >> 2012-08-15 08:37:22:INFO: ppp id=1 layer=lcp logtype=Opened >> mru=1400/1400 auth=MS-CHAP-V2 magic=3adadd39/37d59f4b >> 2012-08-15 08:37:22:INFO: ppp id=1 layer=chap proto=mschap_v2 >> logtype=Success username="user" realm=local >> 2012-08-15 08:37:22:WARNING: ppp id=1 layer=base No interface binding. >> 2012-08-15 08:37:22:INFO: ppp id=1 layer=base unhandled protocol >> ip6cp, 32855(8057) >> 2012-08-15 08:37:22:INFO: l2tpd ctrl=2 call=9490 SendCDN >> result=ERROR_CODE/2 error=GENERIC_ERROR/6 messsage=Disconnected by >> local PPP >> 2012-08-15 08:37:22:NOTICE: l2tpd ctrl=2 call=9490 logtype=PPPUnbind >> 2012-08-15 08:37:22:NOTICE: ppp id=1 layer=base logtype=TUNNELUSAGE >> user="user" duration=19sec layer2=L2TP layer2from=A.B.C.D:50002 >> auth=MS-CHAP-V2 data_in=271bytes,12packets data_out=333bytes,15packets >> error_in=1 error_out=0 mppe=no iface=(not binding) >> 2012-08-15 08:37:22:INFO: l2tpd ctrl=2 call=9490 Received CDN in >> unexpected state=cleanup-wait >> 2012-08-15 08:37:22:INFO: l2tpd ctrl=2 RecvStopCCN result=UNKNOWN/256 >> error=UNKNOWN/28261 tunnel_id=21 message="cted" >> 2012-08-15 08:37:22:DEBUG: l2tpd ctrl=2 SendZLB >> 2012-08-15 08:37:22:NOTICE: l2tpd ctrl=2 logtype=Finished >> 2012-08-15 08:37:23:INFO: l2tpd Received from=A.B.C.D:42138: bad >> control message: tunnelId=2 is not found. mestype=CDN >> >> >> Isakmpd does throw some errors, but they don't seem to be related to >> anything except protocol negotiation. >> >> Aug 15 08:37:00 soekris isakmpd[1079]: attribute_unacceptable: >> ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC >> Aug 15 08:37:02 soekris isakmpd[1079]: isakmpd: phase 1 done (as >> responder): initiator id 10.70.108.213, responder id E.F.G.H, src: >> A.B.C.D dst: A.B.C.D >> Aug 15 08:37:02 soekris isakmpd[1079]: isakmpd: quick mode done (as >> responder): src: E.F.G.H dst: A.B.C.D >> >> >> It acts the same if pf is enabled or disabled. I'm debating if I >> should update to a snapshot or not, at this point. Due to the hardware >> being weak, and kind of old, I'd rather not have the debugging flags, >> etc, running a snapshot would entail. >> >> Any pointers on where to look would be appreciated. >> >> -jb >> >> >> npppd.conf: >> >> interface_list: tun0 >> interface.tun0.ip4addr: 172.23.0.1 >> >> # IP Address Pool >> pool.dyna_pool: 172.23.0.0/25 >> pool.pool: 172.23.0.128/25 >> >> # local file auth >> auth.local.realm_list: local >> auth.local.realm.acctlist: /etc/npppd/npppd-users.csv >> real.local.concentrate: tun0 >> >> lcp.mru: 1400 >> lcp.timeout: 18 >> auth.method: mschapv2 >> # auth.method: mschapv2 chap pap >> ipcp.assign_fixed: true >> ipcp.assign_userselect: true >> >> pptpd.enabled: false >> pptpd.ip4_allow: 0.0.0.0/0 >> #pptpd.listener_in: PPTP 192.168.0.1 >> >> # L2TP daemon >> l2tpd.enabled: true >> l2tpd.ip4_allow: 0.0.0.0/0 >> #l2tpd.listener_in: L2TP 192.168.0.1 >> l2tpd.purge_ipsec_sa: false >> l2tpd.require_ipsec: true >> l2tpd.accept_dialin: true >> >> pipex.enabled: true >> >> ipsec.conf: >> >> ike passive esp transport \ >> proto udp from A.B.C.D to any port 1701 \ >> main auth "hmac-sha1" enc "3des" group modp1024 \ >> quick auth "hmac-sha1" enc "aes" \ >> psk "PASSWORD"
