On 2013-11-20, anon ymous <ramrunner0...@gmail.com> wrote:
> Hello list!
> If anyone could shed some light to the following i would be thankful..
> i have 2 5.4-current boxes, one acting as an npppd server over ipsec
> and the other one wishing to be a client.
> My understanding is that to accomplish that the client needs
> to use xl2tpd from ports.
> The problem is that although linux and windows clients connect
> ok with the same setup, i can't get the openbsd client to connect.
I ported xl2tpd - fwiw I've only tested it against Firebrick's l2tp
implementation
which does not use IPsec, so I don't know if anything special is needed for
this.
> tunnel L2TP_ipv4 protocol l2tp {
> listen on 0.0.0.0
> l2tp-accept-dialin yes
> authentication-method mschapv2
> pipex yes
> }
Here you only accept mschapv2 authentication.
> the problem is that as we see from the logs the obsd client refuses
> to cope with mschap-v2 and various options from that last file.
Mackeras pppd has new mschap code which supports mschap-v2; this was added
in 2003, but unfortunately the last release with code for all arch other than
Solaris/Linux was pppd-2.3.11 in 1999. I've looked at trying to update pppd
before but it was a bit much for me..
> if we remove all the offending options we end up with "no authentication
> protocols are agreeable" on npppd logs.... ideas? suggestions for other
> approaches??
You could try telling npppd to accept chap (not mschap), and tell pppd to use
that..
