Im doing RADIUS auth. Here is my npppd.conf:
tunnel L2TP protocol l2tp {
listen on <my public IP>
l2tp-hostname myhostname.com"
l2tp-vendor-name "OpenBSD"
l2tp-accept-dialin yes
mru 1360
lcp-timeout 18
authentication-method mschapv2
tcp-mss-adjust yes
pipex yes
mppe no
# ingress-filter yes
}
ipcp IPCP {
pool-address 172.17.0.2-172.17.0.254
dns-servers 192.168.78.123
allow-user-selected-address no
}
interface tun0 address 172.17.0.1 ipcp IPCP
authentication LOCAL type local {
users-file "/etc/npppd/npppd-users"
}
authentication RADIUS type radius {
authentication-server {
address 192.168.78.125 secret my_radius_secret"
}
accounting-server {
address 192.168.78.125 secret "my_radius_secret"
}
}
bind tunnel from L2TP authenticated by RADIUS to tun0
//mxb
On 4 jan 2014, at 02:09, Matt Carlson <[email protected]> wrote:
> mxb,
>
> I tried that and I'm getting the same results. Any other ideas? What does
your npppd.conf look like?
>
> Thanks,
>
> Matt
>
>
> On Fri, Jan 3, 2014 at 8:03 AM, mxb <[email protected]> wrote:
> I successfully connected my iOS 7.0.4 to an OpenBSD 5.4 (this is
pre-release). My ipsec.conf for L2TP is this:
>
> ike passive esp transport \
> proto udp from $local_gw to any port 1701 \
> main auth "hmac-sha1" enc "3des" group modp1024 \
> quick auth "hmac-sha1" enc "aes" \
> psk ReallyweakPassword
>
>
>
> On 31 dec 2013, at 05:01, Mike Pistone <[email protected]> wrote:
>
> > Strangely enough I am having the exact same problem. OPENBSD 5.4, etc.
> >
> > Phase I works once I tweaked my isakmp settings to match IOS7's
capabilities
> > (no modp2048 mainly), but I get the same messages Matt does on phase II.
> >
> >
> > I have a npppd PPTP tunnel to the same server that works fine.
> > It is just L2TP/IPSEC that has the issues.
> >
> >
> > Mike
