Is xl2tpd-1.3.8 from OpenBSD 6.1amd64 ports tree the same version with a patch which avoids some problems seen with "large" packets as from -current ports?
On 11/24/2017 11:02 PM, Denis wrote: > Stuart, > > thanks again for your support. > > I've read some docs since my last post about IKEv1 support only for MS > IPsec + L2TP. > > xl2tpd-1.3.8 has been installed already on OpenBSD 6.1amd64. I tried to > use it with integrated pppd, but unsuccessful. > Is xl2tcp-1.3.8 the same version with patches as from -current ports? > > pppd has no option to support mschap-v2 available as pppd(8) shows, but > some people shared configs from OpenBSD 5.4 with mschap-v2 option > available in /etc/ppp/options.xl2tpd: > ------------------------------------------------------- > obsd client's /etc/xl2tpd/xl2tpd.conf: > [global] > debug avp = yes > debug network = yes > debug state = yes > debug tunnel = yes > > [lac foo] > lns = A.B.C.D > ppp debug = yes > pppoptfile = /etc/ppp/options.l2tpd.client > length bit = yes > autodial=yes > -------------------------------------------------------- > obsd client's /etc/ppp/options.l2tpd.client: > ipcp-accept-local > ipcp-accept-remote > refuse-eap > require-mschap-v2 > noccp > noauth > idle 1800 > mtu 1410 > mru 1410 > defaultroute > usepeerdns > debug > lock > name xxxxx > password xxxxx > ---------------------------------------------------------- > I have no evidence if it was work or not. > > Seems "require-mschap-v2" support is absent in pppd, While connection is > established it drops when xl2tpd call pppd with mschap-v2 option is needed. > > The questions is: how to use npppd with "authentication method > mschap-v2" supported to make it work with xl2tpd together or what > program will help to connect with xl2tpd in bundle to MS IPsec services? > > Stuart, I know that MS implementation is not so reliable as OpenBSD > implementation, but I have remote server with only MS based VPN managed > by others, so I can't affect on it. > > Thanks > > Denis > > On 11/24/2017 1:54 PM, Stuart Henderson wrote: >> On 2017-11-23, Denis <[email protected]> wrote: >>> Hi All, >>> >>> I have a goal to make an IPsec connection to an external L2TP IPsec with >>> mschap-v2 (preshared key auth) server. >>> OpenBSD 6.1amd64 will play client role in this case. >>> >>> Would you recommended suitable way to make such VPN connection? >>> >>> Can it be realized using iked? >> No. IPsec+L2TP uses IKEv1, iked uses IKEv2. >> >>> Any recommendations or examples will be helpful. >>> >>> Thank you for answer in advance. >> It's not as nice or reliable as normal OpenBSD IPsec, but >> landry@ got this to work. Install xl2tpd (take the version from >> -current ports, it has a hack which avoids some problems seen with >> "large" packets) and look at the README. >> >> -- mailto: [email protected]
