No. 6.1 is from the start of April. The commit is very recent which is why
I said you need -current.
--
Sent from a phone, apologies for poor formatting.
On 28 November 2017 09:40:05 Denis <[email protected]> wrote:
Is xl2tpd-1.3.8 from OpenBSD 6.1amd64 ports tree the same version with a
patch which avoids some problems seen with "large" packets as from -current
ports?
On 11/24/2017 11:02 PM, Denis wrote:
Stuart,
thanks again for your support.
I've read some docs since my last post about IKEv1 support only for MS
IPsec + L2TP.
xl2tpd-1.3.8 has been installed already on OpenBSD 6.1amd64. I tried to
use it with integrated pppd, but unsuccessful.
Is xl2tcp-1.3.8 the same version with patches as from -current ports?
pppd has no option to support mschap-v2 available as pppd(8) shows, but
some people shared configs from OpenBSD 5.4 with mschap-v2 option
available in /etc/ppp/options.xl2tpd:
-------------------------------------------------------
obsd client's /etc/xl2tpd/xl2tpd.conf:
[global]
debug avp = yes
debug network = yes
debug state = yes
debug tunnel = yes
[lac foo]
lns = A.B.C.D
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
autodial=yes
--------------------------------------------------------
obsd client's /etc/ppp/options.l2tpd.client:
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
lock
name xxxxx
password xxxxx
----------------------------------------------------------
I have no evidence if it was work or not.
Seems "require-mschap-v2" support is absent in pppd, While connection is
established it drops when xl2tpd call pppd with mschap-v2 option is needed.
The questions is: how to use npppd with "authentication method
mschap-v2" supported to make it work with xl2tpd together or what
program will help to connect with xl2tpd in bundle to MS IPsec services?
Stuart, I know that MS implementation is not so reliable as OpenBSD
implementation, but I have remote server with only MS based VPN managed
by others, so I can't affect on it.
Thanks
Denis
On 11/24/2017 1:54 PM, Stuart Henderson wrote:
On 2017-11-23, Denis <[email protected]> wrote:
Hi All,
I have a goal to make an IPsec connection to an external L2TP IPsec with
mschap-v2 (preshared key auth) server.
OpenBSD 6.1amd64 will play client role in this case.
Would you recommended suitable way to make such VPN connection?
Can it be realized using iked?
No. IPsec+L2TP uses IKEv1, iked uses IKEv2.
Any recommendations or examples will be helpful.
Thank you for answer in advance.
It's not as nice or reliable as normal OpenBSD IPsec, but
landry@ got this to work. Install xl2tpd (take the version from
-current ports, it has a hack which avoids some problems seen with
"large" packets) and look at the README.
--
mailto: [email protected]
