(RADIATOR) L2TP tunneling with Radiator and Bay Networks dialing equipment

[Scott Gifford]

I'm not having any luck getting L2TP working at all between my
Radiator server and our Bay Networks 5399 blades.  The information all
looks correct, but the 5399 gives an error before it attempts to open
the tunnel.  I never even see a packet on the tunnel machine, so it
can't be my tunnel software.

Here are the relevant parts of my configuration:

==================
=== radius.cfg ===
==================
<Realm tunnel>
        # Strip the realm so we can auth with the bare user name
        # in the users file
        RewriteUsername s/^([^@]+).*/$1/
        <AuthBy FILE>
                Filename /usr/local/etc/radius/users
                AddToReply Annex-Local-Username = "%n"
                StripFromReply Framed-IP-Address
        </AuthBy>
</Realm>

==================
===   users    ===
==================

test023 Auth-Type = System
        Annex-User-Server-Location = local,
        Tunnel-Medium-Type = IP,
        Tunnel-Server-Endpoint = "\000205.138.41.248 ppp",
        Tunnel-Type = L2TP

And here's what I see in my logs:

==================
=== annex.log  ===
==================
Jul 27 14:06:51 mico25.tir.com ppp[4331]: Sent RADIUS Access-Request to 216.40.128.71
Jul 27 14:06:51 mico25.tir.com ppp[4331]: Received RADIUS Access-Accept from 
216.40.128.71
Jul 27 14:06:51 mico25.tir.com ppp[4331]: ppp:asy42:l2tp tunnel call connection 
starting to 205.138.41.248
Jul 27 14:06:51 mico25.tir.com ppp[4331]: ppp:asy42:L2TP:failed to make tunnel 
connection Device in use
Jul 27 14:06:51 mico25.tir.com ppp[4331]: ppp:asy42:l2tp tunnel call failed, link will 
shutdown, error (Device in use)
Jul 27 14:06:51 mico25.tir.com ppp[4331]: ppp:asy42:Security Failed PAP

[ ... ]
Jul 27 14:06:51 mico25.tir.com ppp[4331]: ppp:asy42: *** PAP SYSLOG HISTORY ***
Jul 27 14:06:51 mico25.tir.com ppp[4331]: ppp:asy42:: Using Authentication Server to 
authenticate remote PAP request
Jul 27 14:06:51 mico25.tir.com ppp[4331]: ppp:asy42:: PAP - L2TP - Tunnel call failed 
- authentication failed
Jul 27 14:06:51 mico25.tir.com ppp[4331]: ppp:asy42: *** END PAP HISTORY ***

==================
=== radius.log ===
==================
*** Received from 209.140.180.250 port 1267 ....

Packet length = 172
01 62 00 ac 4f b0 04 47 3e a0 03 36 2e a0 02 26
1e a0 01 00 01 10 74 65 73 74 30 32 33 40 74 75
6e 6e 65 6c 02 12 08 5a c3 4d 1d c6 43 2a c2 d7
12 03 00 49 c7 c3 06 06 00 00 00 02 07 06 00 00
00 01 04 06 d1 8c b4 fa 08 06 d1 8c b4 c0 05 06
00 00 00 2a 3d 06 00 00 00 00 1e 09 32 34 39 39
30 39 39 1f 0c 38 31 30 37 32 30 37 32 30 33 4d
13 32 31 36 30 30 20 20 32 34 30 30 30 20 56 2e
33 34 1a 0c 00 00 06 30 32 06 00 00 54 60 1a 0c
00 00 06 30 33 06 00 00 5d c0 50 12 0c f2 ef a4
40 58 5b 7b f7 dd b6 15 25 ee 5e 0b
Code:       Access-Request
Identifier: 98
Authentic:  O<176><4>G><160><3>6.<160><2>&<30><160><1><0>
Attributes:
        User-Name = "test023@tunnel"
        User-Password = "<8>Z<195>M<29><198>C*<194><215><18><3><0>I<199><195>"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-IP-Address = 209.140.180.250
        Framed-IP-Address = 209.140.180.192
        NAS-Port = 42
        NAS-Port-Type = Async
        Called-Station-Id = "2499099"
        Calling-Station-Id = "8107207203"
        Connect-Info = "21600  24000 V.34"
        Annex-Transmit-Speed = 21600
        Annex-Receive-Speed = 24000
        Signature = "<12><242><239><164>@X[{<247><221><182><21>%<238>^<11>"

Tue Jul 27 14:06:51 1999: DEBUG: Handling request with Handler 'Realm=tunnel'
Tue Jul 27 14:06:51 1999: DEBUG: Rewrote user name to test023
Tue Jul 27 14:06:51 1999: DEBUG: Deleting session for test023@tunnel, 209.140.180.250, 
42
Tue Jul 27 14:06:51 1999: DEBUG: Handling with Radius::AuthFILE
Tue Jul 27 14:06:51 1999: DEBUG: Reading users file /usr/local/etc/radius/users
Tue Jul 27 14:06:51 1999: DEBUG: Radius::AuthFILE looks for match with test023
Tue Jul 27 14:06:51 1999: DEBUG: Handling with Radius::AuthUNIX
Tue Jul 27 14:06:51 1999: DEBUG: Radius::AuthUNIX looks for match with test023
Tue Jul 27 14:06:51 1999: DEBUG: Radius::AuthUNIX ACCEPT: 
Tue Jul 27 14:06:51 1999: DEBUG: Radius::AuthFILE ACCEPT: 
Tue Jul 27 14:06:51 1999: DEBUG: Access accepted for test023
Tue Jul 27 14:06:51 1999: DEBUG: Packet dump:
*** Sending to 209.140.180.250 port 1267 ....
Code:       Access-Accept
Identifier: 98
Authentic:  O<176><4>G><160><3>6.<160><2>&<30><160><1><0>
Attributes:
        Annex-User-Server-Location = local
        Tunnel-Medium-Type = IP
        Tunnel-Server-Endpoint = "<0>205.138.41.248 ppp"
        Tunnel-Type = L2TP
        Annex-Local-Username = "test023"

I don't receive another access packet from the 5399, as the
documentation hints that I might.  And I don't think it's any kind of
authentication problem, even though the logs mention that, because the
"Device Busy" error is first.

And, of course, Bay says that Radiator is completely unsupported and
will only provide me with minimal assistance.

Anybody have any ideas?  I'm not really sure where to start with
this...

Thanks,

-----ScottG.

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.