Re: passing vlan priority tag through bridge

2011-08-21 Thread Peter Hallin 
On 2011-08-21 23:33, Christiano F. Haesbaert wrote:
> 
> I have a partial diff for this.
> 
> Unfortunately I couldn't test so I'll need more time.
> 
> The idea is to flag the incoming packet with a new flag M_VLANPRIO
> which signals vlan(4) to not touch the vlanprio in vlan_start(). 
> 
> It's a proof-of-concept only, having something like this will probably
> involve a lot of talk. 
> 
> Sorry my diff is not showable at this time.

Wonderful. No stress.

Thx, Peter

Re: passing vlan priority tag through bridge

2011-08-21 Thread Christiano F. Haesbaert 
On Fri, Aug 19, 2011 at 09:07:42AM +0200, Peter Hallin wrote:
> Hello,
> 
> I have a question.
> 
> We use bridging firewalls at Lund University with different vlan tags on
> respective sides of the bridges. The frames are therefore "retagged"
> when passing through the bridge and unforunatley the priority flag gets
> reset and always ends up as 0 on the other side.
> 
> We would love to be able to let the priority flag pass the bridge and I
> wonder if this could be possible in a not so distant future.
> 
> In if_vlan.c, there is a comment regarding the prio flag:
> 
> /*
>  * if_vlan.c - pseudo-device driver for IEEE 802.1Q virtual LANs.
>  * Might be extended some day to also handle IEEE 802.1p priority
>  * tagging.  This is sort of sneaky in the implementation, since
>  * we need to pretend to be enough of an Ethernet implementation
>  * to make arp work.  The way we do this is by telling everyone
>  * that we are an Ethernet, and then catch the packets that
>  * ether_output() left on our output queue when it calls
>  * if_start(), rewrite them for use by the real outgoing
>  * interface,
>  * and ask it to send them.
>   *
>  * Some devices support 802.1Q tag insertion in firmware.  The
>  * vlan interface behavior changes when the
>  * IFCAP_VLAN_HWTAGGING
>  * capability is set on the parent.  In this case,
>  * vlan_start()
>  * will not modify the ethernet header.
>  */
> 

I have a partial diff for this.

Unfortunately I couldn't test so I'll need more time.

The idea is to flag the incoming packet with a new flag M_VLANPRIO
which signals vlan(4) to not touch the vlanprio in vlan_start(). 

It's a proof-of-concept only, having something like this will probably
involve a lot of talk. 

Sorry my diff is not showable at this time.

Re: TOS option to tcpbench ala pf.conf

2011-08-21 Thread Christiano F. Haesbaert 
Hi,

So here is the final version using -T with IPv6 with some points addressed by 
jmc@ in the manual.

ok to commit ?

Index: tcpbench.1
===
RCS file: /cvs/src/usr.bin/tcpbench/tcpbench.1,v
retrieving revision 1.12
diff -d -u -p -w -r1.12 tcpbench.1
--- tcpbench.1  16 Mar 2011 08:06:10 -  1.12
+++ tcpbench.1  21 Aug 2011 22:04:58 -
@@ -31,6 +31,7 @@
 .Op Fl p Ar port
 .Op Fl r Ar interval
 .Op Fl S Ar space
+.Op Fl T Ar toskeyword
 .Op Fl V Ar rtable
 .Ar hostname
 .Nm
@@ -41,6 +42,7 @@
 .Op Fl k Ar kvars
 .Op Fl p Ar port
 .Op Fl r Ar interval
+.Op Fl T Ar toskeyword
 .Op Fl S Ar space
 .Op Fl V Ar rtable
 .Ek
@@ -105,6 +107,21 @@ connections.
 It defaults to using TCP if
 .Fl u
 is not specified.
+.It Fl T Ar toskeyword
+Change the IPv4 TOS or IPv6 TCLASS value.
+.Ar toskeyword
+may be one of
+.Ar critical ,
+.Ar inetcontrol ,
+.Ar lowdelay ,
+.Ar netcontrol ,
+.Ar throughput ,
+.Ar reliability ,
+or one of the DiffServ Code Points:
+.Ar ef ,
+.Ar af11 ... af43 ,
+.Ar cs0 ... cs7 ;
+or a number in either hex or decimal.
 .It Fl u
 Use UDP instead of TCP; this must be specified on both the client
 and the server.
Index: tcpbench.c
===
RCS file: /cvs/src/usr.bin/tcpbench/tcpbench.c,v
retrieving revision 1.23
diff -d -u -p -w -r1.23 tcpbench.c
--- tcpbench.c  20 Aug 2011 11:11:30 -  1.23
+++ tcpbench.c  21 Aug 2011 05:42:21 -
@@ -65,6 +65,7 @@ struct {
int   Sflag;/* Socket buffer size (tcp mode) */
u_int rflag;/* Report rate (ms) */
int   sflag;/* True if server */
+   int   Tflag;/* ToS if != -1 */
int   vflag;/* Verbose */
int   uflag;/* UDP mode */
kvm_t*kvmh; /* Kvm handler */
@@ -113,7 +114,7 @@ static void client_init(struct addrinfo 
 static int clock_gettime_tv(clockid_t, struct timeval *);
 static voidudp_server_handle_sc(int, short, void *);
 static voidudp_process_slice(int, short, void *);
-
+static int map_tos(char *, int *);
 /*
  * We account the mainstats here, that is the stats
  * for all connections, all variables starting with slice
@@ -173,9 +174,10 @@ usage(void)
fprintf(stderr,
"usage: tcpbench -l\n"
"   tcpbench [-uv] [-B buf] [-k kvars] [-n connections] [-p 
port]\n"
-   "[-r interval] [-S space] [-V rtable] hostname\n"
+   "[-r interval] [-S space] [-T toskeyword] [-V 
rtable]\n"
+   "hostname\n"
"   tcpbench -s [-uv] [-B buf] [-k kvars] [-p port]\n"
-   "[-r interval] [-S space] [-V rtable]\n");
+   "[-r interval] [-S space] [-T toskeyword] [-V 
rtable]\n");
exit(1);
 }
 
@@ -680,6 +682,16 @@ again: 
r |= O_NONBLOCK;
if (fcntl(sock, F_SETFL, r) == -1)
err(1, "fcntl(F_SETFL, O_NONBLOCK)");
+   if (ptb->Tflag != -1 && ss.ss_family == AF_INET) {
+   if (setsockopt(sock, IPPROTO_IP, IP_TOS,
+   &ptb->Tflag, sizeof(ptb->Tflag)))
+   err(1, "setsockopt IP_TOS");
+   }
+   if (ptb->Tflag != -1 && ss.ss_family == AF_INET6) {
+   if (setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS,
+   &ptb->Tflag, sizeof(ptb->Tflag)))
+   err(1, "setsockopt IPV_TCLASS");
+   }
/* Alloc client structure and register reading callback */
if ((sc = calloc(1, sizeof(*sc))) == NULL)
err(1, "calloc");
@@ -729,6 +741,16 @@ server_init(struct addrinfo *aitop, stru
err(1, "setsockopt SO_RTABLE");
}
}
+   if (ptb->Tflag != -1 && ai->ai_family == AF_INET) {
+   if (setsockopt(sock, IPPROTO_IP, IP_TOS,
+   &ptb->Tflag, sizeof(ptb->Tflag)))
+   err(1, "setsockopt IP_TOS");
+   }
+   if (ptb->Tflag != -1 && ai->ai_family == AF_INET6) {
+   if (setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS,
+   &ptb->Tflag, sizeof(ptb->Tflag)))
+   err(1, "setsockopt IPV_TCLASS");
+   }
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
&on, sizeof(on)) == -1)
warn("reuse port");
@@ -821,6 +843,16 @@ client_init(struct addrinfo *aitop, int 
warn("socket");
continue;
}
+   if (ptb->Tflag != -1 && ai->ai_family == AF_INET) {
+   if (setsockopt(sock, IPPROTO_IP, IP_TOS,
+   &ptb->Tflag, sizeof(ptb->T

Re: LAC & LNS server with OpenBSD

2011-08-21 Thread YASUOKA Masahiko 
Hello,

On Sun, 21 Aug 2011 19:17:36 +0200 (CEST)
"Gruel Bruno"  wrote:
> Thank's for your reply it's works.

Thank you for your feedbacks.

> But i have still some question.
> It's not realy secure to do that, no (a VPN without password )??

It depends on your network which you use L2TP on.

Until your case, npppd has been developed for L2TP on IPsec or L2TP on
trusted network.

> Do you plan to implement tunnel auth in npppd ?

I'll plan to implement it if you (or maybe somebody) use it. :)

--yasuoka

On Sun, 21 Aug 2011 19:17:36 +0200 (CEST)
"Gruel Bruno"  wrote:
> Hello,
> 
> Thank's for your reply it's works.
> 
> By disable tunnel auth in MPD the client, can get ip configuration via the 
> L2TP tunnel.
> 
> But i have still some question.
> 
> It's not realy secure to do that, no (a VPN without password )??
> Do you plan to implement tunnel auth in npppd ?
> 
> So thank's for your work and you availability.
> 
> Bruno Gruel
> 
>> Original Message 
>>From: YASUOKA Masahiko 
>>To: b.gr...@woody.hopto.org
>>Cc: tech@openbsd.org
>>Sent: Dim, Aou 21, 2011, 17:32 PM
>>Subject: Re: LAC & LNS server with OpenBSD
>>
>>Hello,
>>
>>On Fri, 19 Aug 2011 20:26:25 +0200 (CEST)
>>"Gruel Bruno"  wrote:
>>> Now i have got that:
>>> 
>>> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is 
>>> not
>>> supported, but it's mandatory
>>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ
>>> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8
>>> hostname=LAC vendor=FreeBSD MPD firm=
>>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP
>>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4
>>> error=none/0 tunnel_id=35887 message=""
>>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB
>>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished
>>> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control
>>> message: tunnelId=13 is not found.  mestype=SCCCN
>>> 
>>> I suppose that is what you say. Unable to authenticate via the L2TP no ??
>>
>>Yes.  MPD seems to be using `L2TP tunnel authentication'.  Npppd
>>doesn't support `L2TP tunnel authentication'  You need to disable it
>>on MPD.
>>
>>--yasuoka
>>
>>On Fri, 19 Aug 2011 20:26:25 +0200 (CEST)
>>"Gruel Bruno"  wrote:
>>> Hello,
>>> 
>>> Thank's for your quick reply.
>>> So i'm intersting about tunnel authentication because it's the final point 
>>> off
>>> my project.
>>> 
>>> I do what you say, disable hidden in MPD but there is still error message.
>>> 
>>> Now i have got that:
>>> 
>>> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is 
>>> not
>>> supported, but it's mandatory
>>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ
>>> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8
>>> hostname=LAC vendor=FreeBSD MPD firm=
>>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP
>>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4
>>> error=none/0 tunnel_id=35887 message=""
>>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB
>>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished
>>> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control
>>> message: tunnelId=13 is not found.  mestype=SCCCN
>>> 
>>> I suppose that is what you say. Unable to authenticate via the L2TP no ??
>>> 
>>> Thank's
>>> 
>>> Bruno.
>>> 
 Original Message 
From: YASUOKA Masahiko 
To: b.gr...@woody.hopto.org
Cc: tech@openbsd.org
Sent: Ven, Aou 19, 2011, 16:37 PM
Subject: Re: LAC & LNS server with OpenBSD

Hi,

On Fri, 19 Aug 2011 16:05:27 +0200 (CEST)
"Gruel Bruno"  wrote:
> Since several days i do some test in my lab but i have a problem.
>
> According to my picture
>>> http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png
>
> R1 is a openbsd 4.9 wh make a ppoe call
> R2 is a freebsd with the MPD5 daemon who run as an LAC
> R3 is a openbsd 4.9 with npppd who run as a LNS.
(snip)
> But when th R2 (LAC) try to establish the L2TP VPN i got this error :
>
> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36)
>>> is not supported, but it's mandatory
> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet
>>> size BEARER_CAPABILITIES 15==10)
> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected
>>> state=idle
> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe
>
> Have you got a suggestion ??

mpd seems to be using `hidden AVP' but npppd doesn't support that.
Disabling `hidden AVP' on mpd may save this problem.  Npppd also
doesn't support `tunnel authentication'.

It's not difficult to add them if some of you use them.

Thanks,

--yasuoka


On Fri, 19 Aug 2011 16:05:27 +0200 (CEST)
"Gruel Bruno"  wrote:
> Hello,
>
> Since

Re: LAC & LNS server with OpenBSD

2011-08-21 Thread Gruel Bruno 
Hello,

Thank's for your reply it's works.

By disable tunnel auth in MPD the client, can get ip configuration via the
L2TP tunnel.

But i have still some question.

It's not realy secure to do that, no (a VPN without password )??
Do you plan to implement tunnel auth in npppd ?

So thank's for your work and you availability.

Bruno Gruel

> Original Message 
>From: YASUOKA Masahiko 
>To: b.gr...@woody.hopto.org
>Cc: tech@openbsd.org
>Sent: Dim, Aou 21, 2011, 17:32 PM
>Subject: Re: LAC & LNS server with OpenBSD
>
>Hello,
>
>On Fri, 19 Aug 2011 20:26:25 +0200 (CEST)
>"Gruel Bruno"  wrote:
>> Now i have got that:
>>
>> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is
not
>> supported, but it's mandatory
>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ
>> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8
>> hostname=LAC vendor=FreeBSD MPD firm=
>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP
>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4
>> error=none/0 tunnel_id=35887 message=""
>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB
>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished
>> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad
control
>> message: tunnelId=13 is not found.  mestype=SCCCN
>>
>> I suppose that is what you say. Unable to authenticate via the L2TP no ??
>
>Yes.  MPD seems to be using `L2TP tunnel authentication'.  Npppd
>doesn't support `L2TP tunnel authentication'  You need to disable it
>on MPD.
>
>--yasuoka
>
>On Fri, 19 Aug 2011 20:26:25 +0200 (CEST)
>"Gruel Bruno"  wrote:
>> Hello,
>>
>> Thank's for your quick reply.
>> So i'm intersting about tunnel authentication because it's the final point
off
>> my project.
>>
>> I do what you say, disable hidden in MPD but there is still error message.
>>
>> Now i have got that:
>>
>> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is
not
>> supported, but it's mandatory
>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ
>> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8
>> hostname=LAC vendor=FreeBSD MPD firm=
>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP
>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4
>> error=none/0 tunnel_id=35887 message=""
>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB
>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished
>> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad
control
>> message: tunnelId=13 is not found.  mestype=SCCCN
>>
>> I suppose that is what you say. Unable to authenticate via the L2TP no ??
>>
>> Thank's
>>
>> Bruno.
>>
>>> Original Message 
>>>From: YASUOKA Masahiko 
>>>To: b.gr...@woody.hopto.org
>>>Cc: tech@openbsd.org
>>>Sent: Ven, Aou 19, 2011, 16:37 PM
>>>Subject: Re: LAC & LNS server with OpenBSD
>>>
>>>Hi,
>>>
>>>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST)
>>>"Gruel Bruno"  wrote:
 Since several days i do some test in my lab but i have a problem.

 According to my picture
>> http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png

 R1 is a openbsd 4.9 wh make a ppoe call
 R2 is a freebsd with the MPD5 daemon who run as an LAC
 R3 is a openbsd 4.9 with npppd who run as a LNS.
>>>(snip)
 But when th R2 (LAC) try to establish the L2TP VPN i got this error :

 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP
(RANDOM_VECTOR/36)
>> is not supported, but it's mandatory
 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid
packet
>> size BEARER_CAPABILITIES 15==10)
 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected
>> state=idle
 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe

 Have you got a suggestion ??
>>>
>>>mpd seems to be using `hidden AVP' but npppd doesn't support that.
>>>Disabling `hidden AVP' on mpd may save this problem.  Npppd also
>>>doesn't support `tunnel authentication'.
>>>
>>>It's not difficult to add them if some of you use them.
>>>
>>>Thanks,
>>>
>>>--yasuoka
>>>
>>>
>>>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST)
>>>"Gruel Bruno"  wrote:
 Hello,

 Since several days i do some test in my lab but i have a problem.

 According to my picture
>> http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png

 R1 is a openbsd 4.9 wh make a ppoe call
 R2 is a freebsd with the MPD5 daemon who run as an LAC
 R3 is a openbsd 4.9 with npppd who run as a LNS.

 This is the R3 npppd configuration file

 #
 # Simplest npppd.conf sample
 #
 # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $

 interface_list: tun0
 interface.tun0.ip4addr: 10.0.0.1

 # IP address pool
 pool.dyna_pool: 10.0.0.0/25
 pool.pool:  10.0.0.

Re: LAC & LNS server with OpenBSD

2011-08-21 Thread YASUOKA Masahiko 
Hello,

On Fri, 19 Aug 2011 20:26:25 +0200 (CEST)
"Gruel Bruno"  wrote:
> Now i have got that:
> 
> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is not
> supported, but it's mandatory
> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ
> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8
> hostname=LAC vendor=FreeBSD MPD firm=
> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP
> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4
> error=none/0 tunnel_id=35887 message=""
> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB
> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished
> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control
> message: tunnelId=13 is not found.  mestype=SCCCN
> 
> I suppose that is what you say. Unable to authenticate via the L2TP no ??

Yes.  MPD seems to be using `L2TP tunnel authentication'.  Npppd
doesn't support `L2TP tunnel authentication'  You need to disable it
on MPD.

--yasuoka

On Fri, 19 Aug 2011 20:26:25 +0200 (CEST)
"Gruel Bruno"  wrote:
> Hello,
> 
> Thank's for your quick reply.
> So i'm intersting about tunnel authentication because it's the final point off
> my project.
> 
> I do what you say, disable hidden in MPD but there is still error message.
> 
> Now i have got that:
> 
> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is not
> supported, but it's mandatory
> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ
> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8
> hostname=LAC vendor=FreeBSD MPD firm=
> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP
> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4
> error=none/0 tunnel_id=35887 message=""
> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB
> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished
> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control
> message: tunnelId=13 is not found.  mestype=SCCCN
> 
> I suppose that is what you say. Unable to authenticate via the L2TP no ??
> 
> Thank's
> 
> Bruno.
> 
>> Original Message 
>>From: YASUOKA Masahiko 
>>To: b.gr...@woody.hopto.org
>>Cc: tech@openbsd.org
>>Sent: Ven, Aou 19, 2011, 16:37 PM
>>Subject: Re: LAC & LNS server with OpenBSD
>>
>>Hi,
>>
>>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST)
>>"Gruel Bruno"  wrote:
>>> Since several days i do some test in my lab but i have a problem.
>>>
>>> According to my picture
> http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png
>>>
>>> R1 is a openbsd 4.9 wh make a ppoe call
>>> R2 is a freebsd with the MPD5 daemon who run as an LAC
>>> R3 is a openbsd 4.9 with npppd who run as a LNS.
>>(snip)
>>> But when th R2 (LAC) try to establish the L2TP VPN i got this error :
>>>
>>> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36)
> is not supported, but it's mandatory
>>> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet
> size BEARER_CAPABILITIES 15==10)
>>> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected
> state=idle
>>> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe
>>>
>>> Have you got a suggestion ??
>>
>>mpd seems to be using `hidden AVP' but npppd doesn't support that.
>>Disabling `hidden AVP' on mpd may save this problem.  Npppd also
>>doesn't support `tunnel authentication'.
>>
>>It's not difficult to add them if some of you use them.
>>
>>Thanks,
>>
>>--yasuoka
>>
>>
>>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST)
>>"Gruel Bruno"  wrote:
>>> Hello,
>>>
>>> Since several days i do some test in my lab but i have a problem.
>>>
>>> According to my picture
> http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png
>>>
>>> R1 is a openbsd 4.9 wh make a ppoe call
>>> R2 is a freebsd with the MPD5 daemon who run as an LAC
>>> R3 is a openbsd 4.9 with npppd who run as a LNS.
>>>
>>> This is the R3 npppd configuration file
>>>
>>> #
>>> # Simplest npppd.conf sample
>>> #
>>> # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $
>>>
>>> interface_list: tun0
>>> interface.tun0.ip4addr: 10.0.0.1
>>>
>>> # IP address pool
>>> pool.dyna_pool: 10.0.0.0/25
>>> pool.pool:  10.0.0.128/25
>>>
>>> # Authentication
>>> auth.local.realm_list:  local
>>> auth.local.realm.acctlist:  /etc/npppd/npppd-users.csv
>>> realm.local.concentrate:tun0
>>>
>>> lcp.mru:1400
>>> auth.method:mschapv2 chap
>>>
>>> # L2TP daemon
>>> l2tpd.enabled:  true
>>> l2tpd.ip4_allow:0.0.0.0/0
>>> l2tpd.require_ipsec:false
>>> l2tpd.accept_dialin:true
>>>
>>> # PPPoE daemon
>>> pppoed.enabled:true
>>> pppoed.interface: