Hi, On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) "Gruel Bruno" <[email protected]> wrote: > Since several days i do some test in my lab but i have a problem. > > According to my picture > http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png > > R1 is a openbsd 4.9 wh make a ppoe call > R2 is a freebsd with the MPD5 daemon who run as an LAC > R3 is a openbsd 4.9 with npppd who run as a LNS. (snip) > But when th R2 (LAC) try to establish the L2TP VPN i got this error : > > 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) is > not supported, but it's mandatory > 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet > size BEARER_CAPABILITIES 15==10) > 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected > state=idle > 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe > > Have you got a suggestion ??
mpd seems to be using `hidden AVP' but npppd doesn't support that. Disabling `hidden AVP' on mpd may save this problem. Npppd also doesn't support `tunnel authentication'. It's not difficult to add them if some of you use them. Thanks, --yasuoka On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) "Gruel Bruno" <[email protected]> wrote: > Hello, > > Since several days i do some test in my lab but i have a problem. > > According to my picture > http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png > > R1 is a openbsd 4.9 wh make a ppoe call > R2 is a freebsd with the MPD5 daemon who run as an LAC > R3 is a openbsd 4.9 with npppd who run as a LNS. > > This is the R3 npppd configuration file > > # > # Simplest npppd.conf sample > # > # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $ > > interface_list: tun0 > interface.tun0.ip4addr: 10.0.0.1 > > # IP address pool > pool.dyna_pool: 10.0.0.0/25 > pool.pool: 10.0.0.128/25 > > # Authentication > auth.local.realm_list: local > auth.local.realm.acctlist: /etc/npppd/npppd-users.csv > realm.local.concentrate: tun0 > > lcp.mru: 1400 > auth.method: mschapv2 chap > > # L2TP daemon > l2tpd.enabled: true > l2tpd.ip4_allow: 0.0.0.0/0 > l2tpd.require_ipsec: false > l2tpd.accept_dialin: true > > # PPPoE daemon > pppoed.enabled: true > pppoed.interface: PPPoE vic0 > pppoed.ip4_allow: 0.0.0.0/0 > > > i run isakmpd -K and do a ipsecctl -f /etc/ipsec.conf > > > The content off my ipsec.conf file: > > ike passive esp transport \ > proto udp from 172.16.1.1 to any port 1701 \ > main auth hmac-sha enc 3des group modp1024 \ > quick auth hmac-sha enc aes \ > psk password > > > i run npppd -d and i got this : > > 2011-08-19 15:24:20:NOTICE: Starting npppd pid=27755 version=5.0.0 > 2011-08-19 15:24:20:NOTICE: Load configuration from='/etc/npppd/npppd.conf' > successfully. > 2011-08-19 15:24:20:WARNING: write() failed in in_route0 on RTM_ADD : File > exists > 2011-08-19 15:24:20:INFO: tun0 Started ip4addr=10.0.0.1 > 2011-08-19 15:24:20:INFO: pool name=default dyn_pool=[10.0.0.0/25] > pool=[10.0.0.0/24] > 2011-08-19 15:24:20:INFO: Added 2 routes for new pool addresses > 2011-08-19 15:24:20:INFO: Loading pool config successfully. > 2011-08-19 15:24:20:INFO: realm name=local(local) Loaded users > from='/etc/npppd/npppd-users.csv' successfully. 1 users > 2011-08-19 15:24:20:INFO: Listening /var/run/npppd_ctl (npppd_ctl) > 2011-08-19 15:24:20:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP] > 2011-08-19 15:24:20:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] > 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP] > 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) > 2011-08-19 15:24:20:INFO: tun0 is using ipcp=default(1 pools). > > > But when th R2 (LAC) try to establish the L2TP VPN i got this error : > > 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) is > not supported, but it's mandatory > 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet > size BEARER_CAPABILITIES 15==10) > 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected > state=idle > 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe > > Have you got a suggestion ?? > > Have you already see this message ? > > Thank's. > > Bruno Gruel > > >>---- Original Message ---- >>From: YASUOKA Masahiko <[email protected]> >>To: [email protected] >>Cc: [email protected], [email protected] >>Sent: Jeu, Aou 18, 2011, 8:04 AM >>Subject: Re: LAC & LNS server with OpenBSD >> >>Hello, >> >>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>"Gruel Bruno" <[email protected]> wrote: >>> First thank's for your help et very good jobs for npppd, it's realy a good >>> tool. But it seem not to do what i want. >>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>> I will try rp-l2tp >> >>npppd supports `LNS' only and it supports `compulsory tunnel' (or >>`accept dialin'). So currently npppd can become `R3' on above picture >>but it can not become `R2'. >> >>To enable `accept-dialin' on npppd, please add below line to >>npppd.conf. >> >> l2tp.accept_dialin: true >> >>> How can i have a full doc off npppd ?? >> >>Not yet.. >> >>> But i confirm that npppd work fine on my lab. >> >>Thanks. >> >>--yasuoka >> >>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>"Gruel Bruno" <[email protected]> wrote: >>> Hello, >>> >>> First thank's for your help et very good jobs for npppd, it's realy a good >>> tool. But it seem not to do what i want. >>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>> >>> I will try rp-l2tp >>> >>> How can i have a full doc off npppd ?? >>> >>> But i confirm that npppd work fine on my lab. >>> >>> Thank's. >>> >>> Bruno Gruel >>> >>>>---- Original Message ---- >>>>From: Jeremie Courreges-Anglas <[email protected]> >>>>To: [email protected] >>>>Sent: Mer, Aou 17, 2011, 12:48 PM >>>>Subject: Re: LAC & LNS server with OpenBSD >>>> >>>>"Gruel Bruno" <[email protected]> writes: >>>> >>>>> Hello, >>>> >>>>Hi. >>>> >>>>> I just want to know if it plan to have a real implitation of L2TP on >>> OpenBSD. >>>>> >>>>> Is there a work in progress ? or never ? >>>> >>>>Without knowing what you already know about OpenBSD and L2TP, it's a bit >>>>difficult to answer. Consider taking a look at /usr/src/usr.sbin/npppd/. >>>> >>>>> Thank's >>>> >>>>You're welcom'e ;) >>>> >>>>-- >>>>Jeremie Courreges-Anglas - GPG key : 06A11494
