Hello, Thank's for your quick reply. So i'm intersting about tunnel authentication because it's the final point off my project.
I do what you say, disable hidden in MPD but there is still error message. Now i have got that: 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is not supported, but it's mandatory 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8 hostname=LAC vendor=FreeBSD MPD firm=0000 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4 error=none/0 tunnel_id=35887 message="" 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control message: tunnelId=13 is not found. mestype=SCCCN I suppose that is what you say. Unable to authenticate via the L2TP no ?? Thank's Bruno. >---- Original Message ---- >From: YASUOKA Masahiko <[email protected]> >To: [email protected] >Cc: [email protected] >Sent: Ven, Aou 19, 2011, 16:37 PM >Subject: Re: LAC & LNS server with OpenBSD > >Hi, > >On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) >"Gruel Bruno" <[email protected]> wrote: >> Since several days i do some test in my lab but i have a problem. >> >> According to my picture http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png >> >> R1 is a openbsd 4.9 wh make a ppoe call >> R2 is a freebsd with the MPD5 daemon who run as an LAC >> R3 is a openbsd 4.9 with npppd who run as a LNS. >(snip) >> But when th R2 (LAC) try to establish the L2TP VPN i got this error : >> >> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) is not supported, but it's mandatory >> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet size BEARER_CAPABILITIES 15==10) >> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected state=idle >> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe >> >> Have you got a suggestion ?? > >mpd seems to be using `hidden AVP' but npppd doesn't support that. >Disabling `hidden AVP' on mpd may save this problem. Npppd also >doesn't support `tunnel authentication'. > >It's not difficult to add them if some of you use them. > >Thanks, > >--yasuoka > > >On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) >"Gruel Bruno" <[email protected]> wrote: >> Hello, >> >> Since several days i do some test in my lab but i have a problem. >> >> According to my picture http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png >> >> R1 is a openbsd 4.9 wh make a ppoe call >> R2 is a freebsd with the MPD5 daemon who run as an LAC >> R3 is a openbsd 4.9 with npppd who run as a LNS. >> >> This is the R3 npppd configuration file >> >> # >> # Simplest npppd.conf sample >> # >> # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $ >> >> interface_list: tun0 >> interface.tun0.ip4addr: 10.0.0.1 >> >> # IP address pool >> pool.dyna_pool: 10.0.0.0/25 >> pool.pool: 10.0.0.128/25 >> >> # Authentication >> auth.local.realm_list: local >> auth.local.realm.acctlist: /etc/npppd/npppd-users.csv >> realm.local.concentrate: tun0 >> >> lcp.mru: 1400 >> auth.method: mschapv2 chap >> >> # L2TP daemon >> l2tpd.enabled: true >> l2tpd.ip4_allow: 0.0.0.0/0 >> l2tpd.require_ipsec: false >> l2tpd.accept_dialin: true >> >> # PPPoE daemon >> pppoed.enabled: true >> pppoed.interface: PPPoE vic0 >> pppoed.ip4_allow: 0.0.0.0/0 >> >> >> i run isakmpd -K and do a ipsecctl -f /etc/ipsec.conf >> >> >> The content off my ipsec.conf file: >> >> ike passive esp transport \ >> proto udp from 172.16.1.1 to any port 1701 \ >> main auth hmac-sha enc 3des group modp1024 \ >> quick auth hmac-sha enc aes \ >> psk password >> >> >> i run npppd -d and i got this : >> >> 2011-08-19 15:24:20:NOTICE: Starting npppd pid=27755 version=5.0.0 >> 2011-08-19 15:24:20:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. >> 2011-08-19 15:24:20:WARNING: write() failed in in_route0 on RTM_ADD : File exists >> 2011-08-19 15:24:20:INFO: tun0 Started ip4addr=10.0.0.1 >> 2011-08-19 15:24:20:INFO: pool name=default dyn_pool=[10.0.0.0/25] pool=[10.0.0.0/24] >> 2011-08-19 15:24:20:INFO: Added 2 routes for new pool addresses >> 2011-08-19 15:24:20:INFO: Loading pool config successfully. >> 2011-08-19 15:24:20:INFO: realm name=local(local) Loaded users from='/etc/npppd/npppd-users.csv' successfully. 1 users >> 2011-08-19 15:24:20:INFO: Listening /var/run/npppd_ctl (npppd_ctl) >> 2011-08-19 15:24:20:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP] >> 2011-08-19 15:24:20:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] >> 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP] >> 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) >> 2011-08-19 15:24:20:INFO: tun0 is using ipcp=default(1 pools). >> >> >> But when th R2 (LAC) try to establish the L2TP VPN i got this error : >> >> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) is not supported, but it's mandatory >> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet size BEARER_CAPABILITIES 15==10) >> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected state=idle >> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe >> >> Have you got a suggestion ?? >> >> Have you already see this message ? >> >> Thank's. >> >> Bruno Gruel >> >> >>>---- Original Message ---- >>>From: YASUOKA Masahiko <[email protected]> >>>To: [email protected] >>>Cc: [email protected], [email protected] >>>Sent: Jeu, Aou 18, 2011, 8:04 AM >>>Subject: Re: LAC & LNS server with OpenBSD >>> >>>Hello, >>> >>>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>>"Gruel Bruno" <[email protected]> wrote: >>>> First thank's for your help et very good jobs for npppd, it's realy a good >>>> tool. But it seem not to do what i want. >>>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>>> I will try rp-l2tp >>> >>>npppd supports `LNS' only and it supports `compulsory tunnel' (or >>>`accept dialin'). So currently npppd can become `R3' on above picture >>>but it can not become `R2'. >>> >>>To enable `accept-dialin' on npppd, please add below line to >>>npppd.conf. >>> >>> l2tp.accept_dialin: true >>> >>>> How can i have a full doc off npppd ?? >>> >>>Not yet.. >>> >>>> But i confirm that npppd work fine on my lab. >>> >>>Thanks. >>> >>>--yasuoka >>> >>>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>>"Gruel Bruno" <[email protected]> wrote: >>>> Hello, >>>> >>>> First thank's for your help et very good jobs for npppd, it's realy a good >>>> tool. But it seem not to do what i want. >>>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>>> >>>> I will try rp-l2tp >>>> >>>> How can i have a full doc off npppd ?? >>>> >>>> But i confirm that npppd work fine on my lab. >>>> >>>> Thank's. >>>> >>>> Bruno Gruel >>>> >>>>>---- Original Message ---- >>>>>From: Jeremie Courreges-Anglas <[email protected]> >>>>>To: [email protected] >>>>>Sent: Mer, Aou 17, 2011, 12:48 PM >>>>>Subject: Re: LAC & LNS server with OpenBSD >>>>> >>>>>"Gruel Bruno" <[email protected]> writes: >>>>> >>>>>> Hello, >>>>> >>>>>Hi. >>>>> >>>>>> I just want to know if it plan to have a real implitation of L2TP on >>>> OpenBSD. >>>>>> >>>>>> Is there a work in progress ? or never ? >>>>> >>>>>Without knowing what you already know about OpenBSD and L2TP, it's a bit >>>>>difficult to answer. Consider taking a look at /usr/src/usr.sbin/npppd/. >>>>> >>>>>> Thank's >>>>> >>>>>You're welcom'e ;) >>>>> >>>>>-- >>>>>Jeremie Courreges-Anglas - GPG key : 06A11494
