Hello, On Fri, 19 Aug 2011 20:26:25 +0200 (CEST) "Gruel Bruno" <[email protected]> wrote: > Now i have got that: > > 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is not > supported, but it's mandatory > 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ > from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8 > hostname=LAC vendor=FreeBSD MPD firm=0000 > 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP > 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4 > error=none/0 tunnel_id=35887 message="" > 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB > 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished > 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control > message: tunnelId=13 is not found. mestype=SCCCN > > I suppose that is what you say. Unable to authenticate via the L2TP no ??
Yes. MPD seems to be using `L2TP tunnel authentication'. Npppd doesn't support `L2TP tunnel authentication' You need to disable it on MPD. --yasuoka On Fri, 19 Aug 2011 20:26:25 +0200 (CEST) "Gruel Bruno" <[email protected]> wrote: > Hello, > > Thank's for your quick reply. > So i'm intersting about tunnel authentication because it's the final point off > my project. > > I do what you say, disable hidden in MPD but there is still error message. > > Now i have got that: > > 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is not > supported, but it's mandatory > 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ > from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8 > hostname=LAC vendor=FreeBSD MPD firm=0000 > 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP > 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4 > error=none/0 tunnel_id=35887 message="" > 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB > 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished > 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control > message: tunnelId=13 is not found. mestype=SCCCN > > I suppose that is what you say. Unable to authenticate via the L2TP no ?? > > Thank's > > Bruno. > >>---- Original Message ---- >>From: YASUOKA Masahiko <[email protected]> >>To: [email protected] >>Cc: [email protected] >>Sent: Ven, Aou 19, 2011, 16:37 PM >>Subject: Re: LAC & LNS server with OpenBSD >> >>Hi, >> >>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) >>"Gruel Bruno" <[email protected]> wrote: >>> Since several days i do some test in my lab but i have a problem. >>> >>> According to my picture > http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png >>> >>> R1 is a openbsd 4.9 wh make a ppoe call >>> R2 is a freebsd with the MPD5 daemon who run as an LAC >>> R3 is a openbsd 4.9 with npppd who run as a LNS. >>(snip) >>> But when th R2 (LAC) try to establish the L2TP VPN i got this error : >>> >>> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) > is not supported, but it's mandatory >>> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet > size BEARER_CAPABILITIES 15==10) >>> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected > state=idle >>> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe >>> >>> Have you got a suggestion ?? >> >>mpd seems to be using `hidden AVP' but npppd doesn't support that. >>Disabling `hidden AVP' on mpd may save this problem. Npppd also >>doesn't support `tunnel authentication'. >> >>It's not difficult to add them if some of you use them. >> >>Thanks, >> >>--yasuoka >> >> >>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) >>"Gruel Bruno" <[email protected]> wrote: >>> Hello, >>> >>> Since several days i do some test in my lab but i have a problem. >>> >>> According to my picture > http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png >>> >>> R1 is a openbsd 4.9 wh make a ppoe call >>> R2 is a freebsd with the MPD5 daemon who run as an LAC >>> R3 is a openbsd 4.9 with npppd who run as a LNS. >>> >>> This is the R3 npppd configuration file >>> >>> # >>> # Simplest npppd.conf sample >>> # >>> # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $ >>> >>> interface_list: tun0 >>> interface.tun0.ip4addr: 10.0.0.1 >>> >>> # IP address pool >>> pool.dyna_pool: 10.0.0.0/25 >>> pool.pool: 10.0.0.128/25 >>> >>> # Authentication >>> auth.local.realm_list: local >>> auth.local.realm.acctlist: /etc/npppd/npppd-users.csv >>> realm.local.concentrate: tun0 >>> >>> lcp.mru: 1400 >>> auth.method: mschapv2 chap >>> >>> # L2TP daemon >>> l2tpd.enabled: true >>> l2tpd.ip4_allow: 0.0.0.0/0 >>> l2tpd.require_ipsec: false >>> l2tpd.accept_dialin: true >>> >>> # PPPoE daemon >>> pppoed.enabled: true >>> pppoed.interface: PPPoE vic0 >>> pppoed.ip4_allow: 0.0.0.0/0 >>> >>> >>> i run isakmpd -K and do a ipsecctl -f /etc/ipsec.conf >>> >>> >>> The content off my ipsec.conf file: >>> >>> ike passive esp transport \ >>> proto udp from 172.16.1.1 to any port 1701 \ >>> main auth hmac-sha enc 3des group modp1024 \ >>> quick auth hmac-sha enc aes \ >>> psk password >>> >>> >>> i run npppd -d and i got this : >>> >>> 2011-08-19 15:24:20:NOTICE: Starting npppd pid=27755 version=5.0.0 >>> 2011-08-19 15:24:20:NOTICE: Load configuration from='/etc/npppd/npppd.conf' > successfully. >>> 2011-08-19 15:24:20:WARNING: write() failed in in_route0 on RTM_ADD : File > exists >>> 2011-08-19 15:24:20:INFO: tun0 Started ip4addr=10.0.0.1 >>> 2011-08-19 15:24:20:INFO: pool name=default dyn_pool=[10.0.0.0/25] > pool=[10.0.0.0/24] >>> 2011-08-19 15:24:20:INFO: Added 2 routes for new pool addresses >>> 2011-08-19 15:24:20:INFO: Loading pool config successfully. >>> 2011-08-19 15:24:20:INFO: realm name=local(local) Loaded users > from='/etc/npppd/npppd-users.csv' successfully. 1 users >>> 2011-08-19 15:24:20:INFO: Listening /var/run/npppd_ctl (npppd_ctl) >>> 2011-08-19 15:24:20:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) > [L2TP] >>> 2011-08-19 15:24:20:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] >>> 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) > [PPTP] >>> 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) >>> 2011-08-19 15:24:20:INFO: tun0 is using ipcp=default(1 pools). >>> >>> >>> But when th R2 (LAC) try to establish the L2TP VPN i got this error : >>> >>> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) > is not supported, but it's mandatory >>> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet > size BEARER_CAPABILITIES 15==10) >>> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected > state=idle >>> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe >>> >>> Have you got a suggestion ?? >>> >>> Have you already see this message ? >>> >>> Thank's. >>> >>> Bruno Gruel >>> >>> >>>>---- Original Message ---- >>>>From: YASUOKA Masahiko <[email protected]> >>>>To: [email protected] >>>>Cc: [email protected], [email protected] >>>>Sent: Jeu, Aou 18, 2011, 8:04 AM >>>>Subject: Re: LAC & LNS server with OpenBSD >>>> >>>>Hello, >>>> >>>>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>>>"Gruel Bruno" <[email protected]> wrote: >>>>> First thank's for your help et very good jobs for npppd, it's realy a > good >>>>> tool. But it seem not to do what i want. >>>>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>>>> I will try rp-l2tp >>>> >>>>npppd supports `LNS' only and it supports `compulsory tunnel' (or >>>>`accept dialin'). So currently npppd can become `R3' on above picture >>>>but it can not become `R2'. >>>> >>>>To enable `accept-dialin' on npppd, please add below line to >>>>npppd.conf. >>>> >>>> l2tp.accept_dialin: true >>>> >>>>> How can i have a full doc off npppd ?? >>>> >>>>Not yet.. >>>> >>>>> But i confirm that npppd work fine on my lab. >>>> >>>>Thanks. >>>> >>>>--yasuoka >>>> >>>>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>>>"Gruel Bruno" <[email protected]> wrote: >>>>> Hello, >>>>> >>>>> First thank's for your help et very good jobs for npppd, it's realy a > good >>>>> tool. But it seem not to do what i want. >>>>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>>>> >>>>> I will try rp-l2tp >>>>> >>>>> How can i have a full doc off npppd ?? >>>>> >>>>> But i confirm that npppd work fine on my lab. >>>>> >>>>> Thank's. >>>>> >>>>> Bruno Gruel >>>>> >>>>>>---- Original Message ---- >>>>>>From: Jeremie Courreges-Anglas <[email protected]> >>>>>>To: [email protected] >>>>>>Sent: Mer, Aou 17, 2011, 12:48 PM >>>>>>Subject: Re: LAC & LNS server with OpenBSD >>>>>> >>>>>>"Gruel Bruno" <[email protected]> writes: >>>>>> >>>>>>> Hello, >>>>>> >>>>>>Hi. >>>>>> >>>>>>> I just want to know if it plan to have a real implitation of L2TP on >>>>> OpenBSD. >>>>>>> >>>>>>> Is there a work in progress ? or never ? >>>>>> >>>>>>Without knowing what you already know about OpenBSD and L2TP, it's a bit >>>>>>difficult to answer. Consider taking a look at /usr/src/usr.sbin/npppd/. >>>>>> >>>>>>> Thank's >>>>>> >>>>>>You're welcom'e ;) >>>>>> >>>>>>-- >>>>>>Jeremie Courreges-Anglas - GPG key : 06A11494
