Hello, On Sun, 21 Aug 2011 19:17:36 +0200 (CEST) "Gruel Bruno" <[email protected]> wrote: > Thank's for your reply it's works.
Thank you for your feedbacks. > But i have still some question. > It's not realy secure to do that, no (a VPN without password )?? It depends on your network which you use L2TP on. Until your case, npppd has been developed for L2TP on IPsec or L2TP on trusted network. > Do you plan to implement tunnel auth in npppd ? I'll plan to implement it if you (or maybe somebody) use it. :) --yasuoka On Sun, 21 Aug 2011 19:17:36 +0200 (CEST) "Gruel Bruno" <[email protected]> wrote: > Hello, > > Thank's for your reply it's works. > > By disable tunnel auth in MPD the client, can get ip configuration via the > L2TP tunnel. > > But i have still some question. > > It's not realy secure to do that, no (a VPN without password )?? > Do you plan to implement tunnel auth in npppd ? > > So thank's for your work and you availability. > > Bruno Gruel > >>---- Original Message ---- >>From: YASUOKA Masahiko <[email protected]> >>To: [email protected] >>Cc: [email protected] >>Sent: Dim, Aou 21, 2011, 17:32 PM >>Subject: Re: LAC & LNS server with OpenBSD >> >>Hello, >> >>On Fri, 19 Aug 2011 20:26:25 +0200 (CEST) >>"Gruel Bruno" <[email protected]> wrote: >>> Now i have got that: >>> >>> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is >>> not >>> supported, but it's mandatory >>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ >>> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8 >>> hostname=LAC vendor=FreeBSD MPD firm=0000 >>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP >>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4 >>> error=none/0 tunnel_id=35887 message="" >>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB >>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished >>> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control >>> message: tunnelId=13 is not found. mestype=SCCCN >>> >>> I suppose that is what you say. Unable to authenticate via the L2TP no ?? >> >>Yes. MPD seems to be using `L2TP tunnel authentication'. Npppd >>doesn't support `L2TP tunnel authentication' You need to disable it >>on MPD. >> >>--yasuoka >> >>On Fri, 19 Aug 2011 20:26:25 +0200 (CEST) >>"Gruel Bruno" <[email protected]> wrote: >>> Hello, >>> >>> Thank's for your quick reply. >>> So i'm intersting about tunnel authentication because it's the final point >>> off >>> my project. >>> >>> I do what you say, disable hidden in MPD but there is still error message. >>> >>> Now i have got that: >>> >>> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is >>> not >>> supported, but it's mandatory >>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ >>> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8 >>> hostname=LAC vendor=FreeBSD MPD firm=0000 >>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP >>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4 >>> error=none/0 tunnel_id=35887 message="" >>> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB >>> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished >>> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control >>> message: tunnelId=13 is not found. mestype=SCCCN >>> >>> I suppose that is what you say. Unable to authenticate via the L2TP no ?? >>> >>> Thank's >>> >>> Bruno. >>> >>>>---- Original Message ---- >>>>From: YASUOKA Masahiko <[email protected]> >>>>To: [email protected] >>>>Cc: [email protected] >>>>Sent: Ven, Aou 19, 2011, 16:37 PM >>>>Subject: Re: LAC & LNS server with OpenBSD >>>> >>>>Hi, >>>> >>>>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) >>>>"Gruel Bruno" <[email protected]> wrote: >>>>> Since several days i do some test in my lab but i have a problem. >>>>> >>>>> According to my picture >>> http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png >>>>> >>>>> R1 is a openbsd 4.9 wh make a ppoe call >>>>> R2 is a freebsd with the MPD5 daemon who run as an LAC >>>>> R3 is a openbsd 4.9 with npppd who run as a LNS. >>>>(snip) >>>>> But when th R2 (LAC) try to establish the L2TP VPN i got this error : >>>>> >>>>> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) >>> is not supported, but it's mandatory >>>>> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet >>> size BEARER_CAPABILITIES 15==10) >>>>> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected >>> state=idle >>>>> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe >>>>> >>>>> Have you got a suggestion ?? >>>> >>>>mpd seems to be using `hidden AVP' but npppd doesn't support that. >>>>Disabling `hidden AVP' on mpd may save this problem. Npppd also >>>>doesn't support `tunnel authentication'. >>>> >>>>It's not difficult to add them if some of you use them. >>>> >>>>Thanks, >>>> >>>>--yasuoka >>>> >>>> >>>>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) >>>>"Gruel Bruno" <[email protected]> wrote: >>>>> Hello, >>>>> >>>>> Since several days i do some test in my lab but i have a problem. >>>>> >>>>> According to my picture >>> http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png >>>>> >>>>> R1 is a openbsd 4.9 wh make a ppoe call >>>>> R2 is a freebsd with the MPD5 daemon who run as an LAC >>>>> R3 is a openbsd 4.9 with npppd who run as a LNS. >>>>> >>>>> This is the R3 npppd configuration file >>>>> >>>>> # >>>>> # Simplest npppd.conf sample >>>>> # >>>>> # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $ >>>>> >>>>> interface_list: tun0 >>>>> interface.tun0.ip4addr: 10.0.0.1 >>>>> >>>>> # IP address pool >>>>> pool.dyna_pool: 10.0.0.0/25 >>>>> pool.pool: 10.0.0.128/25 >>>>> >>>>> # Authentication >>>>> auth.local.realm_list: local >>>>> auth.local.realm.acctlist: /etc/npppd/npppd-users.csv >>>>> realm.local.concentrate: tun0 >>>>> >>>>> lcp.mru: 1400 >>>>> auth.method: mschapv2 chap >>>>> >>>>> # L2TP daemon >>>>> l2tpd.enabled: true >>>>> l2tpd.ip4_allow: 0.0.0.0/0 >>>>> l2tpd.require_ipsec: false >>>>> l2tpd.accept_dialin: true >>>>> >>>>> # PPPoE daemon >>>>> pppoed.enabled: true >>>>> pppoed.interface: PPPoE vic0 >>>>> pppoed.ip4_allow: 0.0.0.0/0 >>>>> >>>>> >>>>> i run isakmpd -K and do a ipsecctl -f /etc/ipsec.conf >>>>> >>>>> >>>>> The content off my ipsec.conf file: >>>>> >>>>> ike passive esp transport \ >>>>> proto udp from 172.16.1.1 to any port 1701 \ >>>>> main auth hmac-sha enc 3des group modp1024 \ >>>>> quick auth hmac-sha enc aes \ >>>>> psk password >>>>> >>>>> >>>>> i run npppd -d and i got this : >>>>> >>>>> 2011-08-19 15:24:20:NOTICE: Starting npppd pid=27755 version=5.0.0 >>>>> 2011-08-19 15:24:20:NOTICE: Load configuration >>>>> from='/etc/npppd/npppd.conf' >>> successfully. >>>>> 2011-08-19 15:24:20:WARNING: write() failed in in_route0 on RTM_ADD : File >>> exists >>>>> 2011-08-19 15:24:20:INFO: tun0 Started ip4addr=10.0.0.1 >>>>> 2011-08-19 15:24:20:INFO: pool name=default dyn_pool=[10.0.0.0/25] >>> pool=[10.0.0.0/24] >>>>> 2011-08-19 15:24:20:INFO: Added 2 routes for new pool addresses >>>>> 2011-08-19 15:24:20:INFO: Loading pool config successfully. >>>>> 2011-08-19 15:24:20:INFO: realm name=local(local) Loaded users >>> from='/etc/npppd/npppd-users.csv' successfully. 1 users >>>>> 2011-08-19 15:24:20:INFO: Listening /var/run/npppd_ctl (npppd_ctl) >>>>> 2011-08-19 15:24:20:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) >>> [L2TP] >>>>> 2011-08-19 15:24:20:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] >>>>> 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) >>> [PPTP] >>>>> 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) >>>>> 2011-08-19 15:24:20:INFO: tun0 is using ipcp=default(1 pools). >>>>> >>>>> >>>>> But when th R2 (LAC) try to establish the L2TP VPN i got this error : >>>>> >>>>> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) >>> is not supported, but it's mandatory >>>>> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet >>> size BEARER_CAPABILITIES 15==10) >>>>> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected >>> state=idle >>>>> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe >>>>> >>>>> Have you got a suggestion ?? >>>>> >>>>> Have you already see this message ? >>>>> >>>>> Thank's. >>>>> >>>>> Bruno Gruel >>>>> >>>>> >>>>>>---- Original Message ---- >>>>>>From: YASUOKA Masahiko <[email protected]> >>>>>>To: [email protected] >>>>>>Cc: [email protected], [email protected] >>>>>>Sent: Jeu, Aou 18, 2011, 8:04 AM >>>>>>Subject: Re: LAC & LNS server with OpenBSD >>>>>> >>>>>>Hello, >>>>>> >>>>>>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>>>>>"Gruel Bruno" <[email protected]> wrote: >>>>>>> First thank's for your help et very good jobs for npppd, it's realy a >>> good >>>>>>> tool. But it seem not to do what i want. >>>>>>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>>>>>> I will try rp-l2tp >>>>>> >>>>>>npppd supports `LNS' only and it supports `compulsory tunnel' (or >>>>>>`accept dialin'). So currently npppd can become `R3' on above picture >>>>>>but it can not become `R2'. >>>>>> >>>>>>To enable `accept-dialin' on npppd, please add below line to >>>>>>npppd.conf. >>>>>> >>>>>> l2tp.accept_dialin: true >>>>>> >>>>>>> How can i have a full doc off npppd ?? >>>>>> >>>>>>Not yet.. >>>>>> >>>>>>> But i confirm that npppd work fine on my lab. >>>>>> >>>>>>Thanks. >>>>>> >>>>>>--yasuoka >>>>>> >>>>>>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>>>>>"Gruel Bruno" <[email protected]> wrote: >>>>>>> Hello, >>>>>>> >>>>>>> First thank's for your help et very good jobs for npppd, it's realy a >>> good >>>>>>> tool. But it seem not to do what i want. >>>>>>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>>>>>> >>>>>>> I will try rp-l2tp >>>>>>> >>>>>>> How can i have a full doc off npppd ?? >>>>>>> >>>>>>> But i confirm that npppd work fine on my lab. >>>>>>> >>>>>>> Thank's. >>>>>>> >>>>>>> Bruno Gruel >>>>>>> >>>>>>>>---- Original Message ---- >>>>>>>>From: Jeremie Courreges-Anglas <[email protected]> >>>>>>>>To: [email protected] >>>>>>>>Sent: Mer, Aou 17, 2011, 12:48 PM >>>>>>>>Subject: Re: LAC & LNS server with OpenBSD >>>>>>>> >>>>>>>>"Gruel Bruno" <[email protected]> writes: >>>>>>>> >>>>>>>>> Hello, >>>>>>>> >>>>>>>>Hi. >>>>>>>> >>>>>>>>> I just want to know if it plan to have a real implitation of L2TP on >>>>>>> OpenBSD. >>>>>>>>> >>>>>>>>> Is there a work in progress ? or never ? >>>>>>>> >>>>>>>>Without knowing what you already know about OpenBSD and L2TP, it's a bit >>>>>>>>difficult to answer. Consider taking a look at /usr/src/usr.sbin/npppd/. >>>>>>>> >>>>>>>>> Thank's >>>>>>>> >>>>>>>>You're welcom'e ;) >>>>>>>> >>>>>>>>-- >>>>>>>>Jeremie Courreges-Anglas - GPG key : 06A11494
