Hallo Alan, Thank you, it works. But I found a new problem: length of Tunnel-Password seems to be wrong. If I understand the RFC 2868 then the password attr length must be 21 (minimum: type=1 + length=1 + tag=1 + salt=2 + pw_string=16).
The Access-Accept contains a password attr with length 20. It seems that the tag isn't included. Regards Wolfgang Trace from Freeradius server: Waking up in 6 seconds... rad_recv: Access-Request packet from host 153.92.29.2:1812, id=52, length=111 User-Password = "\340Wq\210\251\003\020\215\372*\367\363\232\031\331\343" User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 3 NAS-Port-Type = Virtual NAS-Identifier = "BIAS MAC address... comming soon" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm l2tp.com for User-Name = "[EMAIL PROTECTED]" rlm_realm: No such realm l2tp.com modcall[authorize]: module "suffix" returns noop users: Matched [EMAIL PROTECTED] at 93 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 52 to 153.92.29.2:1812 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-Routing = None Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = None Tunnel-Type:0 = L2TP Tunnel-Medium-Type:0 = IP Tunnel-Password:0 = "\245\002\2556P?\3718@\341cl\035\243\262\036\232=" Tunnel-Client-Endpoint:0 = "153.92.29.2" Tunnel-Server-Endpoint:0 = "153.92.28.17" Tunnel-Client-Auth-Id:0 = "olli" Tunnel-Server-Auth-Id:0 = "raclet.l2tp.com" Tunnel-Assignment-Id:0 = "200" Finished request 1 Details from ethereal: User Datagram Protocol, Src Port: radius (1812), Dst Port: radius (1812) Source port: radius (1812) Destination port: radius (1812) Length: 160 Checksum: 0xc035 (correct) Radius Protocol Code: Access Accept (2) Packet identifier: 0x33 (51) Length: 152 Authenticator Attribute value pairs t:Service Type(6) l:6, Value:Framed t:Framed Protocol(7) l:6, Value:PPP t:Framed IP Address(8) l:6, Value:255.255.255.254 t:Framed Routing(10) l:6, Value:None t:Filter Id(11) l:9, Value:"std.ppp" t:Framed MTU(12) l:6, Value:1500 t:Framed Compression(13) l:6, Value:None t:Tunnel Type(64) l:6, Value:L2TP t:Tunnel Medium Type(65) l:6, Value:IPv4 t:Tunnel Password(69) l:20, Value:"\250\204\162\159\164X\028T\128)!^-\158\2538X\149" <<<< len=20 t:Tunnel Client Endpoint(66) l:13, Value:"153.92.29.2" t:Tunnel Server Endpoint(67) l:14, Value:"153.92.28.17" t:Tunnel Client Auth ID(90) l:6, Value:"olli" t:Tunnel Server Auth ID(91) l:17, Value:"raclet.l2tp.com" t:Tunnel Assignment ID(82) l:5, Value:"200" 0000 08 00 3e ff ff 85 08 00 20 f0 b1 77 08 00 45 00 ..>..... ..w..E. 0010 00 b4 dd 79 40 00 ff 11 32 01 99 5c 1c 03 99 5c ...y@...2..\...\ 0020 1d 02 07 14 07 14 00 a0 c0 35 02 33 00 98 a5 7b .........5.3...{ 0030 70 a1 b0 75 dd db d4 95 29 b2 dd 71 25 e9 06 06 p..u....)..q%... 0040 00 00 00 02 07 06 00 00 00 01 08 06 ff ff ff fe ................ 0050 0a 06 00 00 00 00 0b 09 73 74 64 2e 70 70 70 0c ........std.ppp. 0060 06 00 00 05 dc 0d 06 00 00 00 00 40 06 00 00 00 ...........@.... 0070 03 41 06 00 00 00 01 45 14 fa cc a2 9f a4 58 1c .A.....E......X. <<< 45 14 fa cc .. no tag (=0) 0080 54 80 29 21 5e 2d 9e fd 38 58 95 42 0d 31 35 33 T.)!^-..8X.B.153 0090 2e 39 32 2e 32 39 2e 32 43 0e 31 35 33 2e 39 32 .92.29.2C.153.92 00a0 2e 32 38 2e 31 37 5a 06 6f 6c 6c 69 5b 11 72 61 .28.17Z.olli[.ra 00b0 63 6c 65 74 2e 6c 32 74 70 2e 63 6f 6d 52 05 32 clet.l2tp.comR.2 00c0 30 30 00 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html