Re: pppd problem

Stephane DESMET Thu, 04 Dec 2003 05:22:11 -0800

OK every thing works fine for me, Thanks Jacco.
Here is a little summary of all the tips fixing my problem :



> Okay, I joined my ppp log. 

They don't seem to agree on an PPP authentication protocol.
See my options.l2tpd. I think adding require chap = yes and
refuse pap = yes should do the trick.


> Is it a problem that I have no modem (my win2k and freeswan are on the
> same subnet) ?

No, that has nothing to do with it.


> And what about the "lac" field ?

Just ignore it for the moment. You better let FreeS/WAN do the
checking of allowed IP addresses.


>> Okay, I joined my ppp log. 
> rcvd [LCP ConfNak id=0x1 <auth 0xc227>]

OK, I looked up the meaning of this error and it seems that
your client wants to use EAP. I think the Linux pppd does not
support this yet. Better stick to CHAP or PAP:

http://www.jacco2.dds.nl/networking/screenshots/psk/14addchap.png


> Is it a problem that I have no modem (my win2k and freeswan are on the
> same subnet) ?

No, that has nothing to do with it.


> Finaly, everything works fine with all your tips.
> Thank you very much for your help and for your work on l2tpd.

Ah, that's great to hear! Could you post a summary to the
mailinglist? People might be interested to read it when they
have the same problem.


> But my connection to freeswan is authenticated by X.509, not with PSK.
> So I have to use EAP to make windows use his certificate to authenticate 
> to the freeswan, no ?

You can use certificates with both IPsec _and_ EAP. In your case you
need to use them only for IPsec. EAP is a special authentication
protocol for PPP. It is often used as a replacement for PAP and CHAP
because these are considerably less secure. EAP is often used to
enable login using a smartcard. The certificate and private key
of the EAP connection is stored on the smart card.


> I have one last question ;)
> Does "Optionnal encryption (connect even if no encryption)" mean that
> the connection is not encrypted ?

No, that option only concerns PPP encryption (=MPPE, also used by PPTP).
The connection as a whole is already protected by IPsec encryption.



THAT'S ALL !

Thanks Again to Jacco.

-- 
Stephane DESMET
Responsable produits de sécurité
All Computing SAS
17, rue du Colisée - 75008 Paris
France
(+33)1 49 53 90 36
(+33)6 88 82 55 87
internet: www.allcomputing.fr




On Wed, 3 Dec 2003 16:04:37 +0100
Stephane DESMET <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> I have some troubles makging an l2tp connection between win2k and
> freesWAN/l2tpd.
> The IPsec connection seem to be okay, SA established.
> The problem comes with the ppp daemon.
> the error I have is : 
> peer closing for reason 3 (Control channel already exists)
> 
> One strange thing is "auth" in the pppd command line, even if I have
> noauth in options.l2tpd
> 
> I don't understand what is the "ip range" field in the l2tpd.conf.
> If I remove this field, I have peer closing connection for reason 1.
> 
> I have joined my l2tpd log, l2tpd.conf and options.l2tpd .
> 
> Could anybody help me ?
> Thank you very much for any answer.
> 
> Best regards.
> 
> -- 
> Stephane DESMET
> Responsable produits de sécurité
> All Computing SAS
> 17, rue du Colisée - 75008 Paris
> France
> (+33)1 49 53 90 36
> (+33)6 88 82 55 87
> internet: www.allcomputing.fr
> 
> 
> 
> #> l2tpd -D
> This binary does not support kernel L2TP.
> l2tpd version 0.69 started on barrikaad PID:3042
> Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
> Forked by Scott Balmos and David Stipp, (C) 2001
> Inhereted by Jeff McAdams, (C) 2002
> Linux version 2.4.19-grsec-2 on a i686, port 1701
> ourtid = 24419, entropy_buf = 5f63
> check_control: control, cid = 0, Ns = 0, Nr = 0
> handle_avps: handling avp's for tunnel 24419, call 0
> message_type_avp: message type 1 (Start-Control-Connection-Request)
> protocol_version_avp: peer is using version 1, revision 0.
> framing_caps_avp: supported peer frames: sync
> bearer_caps_avp: supported peer bearers:
> firmware_rev_avp: peer reports firmware version 1280 (0x0500)
> hostname_avp: peer reports hostname 'westeban'
> vendor_avp: peer reports vendor 'Microsoft_'
> assigned_tunnel_avp: using peer's tunnel 11
> receive_window_size_avp: peer wants RWS of 8.  Will use flow control.
> check_control: control, cid = 0, Ns = 1, Nr = 1
> handle_avps: handling avp's for tunnel 24419, call 0
> message_type_avp: message type 3 (Start-Control-Connection-Connected)
> control_finish: Connection established to 10.1.10.58, 1701.  Local: 24419, Remote: 
> 11.  LNS session is 'barricade'
> check_control: control, cid = 0, Ns = 2, Nr = 1
> handle_avps: handling avp's for tunnel 24419, call 0
> message_type_avp: message type 10 (Incoming-Call-Request)
> message_type_avp: new incoming call
> ourcid = 7323, entropy_buf = 1c9b
> assigned_call_avp: using peer's call 1
> call_serno_avp: serial number is 0
> bearer_type_avp: peer bears: analog
> check_control: control, cid = 0, Ns = 3, Nr = 1
> check_control: control, cid = 1, Ns = 3, Nr = 2
> handle_avps: handling avp's for tunnel 24419, call 7323
> message_type_avp: message type 12 (Incoming-Call-Connected)
> tx_speed_avp: transmit baud rate is 10000000
> frame_type_avp: peer uses:sync frames
> ignore_avp : Ignoring AVP
> start_pppd: I'm running:  "/usr/sbin/pppd" "passive" "-detach" 
> "10.1.30.254:10.0.0.1" "auth" "name" "Barricade" "file" "/etc/ppp/options.l2tpd" 
> control_finish: Call established with 10.1.10.58, Local: 7323, Remote: 1, Serial: 0
> check_control: control, cid = 0, Ns = 4, Nr = 2
> check_control: control, cid = 1, Ns = 4, Nr = 2
> handle_avps: handling avp's for tunnel 24419, call 7323
> message_type_avp: message type 14 (Call-Disconnect-Notify)
> result_code_avp: peer closing for reason 3 (Control channel already exists), error = 
> 0 ()
> assigned_call_avp: using peer's call 1
> control_finish: Connection closed to 10.1.10.58, serial 0 ()
> check_control: control, cid = 0, Ns = 5, Nr = 2
> handle_avps: handling avp's for tunnel 24419, call 0
> message_type_avp: message type 4 (Stop-Control-Connection-Notification)
> assigned_tunnel_avp: using peer's tunnel 11
> result_code_avp: peer closing for reason 6 (Requester is being shut down), error = 0 
> ()
> control_finish: Connection closed to 10.1.10.58, port 1701 (), Local: 24419, Remote: 
> 11
> death_handler: Fatal signal 2 received
> 
>
> PPP log :  #> grep ppp debug
> debug:Dec  3 16:41:24 barrikaad l2tpd[3184]: start_pppd: I'm running:  
> debug:Dec  3 16:41:24 barrikaad l2tpd[3184]: "/usr/sbin/pppd" 
> debug:Dec  3 16:41:24 barrikaad l2tpd[3184]: "/etc/ppp/options.l2tpd" 
> debug:Dec  3 16:41:24 barrikaad alertfilter[932]: NORMAL: Dec  3 16:41:24 barrikaad 
> pppd[3210]: pppd 2.4.1 started by root, uid 0
> debug:Dec  3 16:41:24 barrikaad pppd[3210]: using channel 34
> debug:Dec  3 16:41:24 barrikaad alertfilter[932]: NORMAL: Dec  3 16:41:24 barrikaad 
> pppd[3210]: Using interface ppp0
> debug:Dec  3 16:41:24 barrikaad alertfilter[932]: NORMAL: Dec  3 16:41:24 barrikaad 
> pppd[3210]: Connect: ppp0 <--> /dev/ttyp0
> debug:Dec  3 16:41:24 barrikaad pppd[3210]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:25 barrikaad pppd[3210]: rcvd [LCP ConfReq id=0x0 <magic 
> 0x381c6856> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint 
> [local:34.8e.70.58.7f.b3.40.0b.88.ef.9d.c1.83.f3.7f.f1.00.00.00.07]>]
> debug:Dec  3 16:41:25 barrikaad pppd[3210]: sent [LCP ConfRej id=0x0 <magic 
> 0x381c6856> <callback CBCP> <mrru 1614>]
> debug:Dec  3 16:41:25 barrikaad pppd[3210]: rcvd [LCP ConfReq id=0x1 <pcomp> 
> <accomp> <endpoint 
> [local:34.8e.70.58.7f.b3.40.0b.88.ef.9d.c1.83.f3.7f.f1.00.00.00.07]>]
> debug:Dec  3 16:41:25 barrikaad pppd[3210]: sent [LCP ConfAck id=0x1 <pcomp> 
> <accomp> <endpoint 
> [local:34.8e.70.58.7f.b3.40.0b.88.ef.9d.c1.83.f3.7f.f1.00.00.00.07]>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0x1 <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0x2 <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0x3 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0x3 <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0x4 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0x4 <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0x5 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0x5 <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0x6 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0x6 <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0x7 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0x7 <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0x8 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0x8 <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0x9 <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0x9 <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0xa <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP ConfNak id=0xa <auth 0xc227>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP ConfReq id=0xb <asyncmap 0x0> 
> <pcomp> <accomp>]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: rcvd [LCP TermReq id=0x2 
> "8\034hV\000<\37777777715t\000\000\002\37777777734"]
> debug:Dec  3 16:41:27 barrikaad pppd[3210]: sent [LCP TermAck id=0x2]
> debug:Dec  3 16:41:27 barrikaad alertfilter[932]: NORMAL: Dec  3 16:41:27 barrikaad 
> pppd[3210]: Terminating on signal 15.
> debug:Dec  3 16:41:27 barrikaad alertfilter[932]: NORMAL: Dec  3 16:41:27 barrikaad 
> pppd[3210]: Modem hangup
> debug:Dec  3 16:41:27 barrikaad alertfilter[932]: NORMAL: Dec  3 16:41:27 barrikaad 
> pppd[3210]: Connection terminated.
> debug:Dec  3 16:41:27 barrikaad alertfilter[932]: NORMAL: Dec  3 16:41:27 barrikaad 
> pppd[3210]: Exit.
> 
>
> 
> l2tpd.conf:
> [global]
> port = 1701
> access control = no
> 
> [lns barricade]
> name = Barricade
> require authentication = yes
> pppoptfile = /etc/ppp/options.l2tpd
> ppp debug = no
> flow bit = yes
> lac = 0.0.0.1 - 223.255.255.255
> local ip = 10.1.30.254
> ip range = 10.0.0.1 - 10.0.0.254
> __END__
> 
> 
> /etc/ppp/options.l2tpd:
> noauth
> nomagic
> __END__
> 
> 
> My test network is :
> 
> LAN(10.1.30.0/24)----(10.1.30.254)FreeSWAN/l2tpd(10.1.10.50)---------win2k 
> roadwarrior(10.1.10.58)
> 
> 
> 
>

Re: pppd problem

Reply via email to