Hi, I have a l2tp/IPsec VPN working on OpenBSD 5.6 with npppd. I have a couple of questions about npppd 1) How come it's not possible to the address assigned to a CARP interface on the OpenBSD host
Here's what's logged when I try to connect using the IP address assigned to the CARP interface (if I switch to using the IP address assigned to the physical interface, everything works ok) isakmpd[27680]: attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC last message repeated 3 times npppd[1250]: l2tpd ctrl=15 logtype=Started RecvSCCRQ from=$AnIPaddr:51863/udp tunnel_id=15/102 protocol=1.0 winsize=4 hostname=mycomputer vendor=(no vendorname) firm=0000 npppd[1250]: l2tpd ctrl=15 SendSCCRP npppd[1250]: l2tpd ctrl=16 logtype=Started RecvSCCRQ from=$AnIPaddr:51863/udp tunnel_id=16/102 protocol=1.0 winsize=4 hostname=mycomputer vendor=(no vendorname) firm=0000 npppd[1250]: l2tpd ctrl=16 SendSCCRP npppd[1250]: l2tpd ctrl=17 logtype=Started RecvSCCRQ from=$AnIPaddr:51863/udp tunnel_id=17/102 protocol=1.0 winsize=4 hostname=mycomputer vendor=(no vendorname) firm=0000 npppd[1250]: l2tpd ctrl=17 SendSCCRP npppd[1250]: l2tpd ctrl=18 logtype=Started RecvSCCRQ from=$AnIPaddr:51863/udp tunnel_id=18/102 protocol=1.0 winsize=4 hostname=mycomputer vendor=(no vendorname) firm=0000 npppd[1250]: l2tpd ctrl=18 SendSCCRP npppd[1250]: l2tpd ctrl=19 logtype=Started RecvSCCRQ from=$AnIPaddr:51863/udp tunnel_id=19/102 protocol=1.0 winsize=4 hostname=mycomputer vendor=(no vendorname) firm=0000 npppd[1250]: l2tpd ctrl=19 SendSCCRP npppd[1250]: l2tpd ctrl=15 timeout waiting ack for ctrl packets. npppd[1250]: l2tpd ctrl=15 logtype=Finished npppd[1250]: l2tpd ctrl=16 timeout waiting ack for ctrl packets. npppd[1250]: l2tpd ctrl=16 logtype=Finished npppd[1250]: l2tpd ctrl=20 logtype=Started RecvSCCRQ from=$AnIPaddr:51863/udp tunnel_id=20/102 protocol=1.0 winsize=4 hostname=mycomputer vendor=(no vendorname) firm=0000 npppd[1250]: l2tpd ctrl=20 SendSCCRP npppd[1250]: l2tpd ctrl=17 timeout waiting ack for ctrl packets. npppd[1250]: l2tpd ctrl=17 logtype=Finished npppd[1250]: l2tpd ctrl=21 logtype=Started RecvSCCRQ from=$AnIPaddr:51863/udp tunnel_id=21/102 protocol=1.0 winsize=4 hostname=mycomputer vendor=(no vendorname) firm=0000 npppd[1250]: l2tpd ctrl=21 SendSCCRP npppd[1250]: l2tpd ctrl=18 timeout waiting ack for ctrl packets. npppd[1250]: l2tpd ctrl=18 logtype=Finished npppd[1250]: l2tpd ctrl=19 timeout waiting ack for ctrl packets. npppd[1250]: l2tpd ctrl=19 logtype=Finished npppd[1250]: l2tpd ctrl=20 timeout waiting ack for ctrl packets. npppd[1250]: l2tpd ctrl=20 logtype=Finished npppd[1250]: l2tpd ctrl=21 timeout waiting ack for ctrl packets. npppd[1250]: l2tpd ctrl=21 logtype=Finished 2) Is it any way possible to push routes to client automatically upon connecting successfully to the VPN? I'm enquiring about these to remove as much burden from user / client as possible. For reaching the VPN via the CARP IP address so that should one of the firewalls fail, the clients won't need to reconfigure their clients (not because I was thinking of sasyncd like behaviour somehow) Sevan / Venture37