Stuart, thanks again for your support.
I've read some docs since my last post about IKEv1 support only for MS IPsec + L2TP. xl2tpd-1.3.8 has been installed already on OpenBSD 6.1amd64. I tried to use it with integrated pppd, but unsuccessful. Is xl2tcp-1.3.8 the same version with patches as from -current ports? pppd has no option to support mschap-v2 available as pppd(8) shows, but some people shared configs from OpenBSD 5.4 with mschap-v2 option available in /etc/ppp/options.xl2tpd: ------------------------------------------------------- obsd client's /etc/xl2tpd/xl2tpd.conf: [global] debug avp = yes debug network = yes debug state = yes debug tunnel = yes [lac foo] lns = A.B.C.D ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd.client length bit = yes autodial=yes -------------------------------------------------------- obsd client's /etc/ppp/options.l2tpd.client: ipcp-accept-local ipcp-accept-remote refuse-eap require-mschap-v2 noccp noauth idle 1800 mtu 1410 mru 1410 defaultroute usepeerdns debug lock name xxxxx password xxxxx ---------------------------------------------------------- I have no evidence if it was work or not. Seems "require-mschap-v2" support is absent in pppd, While connection is established it drops when xl2tpd call pppd with mschap-v2 option is needed. The questions is: how to use npppd with "authentication method mschap-v2" supported to make it work with xl2tpd together or what program will help to connect with xl2tpd in bundle to MS IPsec services? Stuart, I know that MS implementation is not so reliable as OpenBSD implementation, but I have remote server with only MS based VPN managed by others, so I can't affect on it. Thanks Denis On 11/24/2017 1:54 PM, Stuart Henderson wrote: > On 2017-11-23, Denis <den...@mindall.org> wrote: >> Hi All, >> >> I have a goal to make an IPsec connection to an external L2TP IPsec with >> mschap-v2 (preshared key auth) server. >> OpenBSD 6.1amd64 will play client role in this case. >> >> Would you recommended suitable way to make such VPN connection? >> >> Can it be realized using iked? > No. IPsec+L2TP uses IKEv1, iked uses IKEv2. > >> Any recommendations or examples will be helpful. >> >> Thank you for answer in advance. > It's not as nice or reliable as normal OpenBSD IPsec, but > landry@ got this to work. Install xl2tpd (take the version from > -current ports, it has a hack which avoids some problems seen with > "large" packets) and look at the README. > >
