I had the misfortune today of having to setup an IKEv1/L2TP VPN. FAQ 17 was very helpful, as was the xl2tpd README, but there are a couple of issues I ran into that I think should be addressed by the README.
First, xl2tpd won't run pppd unless the _xl2tpd user is in the network group (see SECURITY section of pppd(8)). If you don't add _xl2tpd to the network group, you get this error when running xl2tpd: xl2tpd[83064]: start_pppd: Exec of /usr/sbin/pppd failed Second /etc/ppp/options contains "auth", and since the /etc/ppp/options.l2tp file recommended by the README has "noauth", the configuration doesn't work, with pppd erroring with: pppd[42191]: cannot override default auth option The diff should fix these issues. OKs? Thanks, Jeremy Index: pkg/README =================================================================== RCS file: /cvs/ports/net/xl2tpd/pkg/README,v retrieving revision 1.8 diff -u -p -r1.8 README --- pkg/README 4 Sep 2018 12:46:19 -0000 1.8 +++ pkg/README 23 Mar 2019 03:58:20 -0000 @@ -109,6 +109,8 @@ esp transport from $server to $me spi 0x If that is successful, you can try to make the L2TP connection: +# sed -i 's/^auth/#auth/' /etc/ppp/options +# usermod -G network _xl2tpd # ifconfig ppp0 up # rcctl start xl2tpd # tail -f /var/log/daemon &
