Re: npppd l2tp-require-ipsec option
On Fri, Feb 28, 2014 at 01:54:13PM -0800, Jeff Goettsch wrote: > That's a known bug: > > http://www.openbsd.org/cgi-bin/man.cgi?query=npppd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html#end Ah, I see; I hadn't actually looked at the npppd man page, only the npppd.conf man page. The BUGS section for npppd.conf doesn't list that, although it mentions a different caveat. Thanks...
Re: npppd l2tp-require-ipsec option
That's a known bug: http://www.openbsd.org/cgi-bin/man.cgi?query=npppd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html#end -- Jeff Goettsch Agricultural and Resource Economics http://agecon.ucdavis.edu/ On 2/28/14 12:25 PM, Paul B. Henson wrote: After getting the basic functionality of an L2TP VPN working with npppd, I tried turning on the l2tp-require-ipsec option, as that seemed desirable; I don't really want an l2tp session set up that's not encapsulated in ipsec. However, with that option on, the attempted VPN connection doesn't seem to get to npppd. After the ipsec negotiation, I see the l2tp packets from the client on enc0: 12:20:38.080921 (authentic,confidential): SPI 0x18fc9556: host-134-71-203-13.allocated.csupomona.edu.55757 > bart.pbhware.com.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *HOST_NAME(Dogbert) *ASSND_TUN_ID(36) *RECV_WIN_SIZE(4) [|l2tp] 12:20:42.116036 (authentic,confidential): SPI 0x18fc9556: host-134-71-203-13.allocated.csupomona.edu.55757 > bart.pbhware.com.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *HOST_NAME(Dogbert) *ASSND_TUN_ID(36) *RECV_WIN_SIZE(4) [|l2tp] But from npppd: 2014-02-28 12:20:26:INFO: l2tpd Listening 96.251.22.154:1701/udp (L2TP LNS) [L2TP_ipv4] It doesn't log anything, it seems like it's just not even seeing the connection attempt. If I disable l2tp-require-ipsec, it works fine again. Am I missing something or not understanding what this option is for? Thanks...
npppd l2tp-require-ipsec option
After getting the basic functionality of an L2TP VPN working with npppd, I tried turning on the l2tp-require-ipsec option, as that seemed desirable; I don't really want an l2tp session set up that's not encapsulated in ipsec. However, with that option on, the attempted VPN connection doesn't seem to get to npppd. After the ipsec negotiation, I see the l2tp packets from the client on enc0: 12:20:38.080921 (authentic,confidential): SPI 0x18fc9556: host-134-71-203-13.allocated.csupomona.edu.55757 > bart.pbhware.com.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *HOST_NAME(Dogbert) *ASSND_TUN_ID(36) *RECV_WIN_SIZE(4) [|l2tp] 12:20:42.116036 (authentic,confidential): SPI 0x18fc9556: host-134-71-203-13.allocated.csupomona.edu.55757 > bart.pbhware.com.l2tp: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *HOST_NAME(Dogbert) *ASSND_TUN_ID(36) *RECV_WIN_SIZE(4) [|l2tp] But from npppd: 2014-02-28 12:20:26:INFO: l2tpd Listening 96.251.22.154:1701/udp (L2TP LNS) [L2TP_ipv4] It doesn't log anything, it seems like it's just not even seeing the connection attempt. If I disable l2tp-require-ipsec, it works fine again. Am I missing something or not understanding what this option is for? Thanks...
