Hello, Thank's for your reply it's works.
By disable tunnel auth in MPD the client, can get ip configuration via the L2TP tunnel. But i have still some question. It's not realy secure to do that, no (a VPN without password )?? Do you plan to implement tunnel auth in npppd ? So thank's for your work and you availability. Bruno Gruel >---- Original Message ---- >From: YASUOKA Masahiko <[email protected]> >To: [email protected] >Cc: [email protected] >Sent: Dim, Aou 21, 2011, 17:32 PM >Subject: Re: LAC & LNS server with OpenBSD > >Hello, > >On Fri, 19 Aug 2011 20:26:25 +0200 (CEST) >"Gruel Bruno" <[email protected]> wrote: >> Now i have got that: >> >> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is not >> supported, but it's mandatory >> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ >> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8 >> hostname=LAC vendor=FreeBSD MPD firm=0000 >> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP >> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4 >> error=none/0 tunnel_id=35887 message="" >> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB >> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished >> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control >> message: tunnelId=13 is not found. mestype=SCCCN >> >> I suppose that is what you say. Unable to authenticate via the L2TP no ?? > >Yes. MPD seems to be using `L2TP tunnel authentication'. Npppd >doesn't support `L2TP tunnel authentication' You need to disable it >on MPD. > >--yasuoka > >On Fri, 19 Aug 2011 20:26:25 +0200 (CEST) >"Gruel Bruno" <[email protected]> wrote: >> Hello, >> >> Thank's for your quick reply. >> So i'm intersting about tunnel authentication because it's the final point off >> my project. >> >> I do what you say, disable hidden in MPD but there is still error message. >> >> Now i have got that: >> >> 2011-08-19 16:11:33:WARNING: l2tpd ctrl=13 Received AVP (CHALLENGE/11) is not >> supported, but it's mandatory >> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Started RecvSCCRQ >> from=172.16.1.1:33203/udp tunnel_id=13/35887 protocol=1.0 winsize=8 >> hostname=LAC vendor=FreeBSD MPD firm=0000 >> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendSCCRP >> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 RecvStopCCN result=UNAUTHORIZED/4 >> error=none/0 tunnel_id=35887 message="" >> 2011-08-19 16:11:33:INFO: l2tpd ctrl=13 SendZLB >> 2011-08-19 16:11:33:NOTICE: l2tpd ctrl=13 logtype=Finished >> 2011-08-19 16:11:33:INFO: l2tpd Received from=172.16.1.1:33203: bad control >> message: tunnelId=13 is not found. mestype=SCCCN >> >> I suppose that is what you say. Unable to authenticate via the L2TP no ?? >> >> Thank's >> >> Bruno. >> >>>---- Original Message ---- >>>From: YASUOKA Masahiko <[email protected]> >>>To: [email protected] >>>Cc: [email protected] >>>Sent: Ven, Aou 19, 2011, 16:37 PM >>>Subject: Re: LAC & LNS server with OpenBSD >>> >>>Hi, >>> >>>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) >>>"Gruel Bruno" <[email protected]> wrote: >>>> Since several days i do some test in my lab but i have a problem. >>>> >>>> According to my picture >> http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png >>>> >>>> R1 is a openbsd 4.9 wh make a ppoe call >>>> R2 is a freebsd with the MPD5 daemon who run as an LAC >>>> R3 is a openbsd 4.9 with npppd who run as a LNS. >>>(snip) >>>> But when th R2 (LAC) try to establish the L2TP VPN i got this error : >>>> >>>> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) >> is not supported, but it's mandatory >>>> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet >> size BEARER_CAPABILITIES 15==10) >>>> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected >> state=idle >>>> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe >>>> >>>> Have you got a suggestion ?? >>> >>>mpd seems to be using `hidden AVP' but npppd doesn't support that. >>>Disabling `hidden AVP' on mpd may save this problem. Npppd also >>>doesn't support `tunnel authentication'. >>> >>>It's not difficult to add them if some of you use them. >>> >>>Thanks, >>> >>>--yasuoka >>> >>> >>>On Fri, 19 Aug 2011 16:05:27 +0200 (CEST) >>>"Gruel Bruno" <[email protected]> wrote: >>>> Hello, >>>> >>>> Since several days i do some test in my lab but i have a problem. >>>> >>>> According to my picture >> http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png >>>> >>>> R1 is a openbsd 4.9 wh make a ppoe call >>>> R2 is a freebsd with the MPD5 daemon who run as an LAC >>>> R3 is a openbsd 4.9 with npppd who run as a LNS. >>>> >>>> This is the R3 npppd configuration file >>>> >>>> # >>>> # Simplest npppd.conf sample >>>> # >>>> # $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $ >>>> >>>> interface_list: tun0 >>>> interface.tun0.ip4addr: 10.0.0.1 >>>> >>>> # IP address pool >>>> pool.dyna_pool: 10.0.0.0/25 >>>> pool.pool: 10.0.0.128/25 >>>> >>>> # Authentication >>>> auth.local.realm_list: local >>>> auth.local.realm.acctlist: /etc/npppd/npppd-users.csv >>>> realm.local.concentrate: tun0 >>>> >>>> lcp.mru: 1400 >>>> auth.method: mschapv2 chap >>>> >>>> # L2TP daemon >>>> l2tpd.enabled: true >>>> l2tpd.ip4_allow: 0.0.0.0/0 >>>> l2tpd.require_ipsec: false >>>> l2tpd.accept_dialin: true >>>> >>>> # PPPoE daemon >>>> pppoed.enabled: true >>>> pppoed.interface: PPPoE vic0 >>>> pppoed.ip4_allow: 0.0.0.0/0 >>>> >>>> >>>> i run isakmpd -K and do a ipsecctl -f /etc/ipsec.conf >>>> >>>> >>>> The content off my ipsec.conf file: >>>> >>>> ike passive esp transport \ >>>> proto udp from 172.16.1.1 to any port 1701 \ >>>> main auth hmac-sha enc 3des group modp1024 \ >>>> quick auth hmac-sha enc aes \ >>>> psk password >>>> >>>> >>>> i run npppd -d and i got this : >>>> >>>> 2011-08-19 15:24:20:NOTICE: Starting npppd pid=27755 version=5.0.0 >>>> 2011-08-19 15:24:20:NOTICE: Load configuration from='/etc/npppd/npppd.conf' >> successfully. >>>> 2011-08-19 15:24:20:WARNING: write() failed in in_route0 on RTM_ADD : File >> exists >>>> 2011-08-19 15:24:20:INFO: tun0 Started ip4addr=10.0.0.1 >>>> 2011-08-19 15:24:20:INFO: pool name=default dyn_pool=[10.0.0.0/25] >> pool=[10.0.0.0/24] >>>> 2011-08-19 15:24:20:INFO: Added 2 routes for new pool addresses >>>> 2011-08-19 15:24:20:INFO: Loading pool config successfully. >>>> 2011-08-19 15:24:20:INFO: realm name=local(local) Loaded users >> from='/etc/npppd/npppd-users.csv' successfully. 1 users >>>> 2011-08-19 15:24:20:INFO: Listening /var/run/npppd_ctl (npppd_ctl) >>>> 2011-08-19 15:24:20:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) >> [L2TP] >>>> 2011-08-19 15:24:20:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP] >>>> 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) >> [PPTP] >>>> 2011-08-19 15:24:20:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC) >>>> 2011-08-19 15:24:20:INFO: tun0 is using ipcp=default(1 pools). >>>> >>>> >>>> But when th R2 (LAC) try to establish the L2TP VPN i got this error : >>>> >>>> 2011-08-19 15:21:38:WARNING: l2tpd ctrl=33 Received AVP (RANDOM_VECTOR/36) >> is not supported, but it's mandatory >>>> 2011-08-19 15:21:38:ERR: l2tpd ctrl=33 Received bad SCCRQ: invalid packet >> size BEARER_CAPABILITIES 15==10) >>>> 2011-08-19 15:21:38:DEBUG: l2tpd ctrl=33 l2tp_ctrl_stop() unexpected >> state=idle >>>> 2011-08-19 15:21:38:NOTICE: l2tpd ctrl=33 logtype=Finishe >>>> >>>> Have you got a suggestion ?? >>>> >>>> Have you already see this message ? >>>> >>>> Thank's. >>>> >>>> Bruno Gruel >>>> >>>> >>>>>---- Original Message ---- >>>>>From: YASUOKA Masahiko <[email protected]> >>>>>To: [email protected] >>>>>Cc: [email protected], [email protected] >>>>>Sent: Jeu, Aou 18, 2011, 8:04 AM >>>>>Subject: Re: LAC & LNS server with OpenBSD >>>>> >>>>>Hello, >>>>> >>>>>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>>>>"Gruel Bruno" <[email protected]> wrote: >>>>>> First thank's for your help et very good jobs for npppd, it's realy a >> good >>>>>> tool. But it seem not to do what i want. >>>>>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>>>>> I will try rp-l2tp >>>>> >>>>>npppd supports `LNS' only and it supports `compulsory tunnel' (or >>>>>`accept dialin'). So currently npppd can become `R3' on above picture >>>>>but it can not become `R2'. >>>>> >>>>>To enable `accept-dialin' on npppd, please add below line to >>>>>npppd.conf. >>>>> >>>>> l2tp.accept_dialin: true >>>>> >>>>>> How can i have a full doc off npppd ?? >>>>> >>>>>Not yet.. >>>>> >>>>>> But i confirm that npppd work fine on my lab. >>>>> >>>>>Thanks. >>>>> >>>>>--yasuoka >>>>> >>>>>On Thu, 18 Aug 2011 00:32:22 +0200 (CEST) >>>>>"Gruel Bruno" <[email protected]> wrote: >>>>>> Hello, >>>>>> >>>>>> First thank's for your help et very good jobs for npppd, it's realy a >> good >>>>>> tool. But it seem not to do what i want. >>>>>> (http://fai.woody.hopto.org/Docs/bsdrp-example-pppoe-l2tp.png). >>>>>> >>>>>> I will try rp-l2tp >>>>>> >>>>>> How can i have a full doc off npppd ?? >>>>>> >>>>>> But i confirm that npppd work fine on my lab. >>>>>> >>>>>> Thank's. >>>>>> >>>>>> Bruno Gruel >>>>>> >>>>>>>---- Original Message ---- >>>>>>>From: Jeremie Courreges-Anglas <[email protected]> >>>>>>>To: [email protected] >>>>>>>Sent: Mer, Aou 17, 2011, 12:48 PM >>>>>>>Subject: Re: LAC & LNS server with OpenBSD >>>>>>> >>>>>>>"Gruel Bruno" <[email protected]> writes: >>>>>>> >>>>>>>> Hello, >>>>>>> >>>>>>>Hi. >>>>>>> >>>>>>>> I just want to know if it plan to have a real implitation of L2TP on >>>>>> OpenBSD. >>>>>>>> >>>>>>>> Is there a work in progress ? or never ? >>>>>>> >>>>>>>Without knowing what you already know about OpenBSD and L2TP, it's a bit >>>>>>>difficult to answer. Consider taking a look at /usr/src/usr.sbin/npppd/. >>>>>>> >>>>>>>> Thank's >>>>>>> >>>>>>>You're welcom'e ;) >>>>>>> >>>>>>>-- >>>>>>>Jeremie Courreges-Anglas - GPG key : 06A11494
