View previous topic :: View next topic |
Author |
Message |
madfry n00b
Joined: 30 Nov 2004 Posts: 3
|
Posted: Tue Nov 30, 2004 9:45 pm Post subject: VPN (openswan, l2tpd, pppd) and WinXP |
|
|
Hi there!
I'm just setting up a vpn server on a linux router.
I'm using openswan + l2tpd + pppd 2.4.2 for the vpn, because it must be reachable with the built-in vpn client in WinXP (SP2) and has to use ipsec.
Everything seems to run well except the ppp daemon. The log says:
Code: |
pppd: The remote system is required to authenticate itself
pppd: but I couldn't find any suitable secret (password) for it to use to do so.
pppd: (None of the available passwords would let it use an IP address.)
|
I've tried everything to check what the problem might be, but I didn't found it...
Here are my config files:
l2tpd.conf:
Code: |
[global]
listen-addr = 192.168.52.254
[lns default]
ip range = 192.168.52.128-192.168.52.252
local ip = 192.168.52.253
require chap = yes
refuse pap = yes
require authentication = yes
name = l2tpd
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
|
options.l2tpd:
Code: |
ipcp-accept-local
ipcp-accept-remote
#ms-dns 192.168.1.1
#ms-dns 192.168.1.3
#ms-wins 192.168.1.2
#ms-wins 192.168.1.4
noccp
auth
crtscts
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
require-chap
refuse-pap
hide-password
#kdebug 1
|
The chap-secrets file:
Code: |
# client server secret IP addresses
user * password 192.168.52.128/25
* user password 192.168.52.128/25
|
Does anyone have an idea?
I'm open for every hint
Fry |
|
Back to top |
|
|
ronaldmoes n00b
Joined: 03 Oct 2003 Posts: 48
|
Posted: Wed Dec 01, 2004 12:52 pm Post subject: |
|
|
I think you should remove the 'auth' option from your pppd config file. |
|
Back to top |
|
|
madfry n00b
Joined: 30 Nov 2004 Posts: 3
|
Posted: Wed Dec 01, 2004 3:01 pm Post subject: |
|
|
Quote: |
I think you should remove the 'auth' option from your pppd config file.
|
Yes google said the same, but that also didn't run...
I've used this howto to build my vpn:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
There are also example config files where this option has been used.
The auth option is necessary because both client and server have to authenticate themself with the same user/password combination
I've also tried to completely disable the authentification by setting the noauth option, or the options noauth and login, and in the l2tpd.conf require auth. = no.
I've tried to force CHAP in the MS-client (which uses MS-CHAP(v2) by default), or PAP (and linking the CHAP-secrets to PAP-secrets).
Finally I always get the same error... |
|
Back to top |
|
|
ronaldmoes n00b
Joined: 03 Oct 2003 Posts: 48
|
Posted: Wed Dec 01, 2004 7:01 pm Post subject: |
|
|
What happens if you comment out the 'require-chap' option and also the 'auth' option? |
|
Back to top |
|
|
jacco2 n00b
Joined: 01 Dec 2004 Posts: 1 Location: Zaandam, The Netherlands
|
Posted: Wed Dec 01, 2004 11:10 pm Post subject: Re: VPN (openswan, l2tpd, pppd) and WinXP |
|
|
madfry wrote: |
I'm just setting up a vpn server on a linux router.
I'm using openswan + l2tpd + pppd 2.4.2 for the vpn, because it must be reachable with the built-in vpn client in WinXP (SP2) and has to use ipsec.
Everything seems to run well except the ppp daemon. The log says:
Code: |
pppd: The remote system is required to authenticate itself
pppd: but I couldn't find any suitable secret (password) for it to use to do so.
pppd: (None of the available passwords would let it use an IP address.)
|
|
The configuration files look OK to me. Is chap-secrets world readable perhaps? Are there any non-standard characters in chap-secrets? Is the client configured to use a static IP address which is not within 192.168.52.128/25? Is there any more logging that you can enable which could indicate what is going on?
Peculiar that the noauth workaround does not fix the problem. I wouldn't use it as a permanent solution, though. |
|
Back to top |
|
|
madfry n00b
Joined: 30 Nov 2004 Posts: 3
|
Posted: Sun Dec 05, 2004 7:23 pm Post subject: |
|
|
Hi!
I will try it again in a few weeks.
For now I've used openvpn, which is not ipsec but worked within a hour
Thx for your help, though! |
|
Back to top |
|
|
|