Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th October 2009, 04:42
ratcateme ratcateme is offline
Junior Member
 
Join Date: Feb 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default setting up PPP CHAP authentication on a VPN server

im trying to set up a VPN server on CentOS 5.3
so far i have got OpenSwan working for IPsec and xl2tpd running with PPP CHAP authentication.
the problem is CHAP is failing. when i run xl2tpd in debug mode and connect i get this:
Code:
xl2tpd[14601]: get_call: allocating new tunnel for host 10.1.2.3, port 1701.
xl2tpd[14601]: get_call: allocating new tunnel for host 10.1.2.3, port 1701.
xl2tpd[14601]: control_finish: Peer requested tunnel 59 twice, ignoring second one.
xl2tpd[14601]: build_fdset: closing down tunnel 51937
xl2tpd[14601]: Connection established to 10.1.2.3, 1701.  Local: 12995, Remote: 59 (ref=0/0).  LNS session is 'default'
xl2tpd[14601]: start_pppd: I'm running:
xl2tpd[14601]: "/usr/sbin/pppd"
xl2tpd[14601]: "passive"
xl2tpd[14601]: "nodetach"
xl2tpd[14601]: "10.1.1.2:10.1.1.128"
xl2tpd[14601]: "refuse-pap"
xl2tpd[14601]: "auth"
xl2tpd[14601]: "require-chap"
xl2tpd[14601]: "name"
xl2tpd[14601]: "RatCatVPN"
xl2tpd[14601]: "debug"
xl2tpd[14601]: "file"
xl2tpd[14601]: "/etc/ppp/options.xl2tpd"
xl2tpd[14601]: "/dev/pts/1"
/usr/sbin/pppd: The remote system is required to authenticate itself
/usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so.
/usr/sbin/pppd: (None of the available passwords would let it use an IP address.)
xl2tpd[14601]: Call established with 10.1.2.3, Local: 52300, Remote: 1, Serial: 0
xl2tpd[14601]: control_finish: Connection closed to 10.1.2.3, serial 0 ()
xl2tpd[14601]: Terminating pppd: sending TERM signal to pid 14625
xl2tpd[14601]: pppd 14625 successfully terminated
xl2tpd[14601]: control_finish: Connection closed to 10.1.2.3, port 1701 (), Local: 12995, Remote: 59
xl2tpd[14601]: build_fdset: closing down tunnel 12995
my config files look like:
/etc/xl2tpd/xl2tpd.conf
Code:
[global]
debug tunnel = yes

[lns default]
ip range = 10.1.1.128-10.1.1.254
local ip = 10.1.1.2
require chap = yes
refuse pap = yes
require authentication = yes
name = RatCatVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
/etc/ppp/options.xl2tpd
Code:
ipcp-accept-local
ipcp-accept-remote
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
defaultroute
debug
lock
proxyarp
connect-delay 5000
/etc/ppp/chap-secrets
Code:
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
####### redhat-config-network will overwrite this part!!! (begin) ##########
####### redhat-config-network will overwrite this part!!! (end) ############
*       scott   "test"  *
scott   *       "test"  *
/etc/ipsec.conf
Code:
version 2.0     # conforms to second version of ipsec.conf specification
config setup
        protostack=netkey
        interfaces=%defaultroute
        klipsdebug=all
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=3
        compress=yes
        disablearrivalcheck=no
        authby=secret
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m

conn roadwarrior-net
        leftsubnet=10.1.2.0/24
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior-l2tp
        leftprotoport=17/0
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-l2tp-updatedwin
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior
        pfs=no
        left=10.1.2.1
        leftnexthop=10.1.2.3
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
i have been looking everywhere for help over the last few days and im getting nowhere if anyone could offer some help that would be great

Thanks Scott.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple Postfix server for QA testing jmarcus Server Operation 0 24th September 2009 19:52
I don't recieve mail. privir Installation/Configuration 2 3rd June 2009 22:08
Can't start apache Musty Server Operation 12 9th March 2008 13:58
Setting up a backup mail server setup with two installations of ISPConfig zitch Tips/Tricks/Mods 7 30th December 2006 10:07
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 02:30


All times are GMT +2. The time now is 20:03.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.