l2tpns / Bugs / #6 CHAP not working with Windows 2000 client

CHAP not working with Windows 2000 client

#6 CHAP not working with Windows 2000 client

Status: closed

Owner: nobody

Labels: None

Priority: 5

Updated: 2005-06-07

Created: 2005-06-01

Creator: Anonymous

Private: No

I'm trying l2tpns with a Windows 2000 client using CHAP
authentication. This setup (with the same client
config) works Ok in l2tpd, and also works Ok in l2tpns
if I set up the client to use PAP.

However, when using CHAP l2tpns prints this to the log
(full log attached):

PPP LCP Packet type 1 (ConfigReq len 44)
Length: 44
Magic-Number 57856b41
Protocol-Field-Compression
Address-and-Control-Field-Compression
Unknown PPP LCP Option type 13
Unknown PPP LCP Option type 17
Unknown PPP LCP Option type 19
Rejecting PPP LCP Option type 13
Rejecting PPP LCP Option type 17
Rejecting PPP LCP Option type 19
Sending ConfigRej
Sending LCP ConfigReq for PAP
LCP: ConfigReq (14 bytes)...
PPP LCP Packet type 1 (ConfigReq len 14)
Length: 14
Magic-Number 57856b41
Protocol-Field-Compression
Sending ConfigAck
Sending LCP ConfigReq for PAP
Remote end sent a ConfigNak. Ignoring
PPP LCP Packet type 3 (ConfigNak len 9)
Length: 9
Remote end sent a ConfigNak. Ignoring
PPP LCP Packet type 3 (ConfigNak len 9)
Length: 9

It seems that l2tpns does not request CHAP
authentication, and I have not found a way to make it
use CHAP rather than PAP. The client times out, as it's
ConfigNak message refusing PAP is ignored.

Discussion

Nobody/Anonymous - 2005-06-01

full log of the session

l2tpns.log

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Brendan O'Dea - 2005-06-02

Logged In: YES
user_id=976467

Which version of L2TPNS? In the 2.0 branch, we always
attempt to force PAP (given that in our setup, many
passwords are encrypted at our end, so CHAP doesn't work).
In 2.1, you should be able to set radius_authtypes=chap in
the configuration.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Nobody/Anonymous - 2005-06-02

Logged In: NO

I am using 2.0.21. So, is there a way (even if it means
tweaking the source) of using CHAP with 2.0.21?

And, when will 2.1 be ready? Is there are a useable cvs branch?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Brendan O'Dea - 2005-06-04

Logged In: YES
user_id=976467

There are a bunch of LCP related changes in 2.1, making it
non-trivial to backport.

I've just committed the last of the 2.1 feature changes, and
will be running tests over the next week, so hopefully soon.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Nobody/Anonymous - 2005-06-06

Logged In: NO

Ok, thanks for your answers.

I've been trying and tweaking cvs HEAD and got it to work
fairly well using both pap and chap.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Brendan O'Dea - 2005-06-07

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Brendan O'Dea - 2005-06-07

Logged In: YES
user_id=976467

Good to hear. Released 2.1 today, closing this bug.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CHAP not working with Windows 2000 client

Group

Searches

Help

#6 CHAP not working with Windows 2000 client

Discussion