#6 CHAP not working with Windows 2000 client

closed
nobody
None
5
2005-06-07
2005-06-01
Anonymous
No

I'm trying l2tpns with a Windows 2000 client using CHAP
authentication. This setup (with the same client
config) works Ok in l2tpd, and also works Ok in l2tpns
if I set up the client to use PAP.

However, when using CHAP l2tpns prints this to the log
(full log attached):

PPP LCP Packet type 1 (ConfigReq len 44)
Length: 44
Magic-Number 57856b41
Protocol-Field-Compression
Address-and-Control-Field-Compression
Unknown PPP LCP Option type 13
Unknown PPP LCP Option type 17
Unknown PPP LCP Option type 19
Rejecting PPP LCP Option type 13
Rejecting PPP LCP Option type 17
Rejecting PPP LCP Option type 19
Sending ConfigRej
Sending LCP ConfigReq for PAP
LCP: ConfigReq (14 bytes)...
PPP LCP Packet type 1 (ConfigReq len 14)
Length: 14
Magic-Number 57856b41
Protocol-Field-Compression
Sending ConfigAck
Sending LCP ConfigReq for PAP
Remote end sent a ConfigNak. Ignoring
PPP LCP Packet type 3 (ConfigNak len 9)
Length: 9
Remote end sent a ConfigNak. Ignoring
PPP LCP Packet type 3 (ConfigNak len 9)
Length: 9

It seems that l2tpns does not request CHAP
authentication, and I have not found a way to make it
use CHAP rather than PAP. The client times out, as it's
ConfigNak message refusing PAP is ignored.

Discussion

  • Nobody/Anonymous

    full log of the session

     
  • Brendan O'Dea

    Brendan O'Dea - 2005-06-02

    Logged In: YES
    user_id=976467

    Which version of L2TPNS? In the 2.0 branch, we always
    attempt to force PAP (given that in our setup, many
    passwords are encrypted at our end, so CHAP doesn't work).
    In 2.1, you should be able to set radius_authtypes=chap in
    the configuration.

     
  • Nobody/Anonymous

    Logged In: NO

    I am using 2.0.21. So, is there a way (even if it means
    tweaking the source) of using CHAP with 2.0.21?

    And, when will 2.1 be ready? Is there are a useable cvs branch?

     
  • Brendan O'Dea

    Brendan O'Dea - 2005-06-04

    Logged In: YES
    user_id=976467

    There are a bunch of LCP related changes in 2.1, making it
    non-trivial to backport.

    I've just committed the last of the 2.1 feature changes, and
    will be running tests over the next week, so hopefully soon.

     
  • Nobody/Anonymous

    Logged In: NO

    Ok, thanks for your answers.

    I've been trying and tweaking cvs HEAD and got it to work
    fairly well using both pap and chap.

     
  • Brendan O'Dea

    Brendan O'Dea - 2005-06-07
    • status: open --> closed
     
  • Brendan O'Dea

    Brendan O'Dea - 2005-06-07

    Logged In: YES
    user_id=976467

    Good to hear. Released 2.1 today, closing this bug.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks