Discussion:
pppd doesnt find passwords
(too old to reply)
Christian Welzel
2007-12-30 22:36:42 UTC
Permalink
Hi there,
currently i'm trying to set up a l2tp over ipsec vpn using a windows
xp client and a linux openswan+kernel 2.6 ipsec.
now the whole stuff is working so far but i cannot get the pppd on linux
to accept password authentication from the client. setting noauth in the
config leads to a working setup while setting auth brings this error:

pppd[15063]: The remote system is required to authenticate itself
pppd[15063]: but I couldn't find any suitable secret (password) for it to use to do so.
pppd[15063]: (None of the available passwords would let it use an IP address.)

googling after this brings the solution to add an asterisk at fouth element
into /etc/ppp/chap-secrets. but my chap-secrets already looks like this:
* projekte "password" *
projekte * "password" *

i played around this several refuse- and require-options and added above lines
to all secret-files i could find in the system, but the error stays there.
The pppd is started this way:
xl2tpd[15048]: "/usr/sbin/pppd"
xl2tpd[15048]: "passive"
xl2tpd[15048]: "-detach"
xl2tpd[15048]: "192.168.0.9:192.168.0.249"
xl2tpd[15048]: "file"
xl2tpd[15048]: "/etc/ppp/options.l2tpd"
xl2tpd[15048]: "/dev/pts/1"

and /etc/ppp/options.l2tpd is this
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.0.8
ms-wins 192.168.0.8
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
lock
proxyarp
connect-delay 5000
nologfd
unit 4
name projekte
nomppe
refuse-chap
refuse-mschap
refuse-mschap-v2
refuse-eap
refuse-pap
require-mschap
require-mschap-v2

I do not have any further idea what causes this above error message...
Does someone has some hints for me?
--
MfG, Christian Welzel aka ***@Regenbogen

GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
Clifford Kite
2007-12-31 17:56:12 UTC
Permalink
Post by Christian Welzel
Hi there,
currently i'm trying to set up a l2tp over ipsec vpn using a windows
xp client and a linux openswan+kernel 2.6 ipsec.
now the whole stuff is working so far but i cannot get the pppd on linux
to accept password authentication from the client. setting noauth in the
pppd[15063]: The remote system is required to authenticate itself
pppd[15063]: but I couldn't find any suitable secret (password) for it to use to do so.
pppd[15063]: (None of the available passwords would let it use an IP address.)
googling after this brings the solution to add an asterisk at fouth element
* projekte "password" *
projekte * "password" *
I would try replacing the pppd option `name projekte' with `name mysystem',
and using

projekte mysystem "password" *

in chap-secrets.

These suggestions are based on reading `man pppd' and README.MSCHAP80,
which come with pppd - I have no experience authenticating MS clients.
They also assumes projekte is the client's name and not your system name.

Since you are the authenticator I can't see the need for another
chap-secrets line with projekte and mysystem swapped.

Regards-
--
Clifford Kite
/* The generation of random numbers is too important to be left
to chance. */
Unruh
2007-12-31 21:44:16 UTC
Permalink
Post by Clifford Kite
Post by Christian Welzel
Hi there,
currently i'm trying to set up a l2tp over ipsec vpn using a windows
xp client and a linux openswan+kernel 2.6 ipsec.
now the whole stuff is working so far but i cannot get the pppd on linux
to accept password authentication from the client. setting noauth in the
pppd[15063]: The remote system is required to authenticate itself
pppd[15063]: but I couldn't find any suitable secret (password) for it to use to do so.
pppd[15063]: (None of the available passwords would let it use an IP address.)
I have not seen the output of ppp debug. What is the name of the remote
system? What is the name of your system?
Post by Clifford Kite
Post by Christian Welzel
googling after this brings the solution to add an asterisk at fouth element
* projekte "password" *
projekte * "password" *
I would try replacing the pppd option `name projekte' with `name mysystem',
and using
projekte mysystem "password" *
in chap-secrets.
These suggestions are based on reading `man pppd' and README.MSCHAP80,
which come with pppd - I have no experience authenticating MS clients.
They also assumes projekte is the client's name and not your system name.
Since you are the authenticator I can't see the need for another
chap-secrets line with projekte and mysystem swapped.
Christian Welzel
2008-01-01 19:09:25 UTC
Permalink
Post by Clifford Kite
I would try replacing the pppd option `name projekte' with `name
mysystem', and using
"projekte" is the name of my system.
Post by Clifford Kite
These suggestions are based on reading `man pppd' and README.MSCHAP80,
This was the important hint! I read "man pppd" several times but i didnt
look into this README.MSCHAP80 file... it looked to me like some protocol
documentation... but in there was the solution!
I added a "remotename l2tp" to my config and
l2tp projekte "password" *
to the chap-secrets and the login works now!
tough it ignores the username i had given to the login at windows, the
password is checked now...

Thanks alot!
--
MfG, Christian Welzel aka ***@Regenbogen

GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
Loading...