pppd doesnt find passwords - PPP

This is a discussion on pppd doesnt find passwords - PPP ; Hi there, currently i'm trying to set up a l2tp over ipsec vpn using a windows xp client and a linux openswan+kernel 2.6 ipsec. now the whole stuff is working so far but i cannot get the pppd on linux ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: pppd doesnt find passwords

  1. pppd doesnt find passwords

    Hi there,
    currently i'm trying to set up a l2tp over ipsec vpn using a windows
    xp client and a linux openswan+kernel 2.6 ipsec.
    now the whole stuff is working so far but i cannot get the pppd on linux
    to accept password authentication from the client. setting noauth in the
    config leads to a working setup while setting auth brings this error:

    pppd[15063]: The remote system is required to authenticate itself
    pppd[15063]: but I couldn't find any suitable secret (password) for it to use to do so.
    pppd[15063]: (None of the available passwords would let it use an IP address.)

    googling after this brings the solution to add an asterisk at fouth element
    into /etc/ppp/chap-secrets. but my chap-secrets already looks like this:
    * projekte "password" *
    projekte * "password" *

    i played around this several refuse- and require-options and added above lines
    to all secret-files i could find in the system, but the error stays there.
    The pppd is started this way:
    xl2tpd[15048]: "/usr/sbin/pppd"
    xl2tpd[15048]: "passive"
    xl2tpd[15048]: "-detach"
    xl2tpd[15048]: "192.168.0.9:192.168.0.249"
    xl2tpd[15048]: "file"
    xl2tpd[15048]: "/etc/ppp/options.l2tpd"
    xl2tpd[15048]: "/dev/pts/1"

    and /etc/ppp/options.l2tpd is this
    ipcp-accept-local
    ipcp-accept-remote
    ms-dns 192.168.0.8
    ms-wins 192.168.0.8
    auth
    crtscts
    idle 1800
    mtu 1410
    mru 1410
    nodefaultroute
    lock
    proxyarp
    connect-delay 5000
    nologfd
    unit 4
    name projekte
    nomppe
    refuse-chap
    refuse-mschap
    refuse-mschap-v2
    refuse-eap
    refuse-pap
    require-mschap
    require-mschap-v2

    I do not have any further idea what causes this above error message...
    Does someone has some hints for me?

    --
    MfG, Christian Welzel aka Gawain@Regenbogen

    GPG-Key: http://www.camlann.de/key.asc
    Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15

  2. Re: pppd doesnt find passwords

    Christian Welzel wrote:
    > Hi there,
    > currently i'm trying to set up a l2tp over ipsec vpn using a windows
    > xp client and a linux openswan+kernel 2.6 ipsec.
    > now the whole stuff is working so far but i cannot get the pppd on linux
    > to accept password authentication from the client. setting noauth in the
    > config leads to a working setup while setting auth brings this error:


    > pppd[15063]: The remote system is required to authenticate itself
    > pppd[15063]: but I couldn't find any suitable secret (password) for it to use to do so.
    > pppd[15063]: (None of the available passwords would let it use an IP address.)


    > googling after this brings the solution to add an asterisk at fouth element
    > into /etc/ppp/chap-secrets. but my chap-secrets already looks like this:
    > * projekte "password" *
    > projekte * "password" *


    I would try replacing the pppd option `name projekte' with `name mysystem',
    and using

    projekte mysystem "password" *

    in chap-secrets.

    These suggestions are based on reading `man pppd' and README.MSCHAP80,
    which come with pppd - I have no experience authenticating MS clients.
    They also assumes projekte is the client's name and not your system name.

    Since you are the authenticator I can't see the need for another
    chap-secrets line with projekte and mysystem swapped.

    Regards-
    --
    Clifford Kite
    /* The generation of random numbers is too important to be left
    to chance. */

  3. Re: pppd doesnt find passwords

    Clifford Kite writes:

    >Christian Welzel wrote:
    >> Hi there,
    >> currently i'm trying to set up a l2tp over ipsec vpn using a windows
    >> xp client and a linux openswan+kernel 2.6 ipsec.
    >> now the whole stuff is working so far but i cannot get the pppd on linux
    >> to accept password authentication from the client. setting noauth in the
    >> config leads to a working setup while setting auth brings this error:


    >> pppd[15063]: The remote system is required to authenticate itself
    >> pppd[15063]: but I couldn't find any suitable secret (password) for it to use to do so.
    >> pppd[15063]: (None of the available passwords would let it use an IP address.)


    I have not seen the output of ppp debug. What is the name of the remote
    system? What is the name of your system?



    >> googling after this brings the solution to add an asterisk at fouth element
    >> into /etc/ppp/chap-secrets. but my chap-secrets already looks like this:
    >> * projekte "password" *
    >> projekte * "password" *


    >I would try replacing the pppd option `name projekte' with `name mysystem',
    >and using


    >projekte mysystem "password" *


    >in chap-secrets.


    >These suggestions are based on reading `man pppd' and README.MSCHAP80,
    >which come with pppd - I have no experience authenticating MS clients.
    >They also assumes projekte is the client's name and not your system name.


    >Since you are the authenticator I can't see the need for another
    >chap-secrets line with projekte and mysystem swapped.



  4. Re: pppd doesnt find passwords

    Clifford Kite wrote:

    > I would try replacing the pppd option `name projekte' with `name
    > mysystem', and using


    "projekte" is the name of my system.

    > These suggestions are based on reading `man pppd' and README.MSCHAP80,


    This was the important hint! I read "man pppd" several times but i didnt
    look into this README.MSCHAP80 file... it looked to me like some protocol
    documentation... but in there was the solution!
    I added a "remotename l2tp" to my config and
    l2tp projekte "password" *
    to the chap-secrets and the login works now!
    tough it ignores the username i had given to the login at windows, the
    password is checked now...

    Thanks alot!

    --
    MfG, Christian Welzel aka Gawain@Regenbogen

    GPG-Key: http://www.camlann.de/key.asc
    Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15

+ Reply to Thread