quentin4
October 6th, 2013, 04:29 PM
Hello All - hoping if someone can assist me here.
I have the following configuration files:
I have tested this setup using Linux Mint as a client and it connects to my ISP. They use the L2TP without IPSec to give subscribers a fixed IP address.
Hence they have programmed it in such a manner that when I create a L2TP I always will receive the same IP address on the tunnel.
For the last two weeks I have been trying without any success to connect using Ubuntu LTS 64 bit server edition.
I take exactly the same configuration files and run them on Ubuntu, and I get in the error log is a message stating that I do not have authorisation to create a tunnel.
Please someone - I am not a Linux boffin, but something is weird here. Any input will be welcomed.
# /etc/xl2tpd/xl2tpd.conf
[global]
auth file = /etc/xl2tpd/l2tp-secrets ; Where our challenge secrets are
debug tunnel = yes ; Enable debug
debug avp = yes ; Enable debug
debug network = yes ; Enable debug
debug packet = yes ; Enable debug
[lac l2tp-connection] ; VPN LAC definition
lns = xxx.xxx.xxx.xxx ; The IP address of our LAC
redial = yes ; Reconnect if disconnected
redial timeout = 15 ; Wait n seconds between redials
max redials = 5 ; Give up after n consecutive failures
hidden bit = yes ; User hidden AVP's?
length bit = no ; Use length bit in payload?
require chap = no ; Require CHAP auth. by peer
refuse chap = yes ; Refuse CHAP auth. by peer
require pap = yes ; Require PAP auth. by peer
refuse pap = no ; Require PAP authentication
refuse authentication = no ; Refuse authentication altogether
require authentication = yes ;Require peer to authenticate
name = User@isp ; VPN Username
ppp debug = yes ; Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd.client ; ppp options file for this lac
#/etc/xl2tpd/l2tp-secrets
# https://github.com/xelerance/xl2tpd/blob/master/doc/l2tp-secrets.5
# Secrets for authenticating l2tp tunnels
# The l2tp-secrets file contains challenge-response authentication information for xl2tpd, the implementation of l2tp protocol.
# The format of the file is derived from the pap and chap secrets file format used in pppd. The secrets file is composed of zero or # more lines with 3 fields each. Each line represents an authentication secret.
# The 3 fields represent our hostname, the remote # hostname and the secret used in the authentication process.
# The first (us) field is for our hostname, a "*" may be used as a wildcard.
# The second (them) field is for the remote system's hostname. Again, a "*" may be used as a wildcard.
# The third (secret) field is the secret used if the previous two fields match the hostnames of the systems involved.
# The secret should, ideally, be at 16 characters long (the length of an MD5 digest output), and should probably be longer to
# ensure sufficient security. There is no minimum length requirement, however.
# us them secret
* somename somesecret
#/etc/ppp/options.l2tpd.client
ipcp-accept-local # pppd will accept the peer's idea of our local IP address
mru 1410 # MRU is the maximum size for a received packet
mtu 1452 # MTU is the maximum size for a transmitted packet
debug # pppd will log contents of control packets - set up /etc/syslog.conf
refuse-eap # pppd will not agree to authenticate itself to the peer using EAP
refuse-chap # pppd will not agree to authenticate itself to the peer using CHAP
refuse-mschap # pppd will not agree to authenticate itself to the peer using MS-CHAP
refuse-mschap-v2 # pppd will not agree to authenticate itself to the peer using MS-CHAPv2
require-pap # Requires PAP [Password Authentication Protocol] authentication.
noccp #Disable compression control if the peer is buggy
show-password # When logging PAP packetspppd will log the password string as well
lcp-echo-failure 20 # pppd presumes peer to be dead if n LCP echo-request are not ack'd
lcp-echo-interval 50 # pppd will send an LCP echo-request frame every nseconds
asyncmap 0 # pppd will ask the peer not to escape any control characters
nocrtscts #No flow control using the RTS and CTS signals in RS-232
#crtscts # Use flow control using the RTS and CTS signals in RS-232
lock # pppd creates a UUCP-style lock file for exclusive access
local # Do not use modem control lines
#modem # Use the modem control lines
noauth # Do not require the peer to authenticate itself. Option is privileged
#auth # The peer does have to authenticate itself
noipx #Disable IPXCP and IPX Protocols only required if the peer is buggy
defaultroute # Make this the default route
nomppe-128 # Disable 128-bit encryption with MPPE
#/etc/ppp/pap-secrets
#user hostname secret
User@isp * mysecret
I have the following configuration files:
I have tested this setup using Linux Mint as a client and it connects to my ISP. They use the L2TP without IPSec to give subscribers a fixed IP address.
Hence they have programmed it in such a manner that when I create a L2TP I always will receive the same IP address on the tunnel.
For the last two weeks I have been trying without any success to connect using Ubuntu LTS 64 bit server edition.
I take exactly the same configuration files and run them on Ubuntu, and I get in the error log is a message stating that I do not have authorisation to create a tunnel.
Please someone - I am not a Linux boffin, but something is weird here. Any input will be welcomed.
# /etc/xl2tpd/xl2tpd.conf
[global]
auth file = /etc/xl2tpd/l2tp-secrets ; Where our challenge secrets are
debug tunnel = yes ; Enable debug
debug avp = yes ; Enable debug
debug network = yes ; Enable debug
debug packet = yes ; Enable debug
[lac l2tp-connection] ; VPN LAC definition
lns = xxx.xxx.xxx.xxx ; The IP address of our LAC
redial = yes ; Reconnect if disconnected
redial timeout = 15 ; Wait n seconds between redials
max redials = 5 ; Give up after n consecutive failures
hidden bit = yes ; User hidden AVP's?
length bit = no ; Use length bit in payload?
require chap = no ; Require CHAP auth. by peer
refuse chap = yes ; Refuse CHAP auth. by peer
require pap = yes ; Require PAP auth. by peer
refuse pap = no ; Require PAP authentication
refuse authentication = no ; Refuse authentication altogether
require authentication = yes ;Require peer to authenticate
name = User@isp ; VPN Username
ppp debug = yes ; Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd.client ; ppp options file for this lac
#/etc/xl2tpd/l2tp-secrets
# https://github.com/xelerance/xl2tpd/blob/master/doc/l2tp-secrets.5
# Secrets for authenticating l2tp tunnels
# The l2tp-secrets file contains challenge-response authentication information for xl2tpd, the implementation of l2tp protocol.
# The format of the file is derived from the pap and chap secrets file format used in pppd. The secrets file is composed of zero or # more lines with 3 fields each. Each line represents an authentication secret.
# The 3 fields represent our hostname, the remote # hostname and the secret used in the authentication process.
# The first (us) field is for our hostname, a "*" may be used as a wildcard.
# The second (them) field is for the remote system's hostname. Again, a "*" may be used as a wildcard.
# The third (secret) field is the secret used if the previous two fields match the hostnames of the systems involved.
# The secret should, ideally, be at 16 characters long (the length of an MD5 digest output), and should probably be longer to
# ensure sufficient security. There is no minimum length requirement, however.
# us them secret
* somename somesecret
#/etc/ppp/options.l2tpd.client
ipcp-accept-local # pppd will accept the peer's idea of our local IP address
mru 1410 # MRU is the maximum size for a received packet
mtu 1452 # MTU is the maximum size for a transmitted packet
debug # pppd will log contents of control packets - set up /etc/syslog.conf
refuse-eap # pppd will not agree to authenticate itself to the peer using EAP
refuse-chap # pppd will not agree to authenticate itself to the peer using CHAP
refuse-mschap # pppd will not agree to authenticate itself to the peer using MS-CHAP
refuse-mschap-v2 # pppd will not agree to authenticate itself to the peer using MS-CHAPv2
require-pap # Requires PAP [Password Authentication Protocol] authentication.
noccp #Disable compression control if the peer is buggy
show-password # When logging PAP packetspppd will log the password string as well
lcp-echo-failure 20 # pppd presumes peer to be dead if n LCP echo-request are not ack'd
lcp-echo-interval 50 # pppd will send an LCP echo-request frame every nseconds
asyncmap 0 # pppd will ask the peer not to escape any control characters
nocrtscts #No flow control using the RTS and CTS signals in RS-232
#crtscts # Use flow control using the RTS and CTS signals in RS-232
lock # pppd creates a UUCP-style lock file for exclusive access
local # Do not use modem control lines
#modem # Use the modem control lines
noauth # Do not require the peer to authenticate itself. Option is privileged
#auth # The peer does have to authenticate itself
noipx #Disable IPXCP and IPX Protocols only required if the peer is buggy
defaultroute # Make this the default route
nomppe-128 # Disable 128-bit encryption with MPPE
#/etc/ppp/pap-secrets
#user hostname secret
User@isp * mysecret