Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

pppd doesnt find passwords

5,769 views
Skip to first unread message

Christian Welzel

unread,
Dec 30, 2007, 5:36:42 PM12/30/07
to
Hi there,
currently i'm trying to set up a l2tp over ipsec vpn using a windows
xp client and a linux openswan+kernel 2.6 ipsec.
now the whole stuff is working so far but i cannot get the pppd on linux
to accept password authentication from the client. setting noauth in the
config leads to a working setup while setting auth brings this error:

pppd[15063]: The remote system is required to authenticate itself
pppd[15063]: but I couldn't find any suitable secret (password) for it to use to do so.
pppd[15063]: (None of the available passwords would let it use an IP address.)

googling after this brings the solution to add an asterisk at fouth element
into /etc/ppp/chap-secrets. but my chap-secrets already looks like this:
* projekte "password" *
projekte * "password" *

i played around this several refuse- and require-options and added above lines
to all secret-files i could find in the system, but the error stays there.
The pppd is started this way:
xl2tpd[15048]: "/usr/sbin/pppd"
xl2tpd[15048]: "passive"
xl2tpd[15048]: "-detach"
xl2tpd[15048]: "192.168.0.9:192.168.0.249"
xl2tpd[15048]: "file"
xl2tpd[15048]: "/etc/ppp/options.l2tpd"
xl2tpd[15048]: "/dev/pts/1"

and /etc/ppp/options.l2tpd is this
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.0.8
ms-wins 192.168.0.8
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
lock
proxyarp
connect-delay 5000
nologfd
unit 4
name projekte
nomppe
refuse-chap
refuse-mschap
refuse-mschap-v2
refuse-eap
refuse-pap
require-mschap
require-mschap-v2

I do not have any further idea what causes this above error message...
Does someone has some hints for me?

--
MfG, Christian Welzel aka Gawain@Regenbogen

GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15

Clifford Kite

unread,
Dec 31, 2007, 12:56:12 PM12/31/07
to
Christian Welzel <gaw...@camlann.de> wrote:
> Hi there,
> currently i'm trying to set up a l2tp over ipsec vpn using a windows
> xp client and a linux openswan+kernel 2.6 ipsec.
> now the whole stuff is working so far but i cannot get the pppd on linux
> to accept password authentication from the client. setting noauth in the
> config leads to a working setup while setting auth brings this error:

> pppd[15063]: The remote system is required to authenticate itself
> pppd[15063]: but I couldn't find any suitable secret (password) for it to use to do so.
> pppd[15063]: (None of the available passwords would let it use an IP address.)

> googling after this brings the solution to add an asterisk at fouth element
> into /etc/ppp/chap-secrets. but my chap-secrets already looks like this:
> * projekte "password" *
> projekte * "password" *

I would try replacing the pppd option `name projekte' with `name mysystem',
and using

projekte mysystem "password" *

in chap-secrets.

These suggestions are based on reading `man pppd' and README.MSCHAP80,
which come with pppd - I have no experience authenticating MS clients.
They also assumes projekte is the client's name and not your system name.

Since you are the authenticator I can't see the need for another
chap-secrets line with projekte and mysystem swapped.

Regards-
--
Clifford Kite
/* The generation of random numbers is too important to be left
to chance. */

Unruh

unread,
Dec 31, 2007, 4:44:16 PM12/31/07
to
Clifford Kite <ki...@not.available.tld> writes:

>Christian Welzel <gaw...@camlann.de> wrote:
>> Hi there,
>> currently i'm trying to set up a l2tp over ipsec vpn using a windows
>> xp client and a linux openswan+kernel 2.6 ipsec.
>> now the whole stuff is working so far but i cannot get the pppd on linux
>> to accept password authentication from the client. setting noauth in the
>> config leads to a working setup while setting auth brings this error:

>> pppd[15063]: The remote system is required to authenticate itself
>> pppd[15063]: but I couldn't find any suitable secret (password) for it to use to do so.
>> pppd[15063]: (None of the available passwords would let it use an IP address.)

I have not seen the output of ppp debug. What is the name of the remote
system? What is the name of your system?

Christian Welzel

unread,
Jan 1, 2008, 2:09:25 PM1/1/08
to
Clifford Kite wrote:

> I would try replacing the pppd option `name projekte' with `name
> mysystem', and using

"projekte" is the name of my system.



> These suggestions are based on reading `man pppd' and README.MSCHAP80,

This was the important hint! I read "man pppd" several times but i didnt
look into this README.MSCHAP80 file... it looked to me like some protocol
documentation... but in there was the solution!
I added a "remotename l2tp" to my config and
l2tp projekte "password" *
to the chap-secrets and the login works now!
tough it ignores the username i had given to the login at windows, the
password is checked now...

Thanks alot!

0 new messages