[prev in list] [next in list] [prev in thread] [next in thread] 

List:       portmaster-users
Subject:    (PM) PM3 LAC?
From:       "Bo Byrd" <byrdr () corp ! earthlink ! net>
Date:       2003-05-13 15:48:14
[Download RAW message or body]

Hey everyone, Im having problems getting l2tp on a pm3 working as a lac.
Im doing partial radius authenticaion (im not using call-check).
Debugging on my LNS shows that the PM3 isnt even trying to establish a
tunnel.  I had it working a few days ago but now I cant figure out why
its not working anymore.  For starters, the pm3 is not successfully
authing the ppp session.  The pm3 says auth-nak but the radius server is
actually sending auth-accept.  Theres a weird  "MAIN !!!!" ppp debug
trace message on the pm3 as well.


Heres the output from my "show global" command:

pm3> show global
       System Name: pm3
      Default Host: 0.0.0.0
   Alternate Hosts:
        IP Gateway: x.x.3.129
    Gateway Metric: 1
   Default Routing: Quiet (Off)
      Name Service: DNS
       Name Server: x.x.188.187
            Domain: x
Telnet Access Port: 23
           Loghost: 0.0.0.0
 Maximum PMconsole: 1
  Assigned Address: x.x.3.161  (Pool Size 6)
     RADIUS Server: x.x.3.232* 1645
  Alternate Server: x.x.x.232* 1645
 Accounting Server: x.x.3.232 1646
 Alt. Acct. Server: x.x.3.232 1646
Acct Retry Interval: 30 Sec
   Acct Retry Count: 6
Auth Retry Interval: 0 Sec
     Auth Failover: off
  ChoiceNet Server: 0.0.0.0
 Alt. ChNet Server: 0.0.0.0
PPP Authentication: PAP: on    CHAP: on 
  ISDN Switch Type: att-5ess
 L2TP LAC
    End Point Disc: None
  Disabled Modules: SNMP OSPF BGP


Heres the ppp debug from the pm3:

Sending LCP_CONFIGURE_REQUEST on port S0 of 20 bytes containing:wire
bytes 24
01 01 00 18 02 06 00 00 00 00 05 06 53 68 04 ec 
07 02 08 02 03 04 c0 23 
Received LCP_CONFIGURE_ACK on port S0 of 20 bytes containing:wire bytes
24
02 01 00 18 02 06 00 00 00 00 05 06 53 68 04 ec 
07 02 08 02 03 04 c0 23 
Received LCP_CONFIGURE_REQUEST on port S0 of 19 bytes containing:wire
bytes 23
01 01 00 17 02 06 00 00 00 00 05 06 3e 46 3e fa 
07 02 08 02 0d 03 06 
Sending LCP_CONFIGURE_REJECT on port S0 of 3 bytes containing:wire bytes
7
04 01 00 07 0d 03 06 
Received LCP_CONFIGURE_REQUEST on port S0 of 16 bytes containing:wire
bytes 20
01 02 00 14 02 06 00 00 00 00 05 06 3e 46 3e fa 
07 02 08 02 
Sending LCP_CONFIGURE_ACK on port S0 of 16 bytes containing:wire bytes
20
02 02 00 14 02 06 00 00 00 00 05 06 3e 46 3e fa 
07 02 08 02 
S0: LCP Open
Received UNKNOWN on port S0 of 14 bytes containing:wire bytes 18
0c 03 00 12 3e 46 3e fa 4d 53 52 41 53 56 35 2e 
31 30 
Received UNKNOWN on port S0 of 17 bytes containing:wire bytes 21
0c 04 00 15 3e 46 3e fa 4d 53 52 41 53 2d 31 2d 
42 42 59 52 44 
Received PAP_AUTH_REQ on port S0 of 23 bytes containing:
01 26 00 17 0d 74 75 6e 6e 65 6c 40 6e 65 74 65 
6e 67 04 74 65 73 74 
MAIN !!!!!!
Sending PAP_AUTH_NAK on port S0 of 14 bytes containing:wire bytes 18
03 26 00 12 0d 49 6e 76 61 6c 69 64 20 4c 6f 67 
69 6e 
Sending LCP_TERMINATE_ACK on port S0 of 0 bytes containing:wire bytes 4
06 02 00 04 
S0: Connection Failed


Heres the snip from the radius logfile:

Code:       Access-Request
Identifier: 3
Authentic:  $<178><7><153><198>k<196><180><231><197><154><227>s9<4><191>
Attributes:
        User-Name = "tunnel@neteng"
        User-Password =
"<12><220>q3O<238><139><6>cr<152>'<15><237><186><225>"
        NAS-IP-Address = x.x.3.134
        NAS-Port = 0
        NAS-Port-Type = Async
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Connect-Info = "9600 LAPM/V42BIS"

Tue May 13 11:34:09 2003: DEBUG: Handling request with Handler
'Realm=neteng'
Tue May 13 11:34:09 2003: DEBUG: Rewrote user name to tunnel
Tue May 13 11:34:09 2003: DEBUG:  Deleting session for tunnel@neteng,
x.x.3.134, 0
Tue May 13 11:34:09 2003: DEBUG: Handling with Radius::AuthFILE: 
Tue May 13 11:34:09 2003: DEBUG: Radius::AuthFILE looks for match with
tunnel
Tue May 13 11:34:09 2003: DEBUG: Radius::AuthFILE ACCEPT: 
Tue May 13 11:34:09 2003: DEBUG: Access accepted for tunnel
Tue May 13 11:34:09 2003: DEBUG: Packet dump:
*** Sending to x.x.3.134 port 1026 ....
Code:       Access-Accept
Identifier: 3
Authentic:  $<178><7><153><198>k<196><180><231><197><154><227>s9<4><191>
Attributes:
        Tunnel-Type = L2TP
        Tunnel-Medium-Type = IP
        Tunnel-Server-Endpoint = x.x.3.132


Like I said, I had it working earlier, but now I'm lost.  Please help!!

-Bo Byrd


-
To unsubscribe, email 'majordomo@portmasters.com' with
'unsubscribe portmaster-users' in the body of the message.
List archive: <URL:http://www.portmasters.com/archives/>
[prev in list] [next in list] [prev in thread] [next in thread]