Re: (ASCEND) L2TP and Max

To: Naoto MATSUMOTO <not@iri.co.jp>
Subject: Re: (ASCEND) L2TP and Max
From: Matt Holdrege <matt@ascend.com>
Date: Mon, 12 Apr 1999 07:15:53 -0700
Cc: ascend-users@max.bungi.com
In-Reply-To: <19990411181101G.not@iri.co.jp>
References: <Your message of "Fri, 12 Feb 1999 22:45:21 -0800 (PST)"<199902130645.WAA20263@max.bungi.com><199902130645.WAA20263@max.bungi.com>
Sender: owner-ascend-users@max.bungi.com
Briefly it seems like a problem with your Radius server. What kind is it?
You must use a server that encrypts the L2TP shared secret.


At 06:11 PM 4/11/99 +0900, Naoto MATSUMOTO wrote:
>
>  Hi folks,
>  I tried it. but I'm confused ...
>
>>  I have L2TP working between the MAX(LAC running 6.1.7 ) and the
>> Cisco ( LNS running 12.0(1)T) before ..
>
>* Items:
>	  Ascend MAX2000 TAOS 6.1.24    LAC(L2TP Access Concentrator)
>	  Cisco 2514     IOS 12.0(2a)T	LNS(L2TP Network Server)
>	  DTC RADIUS     RADIUS version DTC 2.03 p6
>
>* the diagram :
>                10.10.10.10                    192.168.108.17 
>  mobile PC ---> MAX(LAC)         Radius       Cisco2514(LNS)
>   (PIAFS32K)           |___________|__________| ethernet 
>
>*  Here are my configurations :
>
>  1/ The Max : 
>  	Sys Config > Name : max
>	Mod Condig > DNS > Domain Name : my.domain
>  	L2 Tunneling Options : 
>  		L2TP Mode = LAC
>  		L2TP auth enable = Yes
>  		L2TP RX window = 0
>
>  2/ Radius user profile : 
>
>    /etc/raddb/users
>    #
>    # For L2TP Tunneling TEST
>    #
>    LNS     User-Password = ""
>
>    l2tp    Password = "pass",
>	    Service-Type = Framed-User,
>	    Framed-Protocol = PPP,
>	    Framed-IP-Netmask = 255.255.255.255,
>	    Framed-Routing = None,
>	    Ascend-Link-Compression = Link-Comp-None,
>	    Tunnel-Type = Tunnel-L2TP,
>	    Tunnel-Medium-Type = Tunnel-IP,
>	    Tunnel-Password = "secret",
>	    Tunnel-Server-Endpoint = 192.168.108.17
>
>  3/Cisco ( LNS)
>
>    username l2tp password 7 XXXX ("pass" :same Password = "pass")
>    vpdn enable
>    !         
>    vpdn-group 1
>     accept dialin l2tp virtual-template 1 remote max.my.domain (same MAX
entry ?)
>     local name LNS               (LNS :same LNS     User-Password = "")
>     l2tp tunnel password 7 XXXXX ("secret" :same Tunnel-Password = "secret")
>    !         
>    !         
>    interface Ethernet1
>     ip address 192.168.108.17 255.255.255.240
>     no ip directed-broadcast
>     no ip route-cache
>     no ip mroute-cache
>    !         
>    interface Virtual-Template1
>     ip unnumbered Ethernet1
>     no ip directed-broadcast
>     peer default ip address pool test
>     ppp authentication chap
>    !
>    ip local pool test 192.168.108.24
>
>* debug:
>
>  [BAD CASE!]
>  PPP L2TP user start is ....
>
>    MAX(LAC)> l2tpcm 
>    L2TPCM debug is now ON
>     >
>
>  *(l2tp user connect to MAX(LAC))
>
>    L2TPCM: calling getHostByNameAsync for server 192.168.108.17
>    L2TPCM: Looking for server [192.168.108.17] at address 192.168.108.17
>    L2TPCM: CMStart called for [192.168.108.17:1701]
>    L2TPCM-54: Event = LocalStartReq
>    L2TPCM-54: sending StartControlConnectionRequest
>    L2TPCM-54: Session state chg from Down to Local-Start
>    L2TPCM-54: transportRxCallback from [192.168.110.52:1701/54]
>    L2TPCM-54: Event = RxStartRep
>    L2TPCM-54: ParseStartControlConRep
>    L2TPCM-54: Protocol Version = 0x0100
>    L2TPCM-54: Framing Cap = 0x00000003
>    L2TPCM-54: Bearer Cap = 0x00000003
>    L2TPCM-54: Firmware Revision = 0x1120
>    L2TPCM-54: Name = LNS
>    L2TPCM-54: Vendor Name = Cisco Systems, Inc.
>    L2TPCM-54: TunnelID = 173 (0x00ad)
>    L2TPCM-54: Receive Window Size = 4
>    L2TPCM-54: Peer is challenging me!
>    L2TPCM-54: Peer sent challenge response!
>    L2TPCM-54: looking for 'LNS' shared secret...
>    L2TPCM-54: waiting for RADIUS callback
>    L2TPCM: _radiusCallback: status = 2
>    L2TPCM-54: re-queueing last event
>    L2TPCM-54: Event = RxStartRep
>    L2TPCM-54: ParseStartControlConRep
>    L2TPCM-54: Protocol Version = 0x0100
>    L2TPCM-54: Framing Cap = 0x00000003
>    L2TPCM-54: Bearer Cap = 0x00000003
>    L2TPCM-54: Firmware Revision = 0x1120
>    L2TPCM-54: Name = LNS
>    L2TPCM-54: Vendor Name = Cisco Systems, Inc.
>    L2TPCM-54: TunnelID = 173 (0x00ad)
>    L2TPCM-54: Receive Window Size = 4
>    L2TPCM-54: Peer is challenging me!
>    L2TPCM-54: Peer sent challenge response!
>!   L2TPCM-54: shared secret with 'LNS' is ''
>!                                  ^^^^    ^ ?? NULL What's happen?
>!   L2TPCM-54: authentication failed!
>!   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    L2TPCM-54: sending StopControlConnectionNotification
>
>* RADIUS debug log (failed Tunnel Authentication)
>
>    RADIUS #/usr/etc/radiusd -L -p -d /etc/raddb -Sl -a /var/log/radacct -x 
>    Apr 11 17:33:34.429 radiusd[26294] Debugging enabled
>    Apr 11 17:33:54.678 radiusd[26294] New request: max.my.domain.1025,
id=155
>    Apr 11 17:33:54.679 radiusd[26294] handle_radius_request:
max.my.domain.1025,....
>    Apr 11 17:33:54.680 radiusd[26294] fork in rad_spawn_child (parent)
>    Apr 11 17:33:54.681 radiusd[26296] fork in rad_spawn_child (child)
>      request: User-Name = "l2tp"
>      request: CHAP-Password =
"\001+}\344,\230\304\374\335\207\013\255\012\211\260\314\370"
>      request: NAS-IP-Address = 10.10.10.10
>      request: NAS-Port = 10120
>      request: NAS-Port-Type = 6
>      request: Service-Type = Framed-User
>      request: Framed-Protocol = PPP
>      request: State = ""
>      request: Calling-Station-Id = "0#043719343"
>      request: Acct-Session-Id = "292683824"
>    Apr 11 17:33:54.687 radiusd[26296] Authenticate: NAS is Ascend Box
>      user_parse: Password = "pass"
>      user_parse: Service-Type = Framed-User
>      user_parse: Framed-Protocol = PPP
>      user_parse: Framed-IP-Netmask = 255.255.255.255
>      user_parse: Framed-Routing = Listen
>      user_parse: Ascend-Link-Compression = Link-Comp-None
>      user_parse: Tunnel-Type = Tunnel-L2TP
>      user_parse: Tunnel-Medium-Type = Tunnel-IP
>      user_parse: Tunnel-Password = "secret"
>      user_parse: Tunnel-Server-Endpoint = "192.168.108.17"
>      cut_attribute: Password = "pass"
>    Apr 11 17:33:54.692 radiusd[26296] User record PASSWORD type is Radius
>    Apr 11 17:33:54.692 radiusd[26296] send_accept: max.my.domain.1025,
id=155
>      reply: Service-Type = Framed-User
>      reply: Framed-Protocol = PPP
>      reply: Framed-IP-Netmask = 255.255.255.255
>      reply: Framed-Routing = Listen
>      reply: Ascend-Link-Compression = Link-Comp-None
>      reply: Tunnel-Type = Tunnel-L2TP
>      reply: Tunnel-Medium-Type = Tunnel-IP
>      reply: Tunnel-Password = "secret"
>      reply: Tunnel-Server-Endpoint = "192.168.108.17"
>
>*    (l2tp user Authentication is good. but,next Tunnel(?) authentication
is ....)
>
>    Apr 11 17:33:54.909 radiusd[26294] New request: max.my.domain.1025,
id=156
>    Apr 11 17:33:54.909 radiusd[26294] handle_radius_request:
max.my.domain.1025,...
>    Apr 11 17:33:54.910 radiusd[26294] fork in rad_spawn_child (parent)
>    Apr 11 17:33:54.911 radiusd[26297] fork in rad_spawn_child (child)
>!     request: User-Name = "LNS"
>!     request: User-Password = ""
>!                              ^^ NULL ?? Whats's happen?
>      request: NAS-IP-Address = 10.10.10.10
>      request: NAS-Port = 0
>      request: NAS-Port-Type = Virtual
>      request: Service-Type = Outbound-User
>!     user_parse: User-Password = ""
>!     cut_attribute: User-Password = ""
>    Apr 11 17:33:54.920 radiusd[26297] User record PASSWORD type is Radius
>    Apr 11 17:33:54.920 radiusd[26297] send_accept: max.my.domain.1025,
id=156
>
>! [GOOD CASE!]
>* But manual l2tpstart command is ...
>
>    MAX(LAC)> l2tpstart 192.168.108.17 secret
>    L2TPCM: Connecting to host [192.168.108.17], password = secret
>    L2TPCM: CMStart called for [192.168.108.17:1701]
>    L2TPCM-56: Event = LocalStartReq
>    L2TPCM-56: sending StartControlConnectionRequest
>    L2TPCM-56: Session state chg from Down to Local-Start
>    L2TPCM-56: transportRxCallback from [192.168.110.52:1701/56]
>    L2TPCM-56: Event = RxStartRep
>    L2TPCM-56: ParseStartControlConRep
>    L2TPCM-56: Protocol Version = 0x0100
>    L2TPCM-56: Framing Cap = 0x00000003
>    L2TPCM-56: Bearer Cap = 0x00000003
>    L2TPCM-56: Firmware Revision = 0x1120
>    L2TPCM-56: Name = LNS
>    L2TPCM-56: Vendor Name = Cisco Systems, Inc.
>    L2TPCM-56: TunnelID = 175 (0x00af)
>    L2TPCM-56: Receive Window Size = 4
>    L2TPCM-56: Peer is challenging me!
>    L2TPCM-56: Peer sent challenge response!
>!   L2TPCM-56: shared secret with 'LNS' is 'secret'
>*                                 ^^^^     ^^^^^^^ share secert is available.
>!   L2TPCM-56: sending StartControlConnectionConnected
>!   L2TPCM-56: Session state chg from Local-Start to Up
>*                               Establish L2TP sesssion
>*   L2TP Session is successfull.
>
>    Cisco(LNS)#show vpdn tunnel
>
>      L2TP Tunnel Information (Total tunnels=1 sessions=0)
>
>      LocID RemID Remote Name   State  Remote Address  Port  Sessions
>      176   57    max.my.domai  est    10.10.10.10     1701  0       
>
>
> Umm... It's a Interoperability Problem ?
>
> Thanks
>
>==
>[IRI] Internet Research Institute,Inc.
> Department of Networking,Senior Researcher
>   Naoto MATSUMOTO <not@iri.co.jp>
>++ Ascend Users Mailing List ++
>To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
>To get FAQ'd:	<http://www.nealis.net/ascend/faq>
>
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>
Follow-Ups:
- Re: (ASCEND) L2TP and Max
  - From: Naoto MATSUMOTO <not@iri.co.jp>
References:
- Re: (ASCEND) L2TP and Max
  - From: Naoto MATSUMOTO <not@iri.co.jp>
Prev by Date: RE: (ASCEND) Empty Radius entries with Ascend Max 6000
Next by Date: Re: (ASCEND) L2TP and Max
Prev by thread: Re: (ASCEND) L2TP and Max
Next by thread: Re: (ASCEND) L2TP and Max
Index(es):
- Date
- Thread