im trying to set up a VPN server on CentOS 5.3 so far i have got OpenSwan working for IPsec and xl2tpd running with PPP CHAP authentication. the problem is CHAP is failing. when i run xl2tpd in debug mode and connect i get this: Code: xl2tpd[14601]: get_call: allocating new tunnel for host 10.1.2.3, port 1701. xl2tpd[14601]: get_call: allocating new tunnel for host 10.1.2.3, port 1701. xl2tpd[14601]: control_finish: Peer requested tunnel 59 twice, ignoring second one. xl2tpd[14601]: build_fdset: closing down tunnel 51937 xl2tpd[14601]: Connection established to 10.1.2.3, 1701. Local: 12995, Remote: 59 (ref=0/0). LNS session is 'default' xl2tpd[14601]: start_pppd: I'm running: xl2tpd[14601]: "/usr/sbin/pppd" xl2tpd[14601]: "passive" xl2tpd[14601]: "nodetach" xl2tpd[14601]: "10.1.1.2:10.1.1.128" xl2tpd[14601]: "refuse-pap" xl2tpd[14601]: "auth" xl2tpd[14601]: "require-chap" xl2tpd[14601]: "name" xl2tpd[14601]: "RatCatVPN" xl2tpd[14601]: "debug" xl2tpd[14601]: "file" xl2tpd[14601]: "/etc/ppp/options.xl2tpd" xl2tpd[14601]: "/dev/pts/1" /usr/sbin/pppd: The remote system is required to authenticate itself /usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so. /usr/sbin/pppd: (None of the available passwords would let it use an IP address.) xl2tpd[14601]: Call established with 10.1.2.3, Local: 52300, Remote: 1, Serial: 0 xl2tpd[14601]: control_finish: Connection closed to 10.1.2.3, serial 0 () xl2tpd[14601]: Terminating pppd: sending TERM signal to pid 14625 xl2tpd[14601]: pppd 14625 successfully terminated xl2tpd[14601]: control_finish: Connection closed to 10.1.2.3, port 1701 (), Local: 12995, Remote: 59 xl2tpd[14601]: build_fdset: closing down tunnel 12995 my config files look like: /etc/xl2tpd/xl2tpd.conf Code: [global] debug tunnel = yes [lns default] ip range = 10.1.1.128-10.1.1.254 local ip = 10.1.1.2 require chap = yes refuse pap = yes require authentication = yes name = RatCatVPN ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes /etc/ppp/options.xl2tpd Code: ipcp-accept-local ipcp-accept-remote noccp auth crtscts idle 1800 mtu 1410 mru 1410 defaultroute debug lock proxyarp connect-delay 5000 /etc/ppp/chap-secrets Code: # Secrets for authentication using CHAP # client server secret IP addresses ####### redhat-config-network will overwrite this part!!! (begin) ########## ####### redhat-config-network will overwrite this part!!! (end) ############ * scott "test" * scott * "test" * /etc/ipsec.conf Code: version 2.0 # conforms to second version of ipsec.conf specification config setup protostack=netkey interfaces=%defaultroute klipsdebug=all virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16 conn %default keyingtries=3 compress=yes disablearrivalcheck=no authby=secret type=tunnel keyexchange=ike ikelifetime=240m keylife=60m conn roadwarrior-net leftsubnet=10.1.2.0/24 also=roadwarrior conn roadwarrior-all leftsubnet=0.0.0.0/0 also=roadwarrior conn roadwarrior-l2tp leftprotoport=17/0 rightprotoport=17/1701 also=roadwarrior conn roadwarrior-l2tp-updatedwin leftprotoport=17/1701 rightprotoport=17/1701 also=roadwarrior conn roadwarrior pfs=no left=10.1.2.1 leftnexthop=10.1.2.3 right=%any rightsubnet=vhost:%no,%priv auto=add i have been looking everywhere for help over the last few days and im getting nowhere if anyone could offer some help that would be great Thanks Scott.
