I am trying to use the Radius Tunnel-Password attribute in order to control the usage of the L2TP tunnels open by the HARC. I managed to set up a tunnel with two HARC's 5.0.9 acting as LAC and LNS. But I can't seem to enable the Tunnel-Password feature. Here is my setup: On the LAC side: The Radius Server authenticates the users with: Framed-Protocol = PPP Tunnel-Server-Endpoint = 192.168.100.10 Tunnel-Type = L2TP On the LNS (192.168.100.10) side: The call arrives and is authenticated as a PPP call. Now if I want to use a Tunnel secret, I made sure both LAC/LNS have the same "System Transmit authentication name": set system transmit_authentication_name HiPer I add a Tunnel-Password = MyPassword to the Radius profile on the LAC, and set up an extra account on the LNS called HiPer with: add user HiPer set tunnel user HiPer password MyPassword type L2TP security None Syslog reports the following: The LNS first complains: Unauthenticated message from HiPer The LAC then sends: Could not contact 192.168.100.10 The protocol monitor shows the Call being setup from the LAC and the LNS responding with a call disconnect immediately. Has anyone been able to set up HARC as an LNS with Tunnel-Password ? - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
Quoting Donald Baud <dbaud@bigfoot.com>:
I am trying to use the Radius Tunnel-Password attribute in order to control the usage of the L2TP tunnels open by the HARC. I managed to set up a tunnel with two HARC's 5.0.9 acting as LAC and LNS. But I can't seem to enable the Tunnel-Password feature. Here is my setup:
On the LAC side: The Radius Server authenticates the users with: Framed-Protocol = PPP Tunnel-Server-Endpoint = 192.168.100.10 Tunnel-Type = L2TP
On the LNS (192.168.100.10) side: The call arrives and is authenticated as a PPP call.
Now if I want to use a Tunnel secret, I made sure both LAC/LNS have the same "System Transmit authentication name": set system transmit_authentication_name HiPer
I add a Tunnel-Password = MyPassword to the Radius profile on the LAC, and set up an extra account on the LNS called HiPer with: add user HiPer set tunnel user HiPer password MyPassword type L2TP security None
You first have to use the enable command to enable L2tp-tunnel authentication, then when you do a show l2tp setting command you will see two options about sending l2tp outgoing/incoming challenge - you may want to enable both, then make sure that you supply l2tp tunnel password in the above. I have it working here with the above config. -V
Syslog reports the following: The LNS first complains: Unauthenticated message from HiPer The LAC then sends: Could not contact 192.168.100.10
The protocol monitor shows the Call being setup from the LAC and the LNS responding with a call disconnect immediately.
Has anyone been able to set up HARC as an LNS with Tunnel-Password ?
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
participants (2)
-
Donald Baud -
ved@iyka.com