# VPN (openswan, l2tpd, pppd) and WinXP

## madfry

Hi there!

I'm just setting up a vpn server on a linux router.

I'm using openswan + l2tpd + pppd 2.4.2 for the vpn, because it must be reachable with the built-in vpn client in WinXP (SP2) and has to use ipsec.

Everything seems to run well except the ppp daemon. The log says:

```

pppd: The remote system is required to authenticate itself

pppd: but I couldn't find any suitable secret (password) for it to use to do so.

pppd: (None of the available passwords would let it use an IP address.)

```

I've tried everything to check what the problem might be, but I didn't found it...

Here are my config files:

l2tpd.conf:

```

[global]

listen-addr = 192.168.52.254

[lns default]

ip range = 192.168.52.128-192.168.52.252

local ip = 192.168.52.253

require chap = yes

refuse pap = yes

require authentication = yes

name = l2tpd

ppp debug = yes

pppoptfile = /etc/ppp/options.l2tpd

length bit = yes

```

options.l2tpd:

```

ipcp-accept-local

ipcp-accept-remote

#ms-dns  192.168.1.1

#ms-dns  192.168.1.3

#ms-wins 192.168.1.2

#ms-wins 192.168.1.4

noccp

auth

crtscts

mtu 1410

mru 1410

nodefaultroute

debug

lock

proxyarp

connect-delay 5000

require-chap

refuse-pap

hide-password

#kdebug 1

```

The chap-secrets file:

```

# client        server  secret                  IP addresses

user    *       password         192.168.52.128/25

*       user    password         192.168.52.128/25

```

Does anyone have an idea?

I'm open for every hint   :Wink: 

Fry

----------

## ronaldmoes

I think you should remove the 'auth' option from your pppd config file.

----------

## madfry

 *Quote:*   

> 
> 
> I think you should remove the 'auth' option from your pppd config file.
> 
> 

 

Yes google said the same, but that also didn't run...

I've used this howto to build my vpn:

http://www.jacco2.dds.nl/networking/freeswan-l2tp.html

There are also example config files where this option has been used.

The auth option is necessary because both client and server have to authenticate themself with the same user/password combination

I've also tried to completely disable the authentification by setting the noauth option, or the options noauth and login, and in the l2tpd.conf require auth. = no.

I've tried to force CHAP in the MS-client (which uses MS-CHAP(v2) by default), or PAP (and linking the CHAP-secrets to PAP-secrets).

Finally I always get the same error...  :Sad: 

----------

## ronaldmoes

What happens if you comment out the 'require-chap' option and also the 'auth' option?

----------

## jacco2

 *madfry wrote:*   

> 
> 
> I'm just setting up a vpn server on a linux router.
> 
> I'm using openswan + l2tpd + pppd 2.4.2 for the vpn, because it must be reachable with the built-in vpn client in WinXP (SP2) and has to use ipsec.
> ...

 

The configuration files look OK to me. Is chap-secrets world readable perhaps? Are there any non-standard characters in chap-secrets? Is the client configured to use a static IP address which is not within 192.168.52.128/25? Is there any more logging that you can enable which could indicate what is going on?

Peculiar that the noauth workaround does not fix the problem. I wouldn't use it as a permanent solution, though.

----------

## madfry

Hi!

I will try it again in a few weeks. 

For now I've used openvpn, which is not ipsec but worked within a hour  :Wink: 

Thx for your help, though!

----------

