Quoting Donald Baud <dbaud@bigfoot.com>:
I am trying to use the Radius Tunnel-Password attribute in order to control the usage of the L2TP tunnels open by the HARC. I managed to set up a tunnel with two HARC's 5.0.9 acting as LAC and LNS. But I can't seem to enable the Tunnel-Password feature. Here is my setup:
On the LAC side: The Radius Server authenticates the users with: Framed-Protocol = PPP Tunnel-Server-Endpoint = 192.168.100.10 Tunnel-Type = L2TP
On the LNS (192.168.100.10) side: The call arrives and is authenticated as a PPP call.
Now if I want to use a Tunnel secret, I made sure both LAC/LNS have the same "System Transmit authentication name": set system transmit_authentication_name HiPer
I add a Tunnel-Password = MyPassword to the Radius profile on the LAC, and set up an extra account on the LNS called HiPer with: add user HiPer set tunnel user HiPer password MyPassword type L2TP security None
You first have to use the enable command to enable L2tp-tunnel authentication, then when you do a show l2tp setting command you will see two options about sending l2tp outgoing/incoming challenge - you may want to enable both, then make sure that you supply l2tp tunnel password in the above. I have it working here with the above config. -V
Syslog reports the following: The LNS first complains: Unauthenticated message from HiPer The LAC then sends: Could not contact 192.168.100.10
The protocol monitor shows the Call being setup from the LAC and the LNS responding with a call disconnect immediately.
Has anyone been able to set up HARC as an LNS with Tunnel-Password ?
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.