Re: Windows IPSec/L2TP VPN client and Linux server with RADIUS, and

[Jim Barber <jim.barber@ddihealth.com>]

I decided to comment out the following entries in the
/etc/ppp/options.l2tpd file:

	#refuse-chap
	#refuse-mschap
	#require-mschap-v2

Then I changed the security settings in the VPN client software to
untick everything except for plain CHAP.

Now when I connect I see the following in the freeradius logs, and the
VPN successful establishes a connection.

rad_recv: Accounting-Request packet from host 10.10.0.218:1026, id\x127, length\x133
         Acct-Session-Id = "431F80CF7EB000"
         User-Name = "user1"
         Acct-Status-Type = Stop
         Service-Type = Framed-User
         Framed-Protocol = PPP
         Acct-Authentic = RADIUS
         Acct-Session-Time = 18
         Acct-Output-Octets = 33
         Acct-Input-Octets = 785
         Acct-Output-Packets = 2
         Acct-Input-Packets = 8
         NAS-Port-Type = Async
         Acct-Terminate-Cause = User-Request
         Framed-IP-Address = 10.10.0.248
         NAS-IP-Address = 10.10.0.216
         NAS-Port = 0
         Acct-Delay-Time = 0

But then I did something that was strange.
I turned on the refuse-chap, refuse-mschap, and require-mschap-v2
options in the options.l2tpd file again, and then tried to connect with
VPN client again, expecting it to fail...
But it didn't. With the VPN client still configured to only use CHAP,
it was allowed to log in despite the 'require-mschap-v2' directive.
I had bounced all daemons to make sure that the changes were picked up.

Does that give anyone some clues?

----------
Jim Barber
DDI Health