MPD: FreeBSD PPP daemon / Discussion / Help: Issues with L2TP Radius Auth on newest version.

Hi,

I'm currently running FreeBSD 14.0 Release with MPD 5.9_18.

I'm attempting to use a radius server to auth PAP/CHAP requests.

Here are what I think are the relevant parts of the config:

  set link action bundle LTE
  set link enable incoming
  set link disable peer-as-calling

  set link enable pap chap
# settings on the link
  set link disable acfcomp
  set link disable protocomp
  set link disable check-magic
  set link deny acfcomp
  set link deny protocomp

radiussettings:
  set radius server 172.31.4.193 BIYAQsK5BtnM5dUMYt4NYXS53MIlICNA 1812 1813
  #set radius server 172.31.4.129 BIYAQsK5BtnM5dUMYt4NYXS53MIlICNA 1812 1813
  set radius retries 2
  set radius timeout 3
#  set radius enable message-authentic
  # must be radius auth
  set auth disable internal
  set auth enable radius-auth
  set auth enable radius-acct
#  set auth enable pap chap
  set auth acct-update 1605
# don't drop the session if start message isn't responded to
  set auth disable acct-mandatory

in the case of CHAP, it appears to just be attempting some sort of local chap auth:

Jun 19 13:48:34 manlns1 mpd[92950]: L2TP: rec'd ICRQ in state established
Jun 19 13:48:34 manlns1 mpd[92950]: L2TP: created new session #139398016 id 0x8504 orig=remote side=LNS state=wait-connect
Jun 19 13:48:34 manlns1 mpd[92950]: L2TP: Incoming call #139398016 via connection 0x541ae1c5e910 received
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] L2TP: Incoming call #139398016 via control connection 0x541ae1c5e910 accepted
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] L2TP: Call #139398016 remote hostname is 3UK-SL01RPG01-LAC
Jun 19 13:48:34 manlns1 mpd[92950]: L2TP: XMIT(0x43bb) [MESSAGE_TYPE ICRP] [ASSIGNED_SESSION_ID 0x8504]
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] Link: OPEN event
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: Open event
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: state change Initial --> Starting
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: LayerStart
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] device: OPEN event in state CONNECTING
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] L2tpOpen() on incoming call
Jun 19 13:48:34 manlns1 mpd[92950]: L2TP: RECV(0x0485) [MESSAGE_TYPE ICCN] [FRAMING_TYPE sync=0 async=0] [TX_CONNECT_SPEED 0] [LAST_SENT_CONFREQ ] [LAST_RECV_CONFREQ ] [PROXY_AUTHEN_TYPE 2] [PROXY_AUTHEN_NAME "default"] [PROXY_AUTHEN_CHALLENGE 215c0000215c0000215c0000215c0000] [PROXY_AUTHEN_ID 0] [PROXY_AUTHEN_RESPONSE 860da28b2acac59cc75afed6d15845ce]
Jun 19 13:48:34 manlns1 mpd[92950]: L2TP: rec'd ICCN in state wait-connect
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] L2TP: Call #139398016 connected
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] device: UP event
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] Link: UP event
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] Link: origination is remote
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: Up event
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: state change Starting --> Req-Sent
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: phase shift DEAD --> ESTABLISH
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #1
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #1 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #2 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #3
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #3 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #4
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #4 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #5
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #5 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #6
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #6 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #7
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #7 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #8
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #8 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #9
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #9 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: SendConfigReq #10
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   ACCMAP 0x000a0000
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MRU 1358
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   MAGICNUM 0xd8511c4c
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: rec'd Configure Reject #10 (Req-Sent)
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3]   AUTHPROTO CHAP MSOFTv2
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: not converging
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: parameter negotiation failed
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: state change Req-Sent --> Stopped
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] LCP: LayerFinish
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] device: CLOSE event in state UP
Jun 19 13:48:34 manlns1 mpd[92950]: [TUK175193-3] L2TP: Call #139398016 terminated locally

ANd for PAP, one device is able to attach and is handed an IP by radius, while another doesn't appear to be able to.

I'm looking for some help understanding why CHAP isn't handed off to RADIUS correctly.

Previously my company ram a patched version of mpd that had it's own proxy auth, so we're now attempting to upgrade and stick to the default latest version as we no longer need any proxy auth functionality, so I think we migth have some strange config options that aren't helping since we've never ran it with a normal config.

I currently have a cellular test device that I can switch from PAP/CHAP so can test different options.

I've also attached our current full config incase that's useful.

Thanks for any help

mpd.conf

Eugene Grosbein - 2024-06-21

The log shows that client was not configured to use MS-CHAPv2 and rejected to used it while mpd5 server was configured to require MS-CHAPv2 (not PAP).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mr Steven Crangle - 2024-06-20

Another thing we see in the RADIUS layer too, is this:

Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_ACCT_MULTI_SESSION_ID: 8877876-LTE-2 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_MPD_BUNDLE: LTE-2 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_MPD_IFACE: ng0 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_MPD_IFACE_INDEX: 8 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_MPD_PEER_IDENT: Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_ACCT_LINK_COUNT: 1 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_ACCT_AUTHENTIC: 2 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Send request for user '' Jun 20 10:04:42 manlns1 mpd[95157]: [TUK175193-2] RADIUS: rad_send_request for user '' failed: No valid RADIUS responses received

Which suggests the credentials are blank somehow, but they're definitely set at the device level, and that same device works fine when attaching to our patched 5.8 mpd.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Eugene Grosbein - 2024-06-21
  
  Please do not cut the logs. We need full session log. Also, replace your "log +ALL -EVENTS -FRAME -ECHO +RADIUS +RADIUS2" with something like the following:
  
  log +auth +bund +iface +iface2 +ipcp +ipcp2 +link +lcp +lcp2 +rep
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Apologies, here are the logs with the recommended log settings:

Jun 21 08:52:54 manlns1 mpd[97891]: Incoming L2TP packet from 185.153.238.191 1701 to 185.100.175.193 1701
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: ppp_l2tp_ctrl_create invoked
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: Control connection 0x5242e765e310 185.100.175.193 1701 <-> 185.153.238.191 1701 accepted
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: RECV [MESSAGE_TYPE SCCRQ] [PROTOCOL_VERSION 1.0] [HOST_NAME "3UK-SL01RPG01-LAC"] [RECEIVE_WINDOW_SIZE 1024] [FRAMING_CAPABILITIES sync=0 async=0] [BEARER_CAPABILITIES digital=1 analog=0] [FIRMWARE_REVISION 0x0c00] [VENDOR_NAME "Nokia"] [ASSIGNED_TUNNEL_ID 0x2483]
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: rec'd SCCRQ in state idle
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: connected to "3UK-SL01RPG01-LAC", version=1.0
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: XMIT [MESSAGE_TYPE SCCRP] [HOST_NAME "manchlns"] [VENDOR_NAME "FreeBSD MPD"] [BEARER_CAPABILITIES digital=1 analog=1] [RECEIVE_WINDOW_SIZE 8] [PROTOCOL_VERSION 1.0] [FRAMING_CAPABILITIES sync=1 async=1] [ASSIGNED_TUNNEL_ID 0x3641]
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: RECV [MESSAGE_TYPE SCCCN]
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: rec'd SCCCN in state wait-ctl-conn
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: Control connection 0x5242e765e310 185.100.175.193 1701 <-> 185.153.238.191 1701 connected
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: RECV [MESSAGE_TYPE ICRQ] [ASSIGNED_SESSION_ID 0x2b2f] [CALL_SERIAL_NUMBER 361106608] [CALLED_NUMBER "stream.co.uk"] [CALLING_NUMBER "447412832103"]
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: rec'd ICRQ in state established
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: created new session #361106608 id 0x2d1c orig=remote side=LNS state=wait-connect
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: Incoming call #361106608 via connection 0x5242e765e310 received
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] L2TP: Incoming call #361106608 via control connection 0x5242e765e310 accepted
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] L2TP: Call #361106608 remote hostname is 3UK-SL01RPG01-LAC
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: XMIT(0x2b2f) [MESSAGE_TYPE ICRP] [ASSIGNED_SESSION_ID 0x2d1c]
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] Link: OPEN event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: Open event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: state change Initial --> Starting
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: LayerStart
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] device: OPEN event in state CONNECTING
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] L2tpOpen() on incoming call
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: RECV(0x1c2d) [MESSAGE_TYPE ICCN] [FRAMING_TYPE sync=0 async=0] [TX_CONNECT_SPEED 0] [LAST_SENT_CONFREQ ] [LAST_RECV_CONFREQ ] [PROXY_AUTHEN_TYPE 2] [PROXY_AUTHEN_NAME "default"] [PROXY_AUTHEN_CHALLENGE 67080000670800006708000067080000] [PROXY_AUTHEN_ID 0] [PROXY_AUTHEN_RESPONSE d82655de78fbae675fdb33fd449e048c]
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: rec'd ICCN in state wait-connect
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] L2TP: Call #361106608 connected
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] device: UP event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] Link: UP event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] Link: origination is remote
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: Up event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: state change Starting --> Req-Sent
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: phase shift DEAD --> ESTABLISH
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #1
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #1 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #2 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #3
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #3 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #4
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #4 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #5
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #5 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #6
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #6 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #7
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #7 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #8
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #8 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #9
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #9 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: SendConfigReq #10
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACFCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   PROTOCOMP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   ACCMAP 0x000a0000
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MRU 1358
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   MAGICNUM 0xc9057a82
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: rec'd Configure Reject #10 (Req-Sent)
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1]   AUTHPROTO CHAP MSOFTv2
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: not converging
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: parameter negotiation failed
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: state change Req-Sent --> Stopped
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: LayerFinish
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] device: CLOSE event in state UP
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] L2TP: Call #361106608 terminated locally
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: ppp_l2tp_terminate invoked, sess=0x5242e7690010 errmsg=""
Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: XMIT(0x2b2f) [MESSAGE_TYPE CDN] [ASSIGNED_SESSION_ID 0x2d1c] [RESULT_CODE result=3 error=0 errmsg=""]
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] device: DOWN event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] Link: DOWN event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: Close event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: state change Stopped --> Closed
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: Down event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: state change Closed --> Initial
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] LCP: phase shift ESTABLISH --> DEAD
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] Link: SHUTDOWN event
Jun 21 08:52:54 manlns1 mpd[97891]: [TUK175193-1] Link: Shutdown

I've also stripped back our config to be smaller/simpler so there's less chance of something causing an issue. I've attached the new smaller config.

Thanks

Steven

mpd.conf

Eugene Grosbein - 2024-06-21

This log indicates exactly same problem: a client rejects to authorize itself with MS-CHAPv2. The client must be reconfigured to use MS-CHAPv2.

Last edit: Eugene Grosbein 2024-06-21

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Mr Steven Crangle - 2024-06-21
  
  Thanks.
  
  So unless the client accepts our use of pap/chap at the lcp layer, then it wont make it to generating a radius request? Or am I misunderstanding?
  
  I think our previous patched version of 5.8 did a sort of proxy auth instead of dealing with it in the lcp error, but it was never merged in to mpd, and is likely uncompatible with the current code base.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
  - Eugene Grosbein - 2024-06-21
    
    So unless the client accepts our use of pap/chap at the lcp layer, then it wont make it to generating a radius request?
    
    It depends. Do you try to make split LAC/LNS configuration or mpd5 needs to serve users all by itself?
    
    If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Mr Steven Crangle - 2024-06-21

Our solution talks to FreeRADIUS also on FreeBSD, so I'd assume it needs CHAP-MD5.

I've tried enabling that too, but no chap setting seems to result in a radius request being generated by MPD, it's like it's just trying to auth locally even though internal auth is disabled.

Thanks

Steven

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Issues with L2TP Radius Auth on newest version.

FreeBSD Multi PPP daemon

Forums

Help

Issues with L2TP Radius Auth on newest version.

Issues with L2TP Radius Auth on newest version.

FreeBSD Multi PPP daemon

Forums

Help

Issues with L2TP Radius Auth on newest version. document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

Issues with L2TP Radius Auth on newest version.