Mr Steven Crangle

Thanks. So unless the client accepts our use of pap/chap at the lcp layer, then it wont make it to generating a radius request? Or am I misunderstanding? I think our previous patched version of 5.8 did a sort of proxy auth instead of dealing with it in the lcp error, but it was never merged in to mpd, and is likely uncompatible with the current code base.

Our solution talks to FreeRADIUS also on FreeBSD, so I'd assume it needs CHAP-MD5. I've tried enabling that too, but no chap setting seems to result in a radius request being generated by MPD, it's like it's just trying to auth locally even though internal auth is disabled. Thanks Steven

Apologies, here are the logs with the recommended log settings: Jun 21 08:52:54 manlns1 mpd[97891]: Incoming L2TP packet from 185.153.238.191 1701 to 185.100.175.193 1701 Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: ppp_l2tp_ctrl_create invoked Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: Control connection 0x5242e765e310 185.100.175.193 1701 <-> 185.153.238.191 1701 accepted Jun 21 08:52:54 manlns1 mpd[97891]: L2TP: RECV [MESSAGE_TYPE SCCRQ] [PROTOCOL_VERSION 1.0] [HOST_NAME "3UK-SL01RPG01-LAC"] [RECEIVE_WINDOW_SIZE...

Another thing we see in the RADIUS layer too, is this: Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_ACCT_MULTI_SESSION_ID: 8877876-LTE-2 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_MPD_BUNDLE: LTE-2 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_MPD_IFACE: ng0 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_MPD_IFACE_INDEX: 8 Jun 20 10:04:36 manlns1 mpd[95157]: [TUK175193-2] RADIUS: Put RAD_MPD_PEER_IDENT: Jun 20 10:04:36...

Hi, I'm currently running FreeBSD 14.0 Release with MPD 5.9_18. I'm attempting to use a radius server to auth PAP/CHAP requests. Here are what I think are the relevant parts of the config: set link action bundle LTE set link enable incoming set link disable peer-as-calling set link enable pap chap # settings on the link set link disable acfcomp set link disable protocomp set link disable check-magic set link deny acfcomp set link deny protocomp radiussettings: set radius server 172.31.4.193 BIYAQsK5BtnM5dUMYt4NYXS53MIlICNA...