upgrade from v1 to v3 L2TP issues
Andy Smith
a.smith at ldex.co.uk
Thu Jun 2 15:09:54 CEST 2016
Hi list,
I've just upgraded a freeradius v1.1.8 server with MySQL DB to 3.0.11.
I didn't install or configure the original and haven't used freeradius
previously so its been a steep learning curve. I've now got the server
to a point where it seems to all work on the server side, we are testing
via NTRadPing and we get a successful authentication logged on the
server and in NTRadPing. However when we try and use Radius for real
with a Cisco device doing authentication for L2TP something is failing.
This is what my colleague who runs the network told me having looking at
the debug info on the router side:
"PPP comes up and then the router tries to get an IP address. This
messages 0.0.0.0 there is no address and request the local router to
provide it. So basically it's not getting an address from the radius
server"
When we test with NTRadPing we noticed that the output is slightly
different if we authenticate against the v1 or v3 radius server:
radius 1 - not working
Framed-IP-Address=93.10.10.10
vendor Cisco cisco-avpair=lcp:interface-config=ip unnumbered loopback
2003\0x0a
Service-Type=Framed
Tunnel-Medium-Type=IP
Tunnel-Type=L2TP
Tunnel-Password=\0x00\0x85K\0x97\0xd5jk\0x0b\0xefbN\0xac\0x12y\0x80.\0xda\0xb3\0xb1
Tunnel-Server-Endpoint=178.248.104.124
Tunnel-Client-Auth-ID=broadband-3
radius 2 - working (differences in red)
Framed-IP-Address=93.10.10.10
vendor Cisco cisco-avpair=lcp:interface-config=ip unnumbered loopback
2003\n
Service-Type=Framed
Tunnel-Medium-Type=IP
Tunnel-Type=L2TP
Tunnel-Password=\0x00\0xb0}=G\0xe7\0xe4\0x08\0xd1\\0xe4\0xax;\0x0d?\0x15\0xe4\0x8f\0xfe
Tunnel-Server-Endpoint=178.248.104.124
Tunnel-Client-Auth-ID=broadband-3
could this be related to our issue? Noticing the line return is
different on the avpair line and the password is different, its stored
in clear text in the DB. Currently a bit stumped. Can pass on the output
of radiusd -X if the above isn't the key to the problem,
thanks, Andy.
More information about the Freeradius-Users
mailing list