Hi guys,
Is it possble to see the password the user is trying to use in the logs?
I can see the username but not the password “user blabla authentication failed”
My secrets got erased due to netwatch issue, is there anyway to bypass the password to allow the user entry to retreive the valid password
Not sure whether in the logs, but: if the client allows PAP, you can set the L2TP server to only accept PAP, and then you will see the password in plaintext - at least in .pcap (sniff) if not in the log. Otherwise you’ll have to assign new passwords to the users.
Thanks Sindy, pity I set the clients to add allow=mschap1,mschap2
Da-a-a-m ba-a-a-d 
(© 1900 Jerome Klapka Jerome)
The thing is that the essence of all the challenge-based algorithms (including the two MS-CHAP ones) is not to transport the password itself across the link between the client and the server, so there is no way how it could get logged.
So it might be possible to permit only mschap1 and execute a cryptoanalytic attack, consisting in letting the user attempt to authenticate multiple times unsuccessfully while recording all the exchanges (there must have been a reason to develop mschap2 after all), but something is telling me that changing the passwords will be a simpler approach 