Community discussions

MikroTik App
 
karlyn22
just joined
Topic Author
Posts: 1
Joined: Sat Oct 01, 2022 7:26 am

l2tp with ipsec mschap2 auth issue

Sat Oct 01, 2022 7:57 am

Hi,

I have an l2tp server configured on a RB750GR3 running RouterOS 7.5. I'm connecting to that router from a RB750GL running RouterOS 6.48.6.

If I don't turn on IPSEC from the client side ( server side is set to "Yes" and not "Required" ), the authentication succeeds. If I turn on IPSEC on the client, then I have the following issue.

***** RB750GR3 ( Server Side ) ********
sep/30 20:09:23 l2tp,ppp,debug,packet L2TPDBG===>: <auth mschap2>
sep/30 20:09:23 l2tp,ppp,debug L2TPDBG===>: <xxx.yyy.24.91>: LCP opened
sep/30 20:09:23 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:23 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:23 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:26 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:26 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:26 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:29 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:29 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:29 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:32 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:32 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:32 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:35 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:35 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:35 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:38 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:38 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:38 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:41 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:41 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:41 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:44 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:44 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:44 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:47 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:47 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:47 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:50 l2tp,ppp,debug,packet L2TPDBG===>: <xxx.yyy.24.91>: sent CHAP Challenge id=0x1
sep/30 20:09:50 l2tp,ppp,debug,packet L2TPDBG===>: <challenge len=16>
sep/30 20:09:50 l2tp,ppp,debug,packet L2TPDBG===>: <name staring3>
sep/30 20:09:53 l2tp,ppp,error <xxx.yyy.24.91>: authentication failed: peer didn't respond to CHAP challenge
sep/30 20:09:53 l2tp,ppp,error L2TPDBG===>: <xxx.yyy.24.91>: authentication failed: peer didn't respond to CHAP challenge

****** RB750GL, Client Side ******

sep/30 22:43:36 l2tp,ppp,debug,packet L2TPDBG===>: <auth mschap2>
sep/30 22:43:36 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:43:39 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:43:42 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:43:45 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:43:48 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:43:51 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:43:54 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:43:57 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:44:00 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:44:03 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: PPP received non-LCP packet (0xc223) when LCP not open
sep/30 22:44:06 l2tp,ppp,debug,packet L2TPDBG===>: l2tp-out3: rcvd LCP TermReq id=0x2
sep/30 22:44:06 l2tp,ppp,debug,packet L2TPDBG===>: authentication failed
sep/30 22:44:06 l2tp,ppp,debug,packet L2TPDBG===>: l2tp-out3: sent LCP TermAck id=0x2
sep/30 22:44:06 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: LCP lowerdown
sep/30 22:44:06 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: CCP close
sep/30 22:44:06 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: BCP close
sep/30 22:44:06 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: IPCP close
sep/30 22:44:06 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: IPV6CP close
sep/30 22:44:06 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: MPLSCP close
sep/30 22:44:06 l2tp,ppp,info l2tp-out3: terminating...
sep/30 22:44:06 l2tp,ppp,info L2TPDBG===>: l2tp-out3: terminating...
sep/30 22:44:06 l2tp,debug,packet L2TPDBG===>: sent control message to xxx.yyy.122.28:1701 from xxx.yyy.24.91:1701
sep/30 22:44:06 l2tp,debug,packet L2TPDBG===>: tunnel-id=10, session-id=9, ns=4, nr=2
sep/30 22:44:06 l2tp,debug,packet L2TPDBG===>: (M) Message-Type=CDN
sep/30 22:44:06 l2tp,debug,packet L2TPDBG===>: (M) Result-Code=1
sep/30 22:44:06 l2tp,debug,packet L2TPDBG===>: (M) Assigned-Session-ID=1
sep/30 22:44:06 l2tp,debug L2TPDBG===>: session 1 entering state: stopping
sep/30 22:44:06 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: LCP lowerdown
sep/30 22:44:06 l2tp,ppp,debug L2TPDBG===>: l2tp-out3: LCP down event in starting state
sep/30 22:44:06 l2tp,ppp,info l2tp-out3: disconnected

It appears that the client is not responding to the MSCHAP2 challenge sent from the server router.

For reference, I have another RB750GR3 on another public IP address running RouterOS 6.48.6 on the server side with the same configuration that the same client router can connect to with IPSEC with no issues. Because of that, I'm wondering if this is a difference in RouterOS 7.5 that is causing the client side to not be able to successfully complete an IPSEC connection over L2TP.

Any suggestions are appreciated!!
 
Babujnik
newbie
Posts: 32
Joined: Fri May 05, 2017 2:15 pm

Re: l2tp with ipsec mschap2 auth issue

Wed Oct 05, 2022 7:26 pm

having same issue between RB760iGS and CHG, both on latest 7.5.
no idea about your case, but in my situation, devices in the end manage to establish connection. sometimes takes 10min, sometimes 40

Who is online

Users browsing this forum: Amazon [Bot], keithy and 74 guests