(RADIATOR) Tunnel-Password

Jeroen Moetwil darkstar at linuxforge.net
Thu May 13 13:48:42 CDT 2004 

Hello,

We've been working on setting up a way to create a l2 tunnel between our
NAS and an l2tpd endpoint through Radius. This works fine using our own
max tnt. However, now we need to get it working through Ikano / Level 3.
The problem I'm running into is that the Ikano radius servers which also
run Radiator, are getting the Tunnel-Password encrypted. Level 3 needs it
in clear text so that it can authenticate correctly against our endpoint.

Here is a trace 4 log that I got from Ikano when we were testing this.. I
pulled the IP's out of the trace for security reasons


Wed May 12 14:55:55 2004: DEBUG: Packet dump:
*** Received from 69.80.0.34 port 1645 ....
Code:       Access-Accept
Identifier: 2
Authentic:  9=fu9U<170><202><162><234><23><147>.<21><222><211>
Attributes:
	Tunnel-Type = 0:L2TP
	Tunnel-Medium-Type = 0:IP
	Tunnel-Server-Endpoint = 0:x.x.x.x
	Tunnel-Password =
"<0><243><173>%;<157>|U<235><14>F:t(<227>|<7><215><232>"
	Tunnel-Client-Auth-ID = 0:username
	Service-Type = Framed-User
	Framed-Protocol = PPP


*** This is what we are sending to L3. Could the problem be with tagged
(0:L2TP) attributes?


Wed May 12 14:55:55 2004: DEBUG: Received reply in AuthRADIUS for req 2
from 69.80.0.34:1645
Wed May 12 14:55:55 2004: DEBUG: Access accepted for tun1 at infomagic.net
Wed May 12 14:55:55 2004: DEBUG: Packet dump:
*** Sending to 209.244.126.232 port 39486 ....
Code:       Access-Accept
Identifier: 196
Authentic:  n<21> 6<157>5<194><11><150><183>,O<9><153>"3
Attributes:
	Tunnel-Type = 0:L2TP
	Tunnel-Medium-Type = 0:IP
	Tunnel-Server-Endpoint = 0:x.x.x.x
	Tunnel-Password =
"<0><182><19><149>1<218><198><3>`<212><188>]Pj<189>T<234><183>2"
	Tunnel-Client-Auth-ID = 0:username
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Ascend-Data-Filter = ip in forward tcp est
	Ascend-Data-Filter = ip in forward dstip x.x.x.x
	Ascend-Data-Filter = ip in forward dstip x.x.x.x
	Ascend-Data-Filter = ip in forward dstip x.x.x.x
	Ascend-Data-Filter = ip in forward dstip x.x.x.x
	Ascend-Data-Filter = ip in drop tcp dstport=25
	Ascend-Data-Filter = ip in drop tcp srcport=80
	Ascend-Data-Filter = ip in forward
	Session-Timeout = 21600
	Idle-Timeout = 1200


Is there a way to send the tunnel password in clear text instead of
encrypted? I think it needs to be this way in order for my tunneling
endpoint to allow the NAS to create a tunnel to it.

Thank you,

Jeroen
Aspect 1

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list