I've hit a bit of a wall digging around getting L2TP working with OpenBSD 5.1.
I've enabled pipex in kernel: # sysctl -a | grep -E '(pipex|gre)' net.inet.gre.allow=0 net.inet.gre.wccp=0 net.pipex.enable=1 Before anyone asks, yes, I had GRE enabled as well. But, I'm not looking to run PPTP via npppd, only L2TP. I've tested with it activated, and the config with pptpd.enabled: false I've configured a very basic npppd.conf, per the instructions in http://www.undeadly.org/cgi?action=article&sid=20120427125048 and http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/npppd/HOWTO_PIPEX_NPPPD.txt?rev=1.8 Everything connects, it appears to authenticate fine, but after that iOS attempts to negotiate ppp. I'm assuming this is the relevant part of the npppd debugging output (for my own privacy, I've replaced non-RFC addresses with A.B.C.D for the client and E.F.G.H for the server, respectively): 2012-08-15 08:37:03:NOTICE: l2tpd ctrl=2 logtype=Started RecvSCCRQ from=A.B.C.D:50002/udp tunnel_id=2/21 protocol=1.0 winsize=4 hostname=users-thing vendor=(no vendorname) firm=0000 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 SendSCCRP 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 RecvSCCN 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 SendZLB 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 call=9490 RecvICRQ session_id=948 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 call=9490 SendICRP session_id=9490 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 call=9490 RecvICCN session_id=948 calling_number= tx_conn_speed=1000000 framing=async 2012-08-15 08:37:03:NOTICE: l2tpd ctrl=2 call=9490 logtype=PPPBind ppp=1 2012-08-15 08:37:03:INFO: ppp id=1 layer=base logtype=Started tunnel=L2TP(A.B.C.D:50002) 2012-08-15 08:37:03:INFO: l2tpd ctrl=2 call=9490 SendZLB 2012-08-15 08:37:22:INFO: ppp id=1 layer=lcp logtype=Opened mru=1400/1400 auth=MS-CHAP-V2 magic=3adadd39/37d59f4b 2012-08-15 08:37:22:INFO: ppp id=1 layer=chap proto=mschap_v2 logtype=Success username="user" realm=local 2012-08-15 08:37:22:WARNING: ppp id=1 layer=base No interface binding. 2012-08-15 08:37:22:INFO: ppp id=1 layer=base unhandled protocol ip6cp, 32855(8057) 2012-08-15 08:37:22:INFO: l2tpd ctrl=2 call=9490 SendCDN result=ERROR_CODE/2 error=GENERIC_ERROR/6 messsage=Disconnected by local PPP 2012-08-15 08:37:22:NOTICE: l2tpd ctrl=2 call=9490 logtype=PPPUnbind 2012-08-15 08:37:22:NOTICE: ppp id=1 layer=base logtype=TUNNELUSAGE user="user" duration=19sec layer2=L2TP layer2from=A.B.C.D:50002 auth=MS-CHAP-V2 data_in=271bytes,12packets data_out=333bytes,15packets error_in=1 error_out=0 mppe=no iface=(not binding) 2012-08-15 08:37:22:INFO: l2tpd ctrl=2 call=9490 Received CDN in unexpected state=cleanup-wait 2012-08-15 08:37:22:INFO: l2tpd ctrl=2 RecvStopCCN result=UNKNOWN/256 error=UNKNOWN/28261 tunnel_id=21 message="cted" 2012-08-15 08:37:22:DEBUG: l2tpd ctrl=2 SendZLB 2012-08-15 08:37:22:NOTICE: l2tpd ctrl=2 logtype=Finished 2012-08-15 08:37:23:INFO: l2tpd Received from=A.B.C.D:42138: bad control message: tunnelId=2 is not found. mestype=CDN Isakmpd does throw some errors, but they don't seem to be related to anything except protocol negotiation. Aug 15 08:37:00 soekris isakmpd[1079]: attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC Aug 15 08:37:02 soekris isakmpd[1079]: isakmpd: phase 1 done (as responder): initiator id 10.70.108.213, responder id E.F.G.H, src: A.B.C.D dst: A.B.C.D Aug 15 08:37:02 soekris isakmpd[1079]: isakmpd: quick mode done (as responder): src: E.F.G.H dst: A.B.C.D It acts the same if pf is enabled or disabled. I'm debating if I should update to a snapshot or not, at this point. Due to the hardware being weak, and kind of old, I'd rather not have the debugging flags, etc, running a snapshot would entail. Any pointers on where to look would be appreciated. -jb npppd.conf: interface_list: tun0 interface.tun0.ip4addr: 172.23.0.1 # IP Address Pool pool.dyna_pool: 172.23.0.0/25 pool.pool: 172.23.0.128/25 # local file auth auth.local.realm_list: local auth.local.realm.acctlist: /etc/npppd/npppd-users.csv real.local.concentrate: tun0 lcp.mru: 1400 lcp.timeout: 18 auth.method: mschapv2 # auth.method: mschapv2 chap pap ipcp.assign_fixed: true ipcp.assign_userselect: true pptpd.enabled: false pptpd.ip4_allow: 0.0.0.0/0 #pptpd.listener_in: PPTP 192.168.0.1 # L2TP daemon l2tpd.enabled: true l2tpd.ip4_allow: 0.0.0.0/0 #l2tpd.listener_in: L2TP 192.168.0.1 l2tpd.purge_ipsec_sa: false l2tpd.require_ipsec: true l2tpd.accept_dialin: true pipex.enabled: true ipsec.conf: ike passive esp transport \ proto udp from A.B.C.D to any port 1701 \ main auth "hmac-sha1" enc "3des" group modp1024 \ quick auth "hmac-sha1" enc "aes" \ psk "PASSWORD"
