1

I need to provide a remote access VPN service. I'd like very much to use JumpCloud.com to do the user database management. I'm trying to achieve the following:

  1. Provide l2tp+ipsec VPN service to users, hosted on Ubuntu 14.04 on AWS.
  2. Mac OSX clients seem to limit me to MSCHAPv2 authentication over the ipsec tunnel.
  3. Authenticate the users who's password is provided using MSCHAPv2 against the database hosted with JumpCloud. Either using LDAP (prefered) or RADIUS.

The problem I hit is basically that pppd for Linux doesn't seem to support all the required protocols:

  1. pppd 2.4.5 doesn't support LDAP authentication. It has a RADIUS plugin.
  2. JumpCloud tell me that I must use PEAP in order to authenticate with their RADIUS service.
  3. From looking at the sources of the pppd package, it doesn't seem to support PEAP.

The closest I found to supporting LDAP for pppd is this repo on github: https://github.com/dkruchinin/pppd-ldap but I'm hitting problems in compiling it.

Has anyone here managed to authenticate pppd users with MSCHAPv2 + LDAP/RADIUS+PEAP?

Amos Shapira
  • 839
  • 2
  • 11
  • 23
  • @MichaelHampton how would you do that if not with ppp? My understanding is that PPP is used by xl2tpd to fetch the authentication credentials from the vpn user and authenticate them against the user database. I admit ignorance in this area (last time I had to deal with PPP and RADIUS servers was literally 20 years ago while partnering in an ISP), but I started with https://github.com/hwdsl2/setup-ipsec-vpn and progressed from there. – Amos Shapira Aug 05 '16 at 11:55

0 Answers0