Vyatta/VyOS/Ubiquiti VPN clients
First, download and run our RADIUS proxy.
UPDATE: Use the following CLI command (from this page):
set vpn l2tp remote-access authentication require pap
OLD INFO: Vyatta-derived L2TP/ipsec VPN servers are hard-coded to require MS-CHAP password authentication. Unfortunately neither our cloud-hosted RADIUS nor our RADIUS proxy can support this.
Because Vyatta is ultimately just a Linux box, this is a pretty easy fix.
First, download and run our RADIUS proxy.
# sudo vi /opt/vyatta/share/perl5/Vyatta/L2TPConfig.pm
Find the line that says "refuse pap = yes" and change it to "require pap = yes". Now modify the Vyatta VPN configuration to use the local machine (127.0.0.1) as the RADIUS host. Once the configuration is saved, the underlying config files are re-generated and PAP will be enabled.
Security notice
PAP (Password Authentication Protocol) is an insecure protocol. However, because these VPNs use L2TP on top of ipsec, the transmission is encrypted.
Updated 10 months ago