L2TP/RADIUS use PAP flag
We use an openldap server to maintain our user accounts for a large infrastructure of Linux hosts. Because the unix passwords are hashed with MD5, our radius server has to have the plaintext password passed to it to perform authentication against our LDAP server - we can not use any of the challenge/response type systems for authentication.
The LDAP/Radius authentication system on the ASG expects to be able to use these challenge/response authentication protocols, and does not currently provide anyway to specify which to use from the UI. I can hack the /var/chroot-ipsec/ppp/options-default file and add stanzas like:
And after doing this, the ASG will use PAP to authenticate users to our Radius server (freeradius). However, when we upgrade the firmware, the defaults file gets over-written and then our L2TP VPN connections are broken until we go in and make the change again.
It would be absolutely fantastic if there was a simple dropdown menu on the Radius configuration that would set the authentication method to use, allowing us to specify that PAP is required.