When I upgraded ppp from 2.4.9-r9, openfortivpn started failing connects, reporting "Peer refused to agree to his IP address". Since the newer ppp requires 4 new kernel flags compared to the old version (PPP_SYNC_TTY, PPP_MPPE, PPPEO and PPPOATM), I enabled them and re-emerged several packages. But I got back to a working VPN only by downgrading back to the older version. That's the facts, and then some speculation: By diffing the ppp sources I saw that file ipcp.c has started requesting WINS addresses (if configured - I don't know how the gentoo package configures it) from the server. And the statement that prints the mentioned error message is new code here. So I speculate that the newer ppp requests WINS addresses, and when the server denies them, the client does not connect. (Who uses WINS addresses anyway?) Reproducible: Always Steps to Reproduce: 1. emerge ppp-2.5.0-r2 instead of ppp-2.4.9-r9 2. try to open VPN with openfortivpn Actual Results: Openfortivpn prints "Peer refused to agree to his IP address" and fails to connect. Expected Results: No errors, VPN connection established.
The WINS address stuff is only enabled if the "usepeerwins" option is enabled via /etc/ppp/options or the pppd command line.
What version of openfortivpn are you using?
I would suggest working with openfortivpn upstream on this.
Try adding these options to /etc/ppp/options: ipcp-accept-local ipcp-accept-remote
I think this will fix it: https://github.com/adrienverge/openfortivpn/pull/1111
(In reply to Mike Gilbert from comment #2) > What version of openfortivpn are you using? I'm using openfortivpn-1.19.0. I noticed that "emerge -avuDN --with-bdeps=y world" proposes now a newer 1.20.2 that depends on <net-dialup/ppp-2.5.0, so updating the world shouldn't break things, for now.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44281f12d6e8cd62c1919b5a4fe8274346fc2cd9 commit 44281f12d6e8cd62c1919b5a4fe8274346fc2cd9 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2023-06-01 18:50:21 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2023-06-01 18:50:21 +0000 net-vpn/openfortivpn: fix for ppp-2.5.0 Closes: https://bugs.gentoo.org/907404 Signed-off-by: Mike Gilbert <floppym@gentoo.org> ...enfortivpn-1.20.3-pppd-ipcp-accept-remote.patch | 33 ++++++++++++++++++++++ ...1.20.3.ebuild => openfortivpn-1.20.3-r1.ebuild} | 1 + 2 files changed, 34 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6cb583d41625834a0e64d93c1fa095ab905df5b commit d6cb583d41625834a0e64d93c1fa095ab905df5b Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2023-06-01 19:13:50 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2023-06-01 19:13:50 +0000 net-vpn/openfortivpn: drop version cap on net-dialup/ppp Bug: https://bugs.gentoo.org/907404 Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../{openfortivpn-1.20.3-r1.ebuild => openfortivpn-1.20.3-r2.ebuild} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
