Great. thanks, will change the template.
have made very simple hack
[ppp]
{% if ccp_disable or (auth_mode == 'radius') %}
ccp=0
{% endif %}It seems i didn’t have the right to create phabricator topics.
Will be highly appreciated to you do so.
Thanks
Note: for l2tp we can disable CCP by following command
set vpn l2tp remote-access ccp-disable
Something went wrong 
vyos@VWF186:~$ configure
[edit]
vyos@VWF186# set vpn l2tp remote-access ccp-disable
[edit]
vyos@VWF186# commit
[ vpn l2tp ]
VyOS had an issue completing a command.
We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Make sure you are running the latest version of the code available at
https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
- Consult the forum to see how to handle this issue
https://forum.vyos.io
- Join our community on slack where our users exchange help and advice
https://vyos.slack.com
When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
business policy requires it)
- and include all the information presented below
Report Time: 2020-06-16 12:53:52
Image Version: VyOS 1.3-rolling-202006160117
Release Train: equuleus
Built by: autobuild@vyos.net
Built on: Tue 16 Jun 2020 01:17 UTC
Build UUID: 0d4bfbf2-1fd2-4165-8f64-28dc2d08672d
Build Commit ID: 1dfa9a3c7cce72
Architecture: x86_64
Boot via: installed image
System type: Xen HVM guest
Hardware vendor: Xen
Hardware model: HVM domU
Hardware S/N: 9b365372-9071-cc5e-1b20-0722ec376886
Hardware UUID: 9b365372-9071-cc5e-1b20-0722ec376886
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/vpn_l2tp.py", line 371, in <module>
c = get_config()
File "/usr/libexec/vyos/conf_mode/vpn_l2tp.py", line 281, in get_config
l2tp[['ccp_disable']] = True
TypeError: unhashable type: 'list'
[[vpn]] failed
Commit failed
[edit]
vyos@#Yes, typo in /usr/libexec/vyos/conf_mode/vpn_l2tp.py . We need to delete redundancy [ ]
l2tp['ccp_disable'] = True
I will create a task on the phabricator
Hi, did you also get it working using radius authentication? I have the same problem and got it working with disabling mppe and ccp as long as I don’t enable radius authentication. When I enable radius it stops working. If you got it working, would you mind sharing your config, and also the Windows config for NPS (if you have done anything special there).
The latest rolling already has fixes for disabling CCP.
I can get a working router in my LAB with enable or disable CCP with RADIUS or local user, does not matter.
Tell me how to reproduce your issue.
Hi Dimitry, thanks for taking the time to answer and try to solve the issues. I posted quite a long response in L2TP/SSTP - can't get traffic routed or passed over the VPN connection - #13 by klase yesterday with info on my problem, configuration and log-files.
I will download the latest rolling release and test if there are any differences later this evening.
Tested with the latest rolling. I can confirm that CCP disable works as expected.
As long as I use local user authentication it works perfect.
When I switch to radius it stops working.
The client (Win10) will authenticate and get an IP-address, but I can not reach anything on “the other side”. Looking on the vyos server there is no l2tp interface for the connection (there is an interface created, but it does not have any ip-address assignment). The only difference in the configuration is switching to radius (Windows Server 2019 Network Policy Server).
I comment the authentication section in the config below and uncomment the “local” authenticate section - everything else stays the same:
l2tp {
remote-access {
authentication {
mode radius
mppe deny
radius {
nas-identifier x.x.96.14
server x.x.96.60 {
key RadiusSecret
}
timeout 300
}
}
ccp-disable
/* authentication {
local-users {
username test {
password testpassword
}
}
mode local
}
*/
client-ip-pool {
subnet 172.22.0.0/16
}
gateway-address 10.255.255.0
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret L2TP4MFA!safe#2
}
ike-lifetime 3600
}
name-server x.x.96.74
name-server x.x.96.35
outside-address x.x.96.14
}
}
The settings on my NPS Server are as below screenshots show
The “TypeError: unhashable type: ‘list’” error message in Python occurs when you try to use a mutable object (such as a list) as a key in a dictionary. Since dictionaries use keys to index values, keys must be hashable objects, meaning they must be immutable (i.e. their value cannot be changed). Lists are mutable, so they cannot be used as dictionary keys. To fix the error, use an immutable object like a tuple, string, or number as the dictionary key instead.
To resolve the TypeError: unhashable type: ‘list’ error, you need to use an immutable object as a key in a dictionary instead of a mutable one like a list. For example, you can use tuples, strings, or numbers as keys, which are all hashable objects.
d = {[1, 2, 3]: "list_key"} //Using a list as a key in a dictionary
//This will raise the TypeError: unhashable type: 'list' error
d = {(1, 2, 3): "tuple_key"} //Using a tuple as a key in a dictionary
//This will work fine as tuples are hashable
With all my respect to you replay, this thread not about Python programming technic but Vyos
Since that time everything has been changed and now this error is gone, AFAIR.