[pptp-server] PPTP and encryption...
Ledbetter, Brian
bledbetter at ael-peo.com
Wed Dec 22 09:46:25 CST 1999
I have a FreeBSD 3.3-RELEASE box running a custom-compiled pppd-2.3.8
with the MSCHAP and MPPE patches, and with PoPToP 1.0, both compiled as
described on the PoPToP web page. The problem I'm encountering is this:
When connecting to the VPN server, unencrypted authentication (i.e. CHAP)
works okay, but encrypted (MSCHAP,MSCHAP-V2) authentication fails. Enclosed
are my configuration files. Anyone have any ideas on what would be causing
this strangeness?
---------8< /etc/ppp/options -----------
asyncmap 0
lock
debug
name vpn-01
+chapms-v2
mppe-40
mppe-128
mppe-stateless
proxyarp
ms-wins {x.x.x.x} ## (Commented out for security's sake...)
ms-wins {x.x.x.x}
ms-dns {x.x.x.x}
-------->8------------------------------
I've enabled +chap and +chapms to test unencrypted connnections, and
it functions. For some reason, chapms-v2 doesn't work...
---------8< tail /var/log/ppp.log ------
Dec 22 07:21:46 garconpoint pppd[6966]: pppd 2.3.8 started by root, uid 0
Dec 22 07:21:46 garconpoint pppd[6966]: Using interface ppp0
Dec 22 07:21:46 garconpoint pppd[6966]: Connect: ppp0 <--> /dev/ttyp1
Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0x54e90ce> <pcomp> <accomp>]
Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfNak id=0x1 <auth chap 81>]
Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x54e90ce> <pcomp> <accomp>]
Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x54e90ce> <pcomp> <accomp>]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x1 <magic 0x1e185ff8> <pcomp> <accomp> <callback CBCP> < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>]
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfRej id=0x1 <callback CBCP> < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x2 <magic 0x1e185ff8> <pcomp> <accomp>]
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfAck id=0x2 <magic 0x1e185ff8> <pcomp> <accomp>]
Dec 22 07:21:48 garconpoint pppd[6966]: peer refused to authenticate: terminating link
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x3 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30]
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x4 0c 03 00 12 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x4 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53]
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x5 0c 04 00 17 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [CCP ConfReq id=0x5 < 12 06 01 00 00 01>]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP TermAck id=0x3 "peer refused to authenticate"]
Dec 22 07:21:48 garconpoint pppd[6966]: Connection terminated.
Dec 22 07:21:48 garconpoint pppd[6966]: Exit.
-------->8------------------------------
(Is the <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> ... line normal? I have an
address configured in /etc/ppp/options...)
---------8< tail /var/log/pptpd.log ----
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Starting call (launching pppd, opening GRE)
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: pty_fd = 5
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: tty_fd = 6
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: I wrote 32 bytes to the client.
Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): Connection speed = 115200
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Sent packet to client
Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): local address = {x.x.x.x}
Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): remote address = {x.x.x.x}
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15)
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Dec 22 07:21:46 garconpoint pptpd[6965]: GRE: Discarding duplicate packet
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15)
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Dec 22 07:21:48 garconpoint pptpd[6965]: GRE: read(fd=5,buffer=804d1f0,len=8196) from PTY failed: status = 0 error = No error
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Client {x.x.x.x} control connection finished
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Exiting now
Dec 22 07:21:48 garconpoint pptpd[6958]: MGR: Reaped child 6965
-------->8------------------------------
Client-side system is a Win2k Advanced Server Beta 3 system, configured
with PPTP support. Also has been tried with Win98-SE and WinNT 4.0 to no
avail.
Any information provided would help greatly!
== ___ ==== _ ============================================================
/ _ )____(_)__ ____ Brian C. Ledbetter
/ _ / __/ / _ `/ _ \ American Employee Leasing
/____/_/ /_/\_,_/_//_/ Network Guru, Slayer of NT
=[bledbetter at ael-peo.com]==============[http://www.shadowcom.net/~brian]==
More information about the pptp-server
mailing list