[pptp-server] PPTP and encryption...

Ledbetter, Brian bledbetter at ael-peo.com
Wed Dec 22 09:46:25 CST 1999 

I have a FreeBSD 3.3-RELEASE box running a custom-compiled pppd-2.3.8
with the MSCHAP and MPPE patches, and with PoPToP 1.0, both compiled as 
described on the PoPToP web page.  The problem I'm encountering is this:
When connecting to the VPN server, unencrypted authentication (i.e. CHAP)
works okay, but encrypted (MSCHAP,MSCHAP-V2) authentication fails.  Enclosed
are my configuration files.  Anyone have any ideas on what would be causing
this strangeness?

---------8< /etc/ppp/options -----------
asyncmap 0
lock
debug
name vpn-01
+chapms-v2
mppe-40
mppe-128
mppe-stateless
proxyarp
ms-wins {x.x.x.x}  ## (Commented out for security's sake...)
ms-wins {x.x.x.x}
ms-dns {x.x.x.x}
-------->8------------------------------

I've enabled +chap and +chapms to test unencrypted connnections, and
it functions.  For some reason, chapms-v2 doesn't work...


---------8< tail /var/log/ppp.log ------
Dec 22 07:21:46 garconpoint pppd[6966]: pppd 2.3.8 started by root, uid 0
Dec 22 07:21:46 garconpoint pppd[6966]: Using interface ppp0
Dec 22 07:21:46 garconpoint pppd[6966]: Connect: ppp0 <--> /dev/ttyp1
Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0x54e90ce> <pcomp> <accomp>]
Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfNak id=0x1 <auth chap 81>]
Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x54e90ce> <pcomp> <accomp>]
Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x54e90ce> <pcomp> <accomp>]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x1 <magic 0x1e185ff8> <pcomp> <accomp> <callback CBCP> < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>]
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfRej id=0x1 <callback CBCP> < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x2 <magic 0x1e185ff8> <pcomp> <accomp>]
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfAck id=0x2 <magic 0x1e185ff8> <pcomp> <accomp>]
Dec 22 07:21:48 garconpoint pppd[6966]: peer refused to authenticate: terminating link
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x3 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30]
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x4 0c 03 00 12 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x4 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53]
Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x5 0c 04 00 17 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [CCP ConfReq id=0x5 < 12 06 01 00 00 01>]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP TermAck id=0x3 "peer refused to authenticate"]
Dec 22 07:21:48 garconpoint pppd[6966]: Connection terminated.
Dec 22 07:21:48 garconpoint pppd[6966]: Exit.
-------->8------------------------------

(Is the <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> ...  line normal?  I have an
address configured in /etc/ppp/options...)


---------8< tail /var/log/pptpd.log ----
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Starting call (launching pppd, opening GRE)
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: pty_fd = 5
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: tty_fd = 6
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: I wrote 32 bytes to the client.
Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): Connection speed = 115200
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Sent packet to client
Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): local address = {x.x.x.x}
Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): remote address = {x.x.x.x}
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15)
Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Got a SET LINK INFO packet with standard ACCMs
Dec 22 07:21:46 garconpoint pptpd[6965]: GRE: Discarding duplicate packet
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15)
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Dec 22 07:21:48 garconpoint pptpd[6965]: GRE: read(fd=5,buffer=804d1f0,len=8196) from PTY failed: status = 0 error = No error
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Client {x.x.x.x} control connection finished
Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Exiting now
Dec 22 07:21:48 garconpoint pptpd[6958]: MGR: Reaped child 6965
-------->8------------------------------

Client-side system is a Win2k Advanced Server Beta 3 system, configured
with PPTP support.  Also has been tried with Win98-SE and WinNT 4.0 to no
avail.

Any information provided would help greatly!

== ___ ==== _ ============================================================
  / _ )____(_)__ ____ 				        Brian C. Ledbetter
 / _  / __/ / _ `/ _ \				 American Employee Leasing
/____/_/ /_/\_,_/_//_/			        Network Guru, Slayer of NT
=[bledbetter at ael-peo.com]==============[http://www.shadowcom.net/~brian]==

More information about the pptp-server mailing list