[pptp-server] PPTP and encryption...

Nathan Meyers nmeyers at javalinux.net
Wed Dec 22 15:20:47 CST 1999 

"Ledbetter, Brian" wrote:
> 
> I have a FreeBSD 3.3-RELEASE box running a custom-compiled pppd-2.3.8
> with the MSCHAP and MPPE patches, and with PoPToP 1.0, both compiled as
> described on the PoPToP web page.  The problem I'm encountering is this:
> When connecting to the VPN server, unencrypted authentication (i.e. CHAP)
> works okay, but encrypted (MSCHAP,MSCHAP-V2) authentication fails.  Enclosed
> are my configuration files.  Anyone have any ideas on what would be causing
> this strangeness?

Is your client running NT? If so, this looks similar (but not quite
identical) to the problem I reported a few days ago. There seems to be
some magic button to allow NT to use encryption with a PoPToP server,
but nobody has been able to name the button... some boxes happen to have
it, some do not.

Nathan


> 
> ---------8< /etc/ppp/options -----------
> asyncmap 0
> lock
> debug
> name vpn-01
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
> proxyarp
> ms-wins {x.x.x.x}  ## (Commented out for security's sake...)
> ms-wins {x.x.x.x}
> ms-dns {x.x.x.x}
> -------->8------------------------------
> 
> I've enabled +chap and +chapms to test unencrypted connnections, and
> it functions.  For some reason, chapms-v2 doesn't work...
> 
> ---------8< tail /var/log/ppp.log ------
> Dec 22 07:21:46 garconpoint pppd[6966]: pppd 2.3.8 started by root, uid 0
> Dec 22 07:21:46 garconpoint pppd[6966]: Using interface ppp0
> Dec 22 07:21:46 garconpoint pppd[6966]: Connect: ppp0 <--> /dev/ttyp1
> Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0x54e90ce> <pcomp> <accomp>]
> Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfNak id=0x1 <auth chap 81>]
> Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x54e90ce> <pcomp> <accomp>]
> Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x54e90ce> <pcomp> <accomp>]
> Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x1 <magic 0x1e185ff8> <pcomp> <accomp> <callback CBCP> < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>]
> Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfRej id=0x1 <callback CBCP> < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>]
> Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x2 <magic 0x1e185ff8> <pcomp> <accomp>]
> Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfAck id=0x2 <magic 0x1e185ff8> <pcomp> <accomp>]
> Dec 22 07:21:48 garconpoint pppd[6966]: peer refused to authenticate: terminating link
> Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
> Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x3 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30]
> Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x4 0c 03 00 12 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30]
> Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x4 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53]
> Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x5 0c 04 00 17 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53]
> Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [CCP ConfReq id=0x5 < 12 06 01 00 00 01>]
> Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
> Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP TermAck id=0x3 "peer refused to authenticate"]
> Dec 22 07:21:48 garconpoint pppd[6966]: Connection terminated.
> Dec 22 07:21:48 garconpoint pppd[6966]: Exit.
> -------->8------------------------------
> 
> (Is the <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> ...  line normal?  I have an
> address configured in /etc/ppp/options...)
> 
> ---------8< tail /var/log/pptpd.log ----
> Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Starting call (launching pppd, opening GRE)
> Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: pty_fd = 5
> Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: tty_fd = 6
> Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: I wrote 32 bytes to the client.
> Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): Connection speed = 115200
> Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Sent packet to client
> Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): local address = {x.x.x.x}
> Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): remote address = {x.x.x.x}
> Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15)
> Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Got a SET LINK INFO packet with standard ACCMs
> Dec 22 07:21:46 garconpoint pptpd[6965]: GRE: Discarding duplicate packet
> Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15)
> Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
> Dec 22 07:21:48 garconpoint pptpd[6965]: GRE: read(fd=5,buffer=804d1f0,len=8196) from PTY failed: status = 0 error = No error
> Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
> Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Client {x.x.x.x} control connection finished
> Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Exiting now
> Dec 22 07:21:48 garconpoint pptpd[6958]: MGR: Reaped child 6965
> -------->8------------------------------
> 
> Client-side system is a Win2k Advanced Server Beta 3 system, configured
> with PPTP support.  Also has been tried with Win98-SE and WinNT 4.0 to no
> avail.
> 
> Any information provided would help greatly!
> 
> == ___ ==== _ ============================================================
>   / _ )____(_)__ ____                                   Brian C. Ledbetter
>  / _  / __/ / _ `/ _ \                           American Employee Leasing
> /____/_/ /_/\_,_/_//_/                          Network Guru, Slayer of NT
> =[bledbetter at ael-peo.com]==============[http://www.shadowcom.net/~brian]==
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!

More information about the pptp-server mailing list