[pptp-server] pptp client problems

Andrew F. Nelson anelso1 at isd.net
Sat Feb 19 08:34:23 CST 2000


You hit it on the head when you said the noauth bit.  I needed "TWO" lines
in my chap-secrets files for things to work.  (Windows doesn't care so it
works with one.)

Here is what both machines should have in their chap-secrets file:

chap-secrets:
clientname	*	clientsecret	*
servername	*	serversecret	*

Then start pptp like this: pptp <hostname of server> user clientname.

Whatever you set your "name" parm to on the server needs to be in the
chap-secrets file on BOTH machines so that the server can authenticate its
secret back to the client.  When I added the second line everything went
hunky dorie!

Thanks for the help all.

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Cowles, Steve
> Sent: Friday, February 18, 2000 11:47 PM
> To: 'pptp-server at lists.schulte.org'
> Subject: RE: [pptp-server] pptp client problems
>
>
>
> I just went through this night-mare last week with basically the
> same setup
> as yours. e.g. RH6.1 and all the patches. Had Win98/WinNT clients working
> just fine. After many tests with a friend (in debug mode) we
> discovered that
> Windows Dialup Networking is also operating in "noauth" mode. <groan>. In
> fact the pppd documentation is a little confusing with regards to the
> name/user/remotename options. One thing we discovered during out
> testing was
> when we connected to an NT based RAS server using the pptp client, the NT
> RAS server returned "name" as NULL. We had to specify our login
> name for the
> "name" parameter on the pptp command line. PPPD on the other
> hand, returned
> the name correctly. e.g. the hostname. This caused all kinds of problems
> when pppd scanned the chap-secrets file looking for a match. Talk about
> consistency!!!
>
> Anyway, to make a long story short... I had to set the server side up
> (options) with "auth" and the client side with "noauth". Your chap-secrets
> file looks OK. Also, I don't use the name parameter in the either options
> file. This seems to make it a little more universal when
> connecting between
> a linux based and an NT based PPTP servers. e.g. specify these
> parameters on
> the command line.
>
> ================================
> /etc/ppp/options on client side
> lock
> auth
> +chap
> +chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
>
> /etc/ppp/chap-secrets
> scowles  * password *
> COWLES\\scowles  * password *
>
> I invoked pptp as follows:
>
> pptp enterprise name enterpise user COWLES\\scowles
>   or
> pptp enterprise name enterpise user scowles
>
> enterprise is my poptop/pppd server's hostname.
>
>
> Your milege may vary, but the above worked for me. Good luck.
>
> Steve Cowles
>
>
> -----Original Message-----
> From: Andrew F. Nelson [mailto:anelso1 at isd.net]
> Sent: Friday, February 18, 2000 9:48 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] pptp client problems
>
>
> I am trying to connect two linux boxes together to link two different
> private subnets.  I have the server working with a Win98 VPN client with
> MSCHAP and encrption just fine.  I am trying to get the same thing working
> with a Linux client.
>
> I am running RedHat-6.1 on both machines.  The server is an intel box and
> the client is a sparc.  Both machines are running ppp-2.3.10 with the mppe
> patch and SSLeay-0.9.0b.  The client is using pptp-linux-1.0.2 and the
> server is running PopTop 1.0.0
>
> If I turn both machines to "noauth" things work just fine, but
> that is a bit
> ugly.  It does prove that my networking is kosher between the two boxes
> though.  I have tried doing noauth on one of the two in both combos to no
> avail.  I included debug output for both machines below.  Pap
> does not work
> either, but I have that turned off in the configs I pasted here.
> What am I
> missing?  /etc/ppp/option
>
> /etc/ppp/options on client:
> lock
> auth
> debug
> refuse-pap
> +chap
> +chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
>
> /etc/ppp/options on server:
> name EGC
> debug
> lock
> noauth
> refuse-pap
> +chap
> +chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
> ms-wins 192.168.1.254
> ms-dns 192.168.1.254
> ms-dns 208.153.200.254
> proxyarp
>
> /etc/ppp/chap-secrets on both:
> nelson 		*	MYPASSWD            	*
>
> The client was started with:
> pptp <server ip> user nelsonnet2
>
> CLIENT:
> Feb 18 13:51:25 nelsonnet2 pppd[6717]: pppd 2.3.10 started by root, uid 0
> Feb 18 13:51:25 nelsonnet2 pppd[6717]: Using interface ppp0
> Feb 18 13:51:25 nelsonnet2 pppd[6717]: Connect: ppp0 <--> /dev/ttya0
> Feb 18 13:51:25 nelsonnet2 pppd[6717]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth chap 81> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:25 nelsonnet2 pppd[6717]: Timeout 0x18904:0x54560 in
> 3 seconds.
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: rcvd [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth chap 81> <magic 0x4a2ee0e5> <pcomp> <accomp>]
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: lcp_reqci: returning CONFACK.
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: sent [LCP ConfAck id=0x1 <asyncmap
> 0x0> <auth chap 81> <magic 0x4a2ee0e5> <pcomp> <accomp>]
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth chap 81> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: Timeout 0x18904:0x54560 in
> 3 seconds.
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: rcvd [LCP ConfRej id=0x1 <auth chap
> 81>]
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: Untimeout 0x18904:0x54560.
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: sent [LCP ConfReq id=0x2 <asyncmap
> 0x0> <auth chap m$oft> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: Timeout 0x18904:0x54560 in
> 3 seconds.
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: rcvd [LCP ConfRej id=0x2 <auth chap
> m$oft>]
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: Untimeout 0x18904:0x54560.
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: sent [LCP ConfReq id=0x3 <asyncmap
> 0x0> <auth chap MD5> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:28 nelsonnet2 pppd[6717]: Timeout 0x18904:0x54560 in
> 3 seconds.
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: rcvd [LCP ConfRej id=0x3 <auth chap
> MD5>]Feb 18 13:51:29 nelsonnet2 pppd[6717]: Untimeout 0x18904:0x54560.
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: sent [LCP ConfReq id=0x4 <asyncmap
> 0x0> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: Timeout 0x18904:0x54560 in
> 3 seconds.
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: rcvd [LCP ConfAck id=0x4 <asyncmap
> 0x0> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: Untimeout 0x18904:0x54560.
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: peer refused to authenticate:
> terminating link
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: sent [LCP TermReq id=0x5 "peer
> refused to authenticate"]
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: Timeout 0x18904:0x54560 in
> 3 seconds.
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: rcvd [CHAP Challenge id=0x1
> <78af634d1b856555d5da7fef07ac90f5>, name = "EGC"]
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: get_input: Received non-LCP packet
> when LCP not open.
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: rcvd [LCP TermAck id=0x5]
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: Untimeout 0x18904:0x54560.
> Feb 18 13:51:29 nelsonnet2 pppd[6717]: Connection terminated.
> Feb 18 13:51:30 nelsonnet2 pppd[6717]: Exit.
>
> SERVER:
> Feb 18 13:51:25 fw pppd[25486]: pppd 2.3.10 started by root, uid 0
> Feb 18 13:51:25 fw pppd[25486]: Using interface ppp0
> Feb 18 13:51:25 fw pppd[25486]: Connect: ppp0 <--> /dev/pts/4
> Feb 18 13:51:25 fw pppd[25486]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
> <auth chap 81> <magic 0x4a2ee0e5> <pcomp> <accomp>]
> Feb 18 13:51:25 fw pppd[25486]: Timeout 0x8050164:0x8077400 in 3 seconds.
> Feb 18 13:51:27 fw pptpd[25485]: GRE: Discarding duplicate packet
> Feb 18 13:51:28 fw pppd[25486]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
> <auth chap 81> <magic 0x4a2ee0e5> <pcomp> <accomp>]
> Feb 18 13:51:28 fw pppd[25486]: Timeout 0x8050164:0x8077400 in 3 seconds.
> Feb 18 13:51:28 fw pppd[25486]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
> <auth chap 81> <magic 0x4a2ee0e5> <pcomp> <accomp>]
> Feb 18 13:51:28 fw pppd[25486]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0>
> <auth chap 81> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:28 fw pppd[25486]: lcp_reqci: returning CONFREJ.
> Feb 18 13:51:28 fw pppd[25486]: sent [LCP ConfRej id=0x1 <auth chap 81>]
> Feb 18 13:51:28 fw pppd[25486]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0>
> <auth chap m$oft> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:28 fw pppd[25486]: lcp_reqci: returning CONFREJ.
> Feb 18 13:51:28 fw pppd[25486]: sent [LCP ConfRej id=0x2 <auth
> chap m$oft>]
> Feb 18 13:51:28 fw pppd[25486]: rcvd [LCP ConfReq id=0x3 <asyncmap 0x0>
> <auth chap MD5> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:28 fw pppd[25486]: lcp_reqci: returning CONFREJ.
> Feb 18 13:51:28 fw pppd[25486]: sent [LCP ConfRej id=0x3 <auth chap MD5>]
> Feb 18 13:51:29 fw pppd[25486]: rcvd [LCP ConfReq id=0x4 <asyncmap 0x0>
> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:29 fw pppd[25486]: lcp_reqci: returning CONFACK.
> Feb 18 13:51:29 fw pppd[25486]: sent [LCP ConfAck id=0x4 <asyncmap 0x0>
> <magic 0x21353157> <pcomp> <accomp>]
> Feb 18 13:51:29 fw pppd[25486]: Untimeout 0x8050164:0x8077400.
> Feb 18 13:51:29 fw pppd[25486]: sent [CHAP Challenge id=0x1
> <78af634d1b856555d5da7fef07ac90f5>, name = "EGC"]
> Feb 18 13:51:29 fw pppd[25486]: Timeout 0x8055870:0x80776e0 in 3 seconds.
> Feb 18 13:51:29 fw pppd[25486]: rcvd [LCP TermReq id=0x5 "peer refused to
> authenticate"]
> Feb 18 13:51:29 fw pppd[25486]: LCP terminated by peer (peer refused to
> authenticate)
> Feb 18 13:51:29 fw pppd[25486]: Untimeout 0x8055870:0x80776e0.
> Feb 18 13:51:29 fw pppd[25486]: Timeout 0x8050164:0x8077400 in 3 seconds.
> Feb 18 13:51:29 fw pppd[25486]: sent [LCP TermAck id=0x5]
> Feb 18 13:51:32 fw pppd[25486]: Connection terminated.
> Feb 18 13:51:32 fw pptpd[25427]: MGR: Reaped child 25485
> Feb 18 13:51:32 fw pptpd[25485]: GRE: read(fd=4,buffer=804d7e0,len=8196)
> from PTY failed: status = -1 error = Input/output error
> Feb 18 13:51:32 fw pptpd[25485]: CTRL: PTY read or GRE write failed
> (pty,gre)=(4,5)
> Feb 18 13:51:32 fw pptpd[25485]: CTRL: Client 198.144.0.22 control
> connection finished
> Feb 18 13:51:32 fw pptpd[25485]: CTRL: Exiting now
> Feb 18 13:51:32 fw pppd[25486]: Exit.
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>





More information about the pptp-server mailing list