[pptp-server] pptp client

Neale Banks neale at lowendale.com.au
Tue Feb 22 06:31:34 CST 2000


On Tue, 22 Feb 2000, Chad Miller wrote:

> Note:  I have tried auth/noauth in the options file, and various methods
> of setting up the chap-secrets file / starting it. [...]
[...]
> > 	I'm having problems getting pptp-linux-1.0.2 to connect to an NT
> > 4.0 PPTP server.  Is this even possible?  Anyways, my config is as listed
> > below.
> > 
> > Patched ppp-2.3.10 with ppp-2.3.10-openssl-norc4-mppe.patch  (for MSCHAP)
> > 
> > /etc/ppp/options -
> > lock
> > debug
> > auth
> > +chap
> > +chapms
> > +chapms-v2
> > mppe-40
> > mppe-128
> > mppe-stateless
> > 
> > /etc/ppp/chap-secrets (note - *'s are literal.. is this correct?)
> > cm4878          *       mypassword          *
> > GRUUV\\cm4878    *       mypassword          *
> > 
> > starting using ./pptp ipaddressofpptpserver user GRUUV\\cm4878
> > 
> > All I see in /var/log/messages is:
> > Feb 22 01:49:06 plextor pppd[3450]: pppd 2.3.10 started by root, uid 0
> > Feb 22 01:49:06 plextor pppd[3450]: Using interface ppp0
> > Feb 22 01:49:06 plextor pppd[3450]: Connect: ppp0 <--> /dev/ttya0
> > Feb 22 01:49:09 plextor pppd[3450]: peer refused to authenticate: terminating link
                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This looks like the pptp (linux client) machine is insisting that the NT
server provide authentication - when the NT refuses to participate in
this, the ppp link is torn down from the linux side...

> > Feb 22 01:49:09 plextor pppd[3450]: Connection terminated.
> > Feb 22 01:49:10 plextor pppd[3450]: Exit. 
> > 
> > 
> > What the heck am I missing?!?!?!?  Probably alot!  Any help appreciated.

It might be useful to see the logs with "noauth" and "debug" ppp options
on, e.g.:

	./pptp ipaddressofpptpserver user GRUUV\\cm4878 noauth debug

Also, looking at my ppp options file the comment for "+chap" is:

-------------------------------------------------------------------------
# Require the peer to authenticate itself using CHAP [Cryptographic
# Handshake Authentication Protocol] authentication.
#+chap
-------------------------------------------------------------------------

The key here is "Require the peer to authenticate itself..." - this could
also account for the "peer refused to authenticate" - perhaps try without
the "+chap" "+chapms" & "+chapms-v2" entries too?

As chap(or any other form of PPP authentication, e.g. PAP) is something
that is requested by the peer who wishes to do the authentication (in this
case the NT server) then it should be sufficient for your ppp to just
agree to do an acceptable variant of chap - in ppp options parlance this
should translate to *not* specifying and "-chap" ("Don't agree to
authenticate using CHAP") options.

HTH,
Neale.





More information about the pptp-server mailing list