[pptp-server] problems installing mppe patch to PPP
Emir Toktar
toktar at per.com.br
Wed Mar 15 18:55:10 CST 2000
problems installing mppe patch to PPPI think that the error is on client side or you recompile with MS-CHAP different version that you is using on clients. Look the log if is <auth 80> or <auth 81>, or be, ms-chap v1 or v2, and there are a bit different between them.
" Where possible, MS-CHAP-V2 is consistent with both MS-CHAP-V1 and standard CHAP. Briefly, the differences between MS-CHAP-V2 and MS-CHAP- V1 are:
* MS-CHAP-V2 is enabled by negotiating CHAP Algorithm 0x81 in LCP option 3, Authentication Protocol.
* MS-CHAP-V2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator reponse on the Success packet.
* The calculation of the "Windows NT compatible challenge response" sub-field in the Response packet has been changed to include the peer challenge and the user name.
* In MS-CHAP-V1, the "LAN Manager compatible challenge response" sub-field was always sent in the Response packet. This field has been replaced in MS-CHAP-V2 by the Peer-Challenge field.
* The format of the Message field in the Failure packet has been changed.
* The Change Password (version 1) and Change Password (version 2) packets are no longer supported. They have been replaced with a single Change-Password packet.
The LCP configuration for MS-CHAP-V2 is identical to that for standard CHAP, except that the Algorithm field has value 0x81, rather than the MD5 value 0x05. PPP implementations which do not support MS-CHAP-V2, but correctly implement LCP Config-Rej, should have no problem dealing with this non-standard option."
There are updates to MS DUN that cause any problems and disconections without sense (???). I had one problem similar this the last year and after I update the DUN worked fine.
Emir Toktar
+55 2141 232-4570
toktar at per.com.br
emir.toktar at bra.xerox.com
toktar at ppgia.pucpr.br
----- Original Message -----
From: Jandeep Kang
To: 'Emir Toktar'
Cc: Pptp Mailing List (E-mail)
Sent: Wednesday, 15 March, 2000 9:34 PM
Subject: RE: [pptp-server] problems installing mppe patch to PPP
It worked! but no encryption
thanks for all your help. i have applied the patch, recompiled the pppd and installed it.
Now from a win98 SE i can connect to the pptp server but if i select 'data encryption' on the client side it gives me an error soemthing like the 'server doesn't support this type of encryption' i will post the exact error message and number tomorrow. my guess is the encryption is not working or the client side is not properly configured.
I have got the zip file but haven't gone through that yet.
any ideas about encryption stuff? how exactly do you verify that the data is encrypted?
once again thanks a lot for all help, past and future.
Jandeep.
-----Original Message-----
From: Emir Toktar [mailto:toktar at per.com.br]
Sent: Thursday, March 16, 2000 7:23 AM
To: Jandeep Kang
Subject: Re: [pptp-server] problems installing mppe patch to PPP
Can you have send me the log's and config files?
By the way, do you receive the word file with sript (not finished yet...) and it's clear? Any sugestion.
Bye
Emir Toktar.
Wednesday, 15 March, 2000 09:23 PM
----- Original Message -----
From: Jandeep Kang
To: 'Emir Toktar'
Sent: Wednesday, 15 March, 2000 3:23 PM
Subject: RE: [pptp-server] problems installing mppe patch to PPP
Well, i have got into trouble before that!
i have a linux machine which i want to use both as a firewall and a VPN server(with 2 NIC cards in it). when i try to connect to it from outside using a win 98 SE machine the error it gives me is "the user name/password is not valid on teh domain" but when i check the logs the problem is that "input/output error" the "GRE write failure" and teh control connection gets closed just after that.
what i am doing wrong??
thanks in advance.
-----Original Message-----
From: Emir Toktar [mailto:toktar at per.com.br]
Sent: Wednesday, March 15, 2000 8:25 AM
To: Jandeep Kang
Subject: Re: [pptp-server] problems installing mppe patch to PPP
Grab the mppe patch from http://www.moretonbay.com/vpn/releases/ and choise
<< save target as... >> on the link and save to directory, then applyed the patch.
"
...
To talk to the new driver, pppd needs to be able to open /dev/ppp,
character device (108,0). If the special file node /dev/ppp is not
present, pppd will create it. However, if you are running with /dev
on a read-only filesystem, pppd will not be able to create /dev/ppp.
In that instance you should manually create /dev/ppp using the command
`mknod /dev/ppp c 108 0'.
If you use module autoloading and have PPP as a module, you will need
to add the following to your /etc/modules.conf or /etc/conf.modules:
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias char-major-108 ppp_generic
...
"
------------------------------------------------------------------------
I will install this week Red Hat 6.1/updates and ppp-2.3.11 and I will
modify the code ppp_mppe.c to force Data Encryption option on client or
refuse conection it. MPPE_BIT_ENCRYPTED - Bit D set to "1"). A old question
"...to Know is about to refuse any conection different of the ms-chapv2
(with data encryption options set)..."
Other thing, I was out any time and see some old e-mail about <auth 0x80> or
<auth 0x81> and question if was stasteless mode or what....?
The option <auth 0x80> MSCHAP or MSCHAPv1 is enabled by negotiating CHAP
algorithm 0X80 and <auth 0x81> MSCHAPv2 is enabled by negotiating CHAP
algorithm 0X81.
Stateless mode ('H' bit is set 0x01) indicates that the sender wishes to
negotiate the use of stataless mode, in whith the session key is changed
after the TX fo each packet.
Sorry if this information above is not relevant!
----------------------------------------------------------------------------
If works, reply to me please.
Best Regards
Emir Toktar
----- Original Message -----
From: Jandeep Kang
To: 'Emir Toktar'
Sent: Tuesday, 14 March, 2000 9:41 PM
Subject: RE: [pptp-server] problems installing mppe patch to PPP
but it has got an extention "gz". i will try just applying the patch.
know anything about 128 bit encryption. where to get it?
Thanks, Jandeep.
-----Original Message-----
From: Emir Toktar [mailto:toktar at per.com.br]
Sent: Wednesday, March 15, 2000 7:40 AM
To: Jandeep Kang
Subject: Re: [pptp-server] problems installing mppe patch to PPP
This file is not gzip. Save the file and applied the path -p0< ....
Emir
----- Original Message -----
From: Jandeep Kang
To: Pptp Mailing List (E-mail)
Sent: Tuesday, 14 March, 2000 9:27 PM
Subject: [pptp-server] problems installing mppe patch to PPP
Hello everybody,
I have been trying to reinstall the pptp so I got ppp 2.3.10 and was trying to patch it with the mppe patch file from the www.moretonbay.com/vpn/releases
Web site. The problem is whichever way I download the ppp-2_3_10-openssl-norc4-mppe_patch.gz and when I try to gunzip it, it says it is not a valid gzip file!?
My guess is downloading via http to a win NT machine is corrupting the patch. Is it available somewhere else via ftp? How did you solve this problem?
Secondly, will this give me 40 bit encryption? Where do I get a patch if I have to do 128 bit encryption?
Please help.
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/331fe80a/attachment.html>
More information about the pptp-server
mailing list