[pptp-server] Failed CCP on linux-2.4.9/MS VPN 128-bit
Allan Clark
allanc at caldera.com
Mon Nov 12 14:49:59 CST 2001
Hey everyone;
So I grabbed ppp-2.4.1, patched as per poptop.lineo.com, built a
ppp_mppe.o module in my kernel tree. I'm using linux-2.4.9 since that's
a Caldera 3.1.1 beta-2 release.
I've got poptop receiving a connection and authenticating, but it seems
to be rejecting CCP handshaking. The key parts are below, followed by
the full dump (it's a protected system, so nothing's really been
altered). The handshake seems to be saying:
Linux: req <mppe 1 0 0 60>
MSVPN: req <mppe 1 0 0 71>
Linux: no lzs
MSVPN: no <mppe 1 0 0 60>, how about <mppe 1 0 0 40>
Linux: req a config
MSVPN: <mppe 1 0 0 71>
Linux: no <mppe 1 0 0 71>, how about <mppe 1 0 0 60>
MSVPN: ok
Linux: huh? (Received bad configure-ack)
MSVPN: how about <mppe 1 0 0 40>
Linux: no <mppe 1 0 0 40>, how about <mppe 1 0 0 40>
MSVPN: how about no config
Linux: OK
MSVPN: disconnect...
(The client has "require encryption" activated)
Is this what's happening? For some reason, the client is never asking
for <mppe 1 0 0 20>, which seems to be 40-bit stateless MPPE from past
email on this list.
Any ideas?
Allan Clark
(as in "Allan's Blenderfier")
CCP part of the interaction:
> > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x1 <mppe 1 0 0 60>]
> > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 71> <lzs 0 1 4>]
> > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfRej id=0x1 <lzs 0 1 4>]
> > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfNak id=0x1 <mppe 1 0 0 40>]
> > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x2]
> > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 <mppe 1 0 0 71>]
> > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 <mppe 1 0 0 60>]
> > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2]
> > Nov 12 15:04:21 grinder pppd[13795]: Received bad configure-ack:
> > Nov 12 15:04:21 grinder pppd[13795]: local IP address 192.168.55.1
> > Nov 12 15:04:21 grinder pppd[13795]: remote IP address 192.168.55.2
> > Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-up started (pid 13801)
> > Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-up finished (pid 13801), status = 0x0
> > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x3 <mppe 1 0 0 40>]
> > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfRej id=0x3 <mppe 1 0 0 40>]
> > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x4]
> > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfAck id=0x4]
> > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP TermReq id=0x5]
> > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP TermAck id=0x5]
> > Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP TermReq id=0x2]
> > Nov 12 15:04:21 grinder pppd[13795]: LCP terminated by peer
Full interaction:
> Nov 12 15:04:21 grinder pppd[13795]: pppd 2.4.1 started by root, uid 0
> Nov 12 15:04:21 grinder pppd[13795]: using channel 7
> Nov 12 15:04:21 grinder pppd[13795]: Using interface ppp0
> Nov 12 15:04:21 grinder pppd[13795]: Connect: ppp0 <--> /dev/pts/2
> Nov 12 15:04:21 grinder pppd[13795]: sent [LCP ConfReq id=0x1 <mru 1490> <asyncmap 0x0> <auth chap 81> <magic 0x4777c500> <pcomp> <accomp>]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP ConfReq id=0x1 <magic 0xdf36d0> <pcomp> <accomp>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [LCP ConfAck id=0x1 <magic 0xdf36d0> <pcomp> <accomp>]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP ConfAck id=0x1 <mru 1490> <asyncmap 0x0> <auth chap 81> <magic 0x4777c500> <pcomp> <accomp>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [LCP EchoReq id=0x0 magic=0x4777c500]
> Nov 12 15:04:21 grinder pppd[13795]: sent [CHAP Challenge id=0x1 <80f11fec93478cfe510f497183a25153>, name = "*"]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP EchoRep id=0x0 magic=0xdf36d0]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [CHAP Response id=0x1 <28f22ad41e8fd74da0ba7fcf9ec4cab80000000000000000ffa0b7a9c7b76b56312d2b272313a14f4ec5b1d85846815304>, name = "allanc"]
> Nov 12 15:04:21 grinder pppd[13795]: sent [CHAP Success id=0x1 "S=2648381881F34A24C827B7B9D75A0A1205579723"]
> Nov 12 15:04:21 grinder pppd[13795]: sent [IPCP ConfReq id=0x1 <addr 192.168.55.1> <compress VJ 0f 01>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x1 <mppe 1 0 0 60>]
> Nov 12 15:04:21 grinder pppd[13795]: MSCHAP-v2 peer authentication succeeded for allanc
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [IPCP ConfRej id=0x1 <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 71> <lzs 0 1 4>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfRej id=0x1 <lzs 0 1 4>]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.55.1> <compress VJ 0f 01>]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfNak id=0x1 <mppe 1 0 0 40>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfReq id=0x2]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 0.0.0.0>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [IPCP ConfNak id=0x2 <addr 192.168.55.2>]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 <mppe 1 0 0 71>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 <mppe 1 0 0 60>]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2]
> Nov 12 15:04:21 grinder pppd[13795]: Received bad configure-ack:
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [IPCP ConfReq id=0x3 <compress VJ 0f 01> <addr 192.168.55.2>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [IPCP ConfAck id=0x3 <compress VJ 0f 01> <addr 192.168.55.2>]
> Nov 12 15:04:21 grinder pppd[13795]: local IP address 192.168.55.1
> Nov 12 15:04:21 grinder pppd[13795]: remote IP address 192.168.55.2
> Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-up started (pid 13801)
> Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-up finished (pid 13801), status = 0x0
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x3 <mppe 1 0 0 40>]
> Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfRej id=0x3 <mppe 1 0 0 40>]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x4]
> Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfAck id=0x4]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP TermReq id=0x5]
> Nov 12 15:04:21 grinder pppd[13795]: sent [CCP TermAck id=0x5]
> Nov 12 15:04:21 grinder pppd[13795]: rcvd [LCP TermReq id=0x2]
> Nov 12 15:04:21 grinder pppd[13795]: LCP terminated by peer
> Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-down started (pid 13802)
> Nov 12 15:04:21 grinder pppd[13795]: sent [LCP TermAck id=0x2]
> Nov 12 15:04:21 grinder pppd[13795]: Script /etc/ppp/ip-down finished (pid 13802), status = 0x0
> Nov 12 15:04:21 grinder pptpd[13794]: CTRL: Error with select(), quitting
> Nov 12 15:04:21 grinder pptpd[13794]: CTRL: Client 132.147.103.230 control connection finished
> Nov 12 15:04:21 grinder pppd[13795]: Modem hangup
> Nov 12 15:04:21 grinder pppd[13795]: Connection terminated.
> Nov 12 15:04:21 grinder pppd[13795]: Connect time 0.0 minutes.
> Nov 12 15:04:21 grinder pppd[13795]: Sent 121 bytes, received 145 bytes.
> Nov 12 15:04:21 grinder pppd[13795]: Exit.
> Nov 12 15:05:01 grinder crond[13810]: (root) CMD (/sbin/rmmod -a)
> [root at grinder vpn]#
/etc/ppp/options: (as per Wilson Chu)
name *
lock
debug
mtu 1490
mru 1490
#proxyarp
auth
idle 3600
+chap
#This one is optional and may be omitted.
#+chapms
+chapms-v2
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
mppe-128
mppe-40
mppe-stateless
#nodeflate
nobsdcomp
[root at grinder]# grep -v '^#' /etc/pptpd.conf
localip 192.168.55.1
remoteip 192.168.55.2-240
More information about the pptp-server
mailing list