[pptp-server] Failed CCP on linux-2.4.9/MS VPN 128-bit
Allan Clark
allanc at caldera.com
Mon Nov 12 16:01:03 CST 2001
Charlie Brady wrote:
>
> On Mon, 12 Nov 2001, Allan Clark wrote:
>
> > I think that's what it's saying: the MSVPN seems to be acknowledging the
> > offer from the linux side of mppe 1 0 0 60, but the linux side doesn't
> > seem to expect this ack, as indicated by the following log message from
> > the full trace:
>
> It seems to be to be complaining about the syntax of the Ack. As I said,
> I suspect that the Ack should restate the agreed upon config. I haven't
> checked the RFC, and don't know it in any detail, so I can't say for sure.
>
> > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfReq id=0x2 <mppe 1 0 0 71>]
> > > > Nov 12 15:04:21 grinder pppd[13795]: sent [CCP ConfNak id=0x2 <mppe 1 0 0 60>]
> > > > Nov 12 15:04:21 grinder pppd[13795]: rcvd [CCP ConfAck id=0x2]
> > > > Nov 12 15:04:21 grinder pppd[13795]: Received bad configure-ack:
> > > > Nov 12 15:04:21 grinder pppd[13795]: local IP address 192.168.55.1
> > > > Nov 12 15:04:21 grinder pppd[13795]: remote IP address 192.168.55.2
> >
> > There are people on this list who claim to have a 128-bit functioning,
> > so I'm wondering if they receive the same log messages.
>
> I have 128 bit functioning, and don't see those log messages.
>
> Your ConfAck is clearly bogus. You've told the remote end you'll only do
> 40 or 128 bit bit encryption, no compression. It's replied "OK". How are
> you to know what OK means?
I understand your logic, and I agree.
The remote side of this, the client that initiated the connection, is a
Microsoft DUN VPN, updated with 128-bit security. I can't alter that
code, so I assume it's the same client as what connects to your system.
Are you accepting connections from Win98 128-bit clients? My
connections work fine as 40-bit, but not 128-bit. Can you send me
pptpd.conf and ppp/options file? Do they differ from mine?
Allan
More information about the pptp-server
mailing list