[pptp-server] PPTPD Authentication problems...

Wed Jan 16 01:31:56 CST 2002

Hi everyone!

I'm still struggling with getting a PPTPD server going... I've been reading
up on a couple of things, and found that the error I found in my
/var/log/daemon.log file before was related to VPN Masquerading (could this
be because the IPs I have assigned in /etc/pptpd.conf are private? I'm
connecting from a firewall box on the client end [which has a public IP] to
another firewall box with a public IP), so I added the VPN MASQ patch to
both the server and client, enabling "CONFIG_IP_MASQUERADE_PPTP=y".

After rebooting both these boxes, I turned on 'debug' in /etc/ppp/options on
both machines, and also in /etc/pptpd.conf on the server.

When I connected with pptp from the client, machine, I got a whole lot of
errors in /var/log/daemon.log, /var/log/messages and /var/log/debug, which
I've reproduced below, as well as various (relevant) config files. (A little
warning... Lots of text below!)

For 'piglet', the client machine (piglet.shacknet.nu):

--- /var/log/messages

Jan 16 18:03:26 piglet pppd[3558]: pppd 2.4.1 started by root, uid 0
Jan 16 18:03:26 piglet pppd[3558]: Using interface ppp0
Jan 16 18:03:26 piglet pppd[3558]: Connect: ppp0 <--> /dev/pts/1
Jan 16 18:03:29 piglet pppd[3558]: Connection terminated.
Jan 16 18:03:30 piglet pppd[3558]: Exit.

--- /var/log/daemon.log

Jan 16 18:03:25 piglet pptp[3555]:
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:548]: Client connection
established.
Jan 16 18:03:26 piglet pptp[3555]:
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:655]: Outgoing call established
(call ID 0, peer's call ID 0).
Jan 16 18:03:26 piglet modprobe: modprobe: Invalid line 84 in
/etc/modules.conf ^I/lib/modules/2.2.20
Jan 16 18:03:30 piglet pptp[3555]: log[callmgr_main:pptp_callmgr.c:240]:
Closing connection
Jan 16 18:03:30 piglet pptp[3555]: log[pptp_conn_close:pptp_ctrl.c:285]:
Closing PPTP connection
Jan 16 18:03:32 piglet pptp[3555]: log[call_callback:pptp_callmgr.c:88]:
Closing connection

--- /var/log/debug

Jan 16 18:03:26 piglet pppd[3558]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP EchoReq id=0x0
magic=0x1945c36f]
Jan 16 18:03:29 piglet pppd[3558]: sent [CHAP Challenge id=0x1
<8010a1cd2078b257824ee8048ed01fa2a1599b3d0f>, name = "piglet"]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP EchoReq id=0x0
magic=0xb0c49677]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP EchoRep id=0x0
magic=0x1945c36f]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [CHAP Challenge id=0x1
<5b6cbe281bb476ca0598ddef09a134b74b5031be1b>, name = "bluey"]
Jan 16 18:03:29 piglet pppd[3558]: sent [CHAP Response id=0x1
<8b8bc4909689269721eb01dfa5ba7619>, name = "piglet"]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP EchoRep id=0x0
magic=0xb0c49677]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [CHAP Response id=0x1
<16dcead8779087f338a04cf17929c6a7>, name = "bluey"]
Jan 16 18:03:29 piglet pppd[3558]: sent [CHAP Failure id=0x1 "I don't like
you.  Go 'way."]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP TermReq id=0x2 "Authentication
failed"]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [CHAP Failure id=0x1 "I don't like
you.  Go 'way."]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP TermReq id=0x2 "Authentication
failed"]
Jan 16 18:03:29 piglet pppd[3558]: sent [LCP TermAck id=0x2]
Jan 16 18:03:29 piglet pppd[3558]: rcvd [LCP TermAck id=0x2]

--- /etc/ppp/options

root at piglet:~# cat /etc/ppp/options
# /etc/ppp/options
# 
# Originally created by Jim Knoble <jmknoble at mercury.interpath.net>
# Modified for Debian by alvar Bray <alvar at meiko.co.uk>
# Modified for PPP Server setup by Christoph Lameter <clameter at debian.org>
#
# To quickly see what options are active in this file, use this command:
#   egrep -v '#|^ *$' /etc/ppp/options

# Specify which DNS Servers the incoming Win95 or WinNT Connection should
use
# Two Servers can be remotely configured
# ms-dns 192.168.1.1
# ms-dns 192.168.1.2

# Specify which WINS Servers the incoming connection Win95 or WinNT should
use
# ms-wins 192.168.1.50
# ms-wins 192.168.1.51

# Run the executable or shell command specified after pppd has
# terminated the link.  This script could, for example, issue commands
# to the modem to cause it to hang up if hardware modem control signals
# were not available.
#disconnect "chat -- \d+++\d\c OK ath0 OK"

# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it.  0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
asyncmap 0

# Require the peer to authenticate itself before allowing network
# packets to be sent or received.
# Please do not disable this setting. It is expected to be standard in
# future releases of pppd. Use the call option (see manpage) to disable
# authentication for specific peers.
auth

# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts

# Use software flow control (i.e. XON/XOFF) to control the flow of data
# on the serial port.
#xonxoff

# Specifies that certain characters should be escaped on transmission
# (regardless of whether the peer requests them to be escaped with its
# async control character map).  The characters to be escaped are
# specified as a list of hex numbers separated by commas.  Note that
# almost any character can be specified for the escape option, unlike
# the asyncmap option which only allows control characters to be
# specified.  The characters which may not be escaped are those with hex
# values 0x20 - 0x3f or 0x5e.
#escape 11,13,ff

# Don't use the modem control lines.
#local

# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock

# Don't show the passwords when logging the contents of PAP packets.
# This is the default.
hide-password

# When logging the contents of PAP packets, this option causes pppd to
# show the password string in the log message.
#show-password

# Use the modem control lines.  On Ultrix, this option implies hardware
# flow control, as for the crtscts option.  (This option is not fully
# implemented.)
modem

# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128.  The default MRU value is 1500.  A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data).
#mru 542

# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0

# Disables the default behaviour when no local IP address is specified,
# which is to determine (if possible) the local IP address from the
# hostname. With this option, the peer will have to supply the local IP
# address during IPCP negotiation (unless it specified explicitly on the
# command line or in an options file).
#noipdefault

# Enables the "passive" option in the LCP.  With this option, pppd will
# attempt to initiate a connection; if no reply is received from the
# peer, pppd will then just wait passively for a valid LCP packet from
# the peer (instead of exiting, as it does without this option).
#passive

# With this option, pppd will not transmit LCP packets to initiate a
# connection until a valid LCP packet is received from the peer (as for
# the "passive" option with old versions of pppd).
#silent

# Don't request or allow negotiation of any options for LCP and IPCP
# (use default values).
#-all

# Disable Address/Control compression negotiation (use default, i.e.
# address/control field disabled).
#-ac

# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
# all control characters).
#-am

# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#-detach

# Disable IP address negotiation (with this option, the remote IP
# address must be specified with an option on the command line or in
# an options file).
#-ip

# Disable IPCP negotiation and IP communication. This option should
# only be required if the peer is buggy and gets confused by requests
# from pppd for IPCP negotiation.
#noip

# Disable magic number negotiation.  With this option, pppd cannot
# detect a looped-back line.
#-mn

# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
# 1500).
#-mru

# Disable protocol field compression negotiation (use default, i.e.
# protocol field compression disabled).
#-pc

# Require the peer to authenticate itself using PAP.
#+pap

# Don't agree to authenticate using PAP.
#-pap

# Require the peer to authenticate itself using CHAP [Cryptographic
# Handshake Authentication Protocol] authentication.
#+chap

# Don't agree to authenticate using CHAP.
#-chap

# Disable negotiation of Van Jacobson style IP header compression (use
# default, i.e. no compression).
#-vj

# Increase debugging level (same as -d).  If this option is given, pppd
# will log the contents of all control packets sent or received in a
# readable form.  The packets are logged through syslog with facility
# daemon and level debug. This information can be directed to a file by
# setting up /etc/syslog.conf appropriately (see syslog.conf(5)).  (If
# pppd is compiled with extra debugging enabled, it will log messages
# using facility local2 instead of daemon).
debug

# Append the domain name <d> to the local host name for authentication
# purposes.  For example, if gethostname() returns the name porsche,
# but the fully qualified domain name is porsche.Quotron.COM, you would
# use the domain option to set the domain name to Quotron.COM.
#domain <d>

# Enable debugging code in the kernel-level PPP driver.  The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n

# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface.
#mtu <n>

# Set the name of the local system for authentication purposes to <n>.
# This is a privileged option. With this option, pppd will use lines in the
# secrets files which have <n> as the second field when looking for a
# secret to use in authenticating the peer. In addition, unless overridden
# with the user option, <n> will be used as the name to send to the peer
# when authenticating the local system to the peer. (Note that pppd does
# not append the domain name to <n>.)
#name <n>
name piglet

# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname

# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.
proxyarp

# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont
work.
# login

# If this option is given, pppd will send an LCP echo-request frame to the
# peer every n seconds. Normally the peer should respond to the echo-request
# by sending an echo-reply. This option can be used with the
# lcp-echo-failure option to detect that the peer is no longer connected.
lcp-echo-interval 30

# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection.  Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4

# Set the LCP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#lcp-restart <n>

# Set the maximum number of LCP terminate-request transmissions to <n>
# (default 3).
#lcp-max-terminate <n>

# Set the maximum number of LCP configure-request transmissions to <n>
# (default 10).
#lcp-max-configure <n>

# Set the maximum number of LCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#lcp-max-failure <n>

# Set the IPCP restart interval (retransmission timeout) to <n>
# seconds (default 3).
#ipcp-restart <n>

# Set the maximum number of IPCP terminate-request transmissions to <n>
# (default 3).
#ipcp-max-terminate <n>

# Set the maximum number of IPCP configure-request transmissions to <n>
# (default 10).
#ipcp-max-configure <n>

# Set the maximum number of IPCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#ipcp-max-failure <n>

# Set the PAP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#pap-restart <n>

# Set the maximum number of PAP authenticate-request transmissions to
# <n> (default 10).
#pap-max-authreq <n>

# Set the maximum time that pppd will wait for the peer to authenticate
# itself with PAP to <n> seconds (0 means no limit).
#pap-timeout <n>

# Set the CHAP restart interval (retransmission timeout for
# challenges) to <n> seconds (default 3).
#chap-restart <n>

# Set the maximum number of CHAP challenge transmissions to <n>
# (default 10).
#chap-max-challenge

# If this option is given, pppd will rechallenge the peer every <n>
# seconds.
#chap-interval <n>

# With this option, pppd will accept the peer's idea of our local IP
# address, even if the local IP address was specified in an option.
#ipcp-accept-local

# With this option, pppd will accept the peer's idea of its (remote) IP
# address, even if the remote IP address was specified in an option.
#ipcp-accept-remote

# Disable the IPXCP and IPX protocols.
# To let pppd pass IPX packets comment this out --- you'll probably also
# want to install ipxripd, and have the Internal IPX Network option enabled
# in your kernel.  /usr/doc/HOWTO/IPX-HOWTO.gz contains more info.
noipx

# Exit once a connection has been made and terminated. This is the default,
# unless the `persist' or `demand' option has been specified.
#nopersist

# Do not exit after a connection is terminated; instead try to reopen
# the connection.
#persist

# Terminate after n consecutive failed connection attempts.
# A value of 0 means no limit. The default value is 10.
#maxfail <n>

# Initiate the link only on demand, i.e. when data traffic is present.
# With this option, the remote IP address must be specified by the user on
# the command line or in an options file.  Pppd will initially configure
# the interface and enable it for IP traffic without connecting to the peer.
# When traffic is available, pppd will connect to the peer and perform
# negotiation, authentication, etc.  When this is completed, pppd will
# commence passing data packets (i.e., IP packets) across the link.
#demand

# Specifies that pppd should disconnect if the link is idle for <n> seconds.
# The link is idle when no data packets (i.e. IP packets) are being sent or
# received.  Note: it is not advisable to use this option with the persist
# option without the demand option.  If the active-filter option is given,
# data packets which are rejected by the specified activity filter also
# count as the link being idle.
#idle <n>

# Specifies how many seconds to wait before re-initiating the link after
# it terminates.  This option only has any effect if the persist or demand
# option is used.  The holdoff period is not applied if the link was
# terminated because it was idle.
#holdoff <n>

# Wait for up n milliseconds after the connect script finishes for a valid
# PPP packet from the peer.  At the end of this time, or when a valid PPP
# packet is received from the peer, pppd will commence negotiation by
# sending its first LCP packet.  The default value is 1000 (1 second).
# This wait period only applies if the connect or pty option is used.
#connect-delay <n>

# ---<End of File>---

--- /etc/ppp/chap-secrets (note: no newline after final "*")

root at piglet:~# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
bluey           piglet  "password1"             *
piglet          bluey   "password2"              *

---

For 'bluey', the server machine (cata.mine.nu):

--- /var/log/messages

Jan 16 18:03:18 cata pppd[13824]: pppd 2.4.1 started by root, uid 0
Jan 16 18:03:18 cata pppd[13824]: Using interface ppp1
Jan 16 18:03:18 cata pppd[13824]: Connect: ppp1 <--> /dev/pts/6
Jan 16 18:03:22 cata pppd[13824]: Connection terminated.
Jan 16 18:03:22 cata pppd[13824]: Exit.

--- /var/log/daemon.log

Jan 16 18:03:17 cata pptpd[13823]: MGR: Launching /usr/sbin/pptpctrl to
handle client
Jan 16 18:03:17 cata pptpd[13823]: CTRL: local address = 192.168.1.1
Jan 16 18:03:17 cata pptpd[13823]: CTRL: remote address = 192.168.1.11
Jan 16 18:03:17 cata pptpd[13823]: CTRL: pppd speed = 115200
Jan 16 18:03:17 cata pptpd[13823]: CTRL: pppd options file =
/etc/ppp/pptpd-options
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Client 144.132.140.185 control
connection started
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Received PPTP Control Message
(type: 1)
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Made a START CTRL CONN RPLY packet
Jan 16 18:03:17 cata pptpd[13823]: CTRL: I wrote 156 bytes to the client.
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Sent packet to client
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Received PPTP Control Message
(type: 7)
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Set parameters to 10000000 maxbps,
3 window size
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Made a OUT CALL RPLY packet
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Starting call (launching pppd,
opening GRE)
Jan 16 18:03:18 cata pptpd[13823]: CTRL: pty_fd = 5
Jan 16 18:03:18 cata pptpd[13823]: CTRL: tty_fd = 6
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): Connection speed =
115200
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): local address =
192.168.1.1
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): remote address =
192.168.1.11
Jan 16 18:03:18 cata pptpd[13823]: CTRL: I wrote 32 bytes to the client.
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Sent packet to client
Jan 16 18:03:18 cata modprobe: modprobe: Invalid line 82 in
/etc/modules.conf ^I/lib/modules/2.2.20/
Jan 16 18:03:20 cata pptpd[13823]: GRE: Discarding duplicate packet
Jan 16 18:03:22 cata pptpd[13823]: GRE: read(fd=5,buffer=10014e54,len=8196)
from PTY failed: status = -1 error = Input/output error
Jan 16 18:03:22 cata pptpd[13823]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Client 144.132.140.185 control
connection finished
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Exiting with active call
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Made a CALL DISCONNECT RPLY packet
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Couldn't write packet to client.
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Made a STOP CTRL REQ packet
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Couldn't write packet to client.
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Exiting now
Jan 16 18:03:22 cata pptpd[13707]: MGR: Reaped child 13823

--- /var/log/debug

Jan 16 18:03:17 cata pptpd[13823]: MGR: Launching /usr/sbin/pptpctrl to
handle client
Jan 16 18:03:17 cata pptpd[13823]: CTRL: local address = 192.168.1.1
Jan 16 18:03:17 cata pptpd[13823]: CTRL: remote address = 192.168.1.11
Jan 16 18:03:17 cata pptpd[13823]: CTRL: pppd speed = 115200
Jan 16 18:03:17 cata pptpd[13823]: CTRL: pppd options file =
/etc/ppp/pptpd-options
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Received PPTP Control Message
(type: 1)
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Made a START CTRL CONN RPLY packet
Jan 16 18:03:17 cata pptpd[13823]: CTRL: I wrote 156 bytes to the client.
Jan 16 18:03:17 cata pptpd[13823]: CTRL: Sent packet to client
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Received PPTP Control Message
(type: 7)
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Set parameters to 10000000 maxbps,
3 window size
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Made a OUT CALL RPLY packet
Jan 16 18:03:18 cata pptpd[13823]: CTRL: pty_fd = 5
Jan 16 18:03:18 cata pptpd[13823]: CTRL: tty_fd = 6
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): Connection speed =
115200
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): local address =
192.168.1.1
Jan 16 18:03:18 cata pptpd[13824]: CTRL (PPPD Launcher): remote address =
192.168.1.11
Jan 16 18:03:18 cata pptpd[13823]: CTRL: I wrote 32 bytes to the client.
Jan 16 18:03:18 cata pptpd[13823]: CTRL: Sent packet to client
Jan 16 18:03:18 cata pppd[13824]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:21 cata pppd[13824]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0xb0c49677> <pcomp> <accomp>]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x1945c36f> <pcomp> <accomp>]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP EchoReq id=0x0 magic=0xb0c49677]
Jan 16 18:03:22 cata pppd[13824]: sent [CHAP Challenge id=0x1
<5b6cbe281bb476ca0598ddef09a134b74b5031be1b>, name = "bluey"]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP EchoReq id=0x0 magic=0x1945c36f]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP EchoRep id=0x0 magic=0xb0c49677]
Jan 16 18:03:22 cata pppd[13824]: rcvd [CHAP Challenge id=0x1
<8010a1cd2078b257824ee8048ed01fa2a1599b3d0f>, name = "piglet"]
Jan 16 18:03:22 cata pppd[13824]: sent [CHAP Response id=0x1
<16dcead8779087f338a04cf17929c6a7>, name = "bluey"]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP EchoRep id=0x0 magic=0x1945c36f]
Jan 16 18:03:22 cata pppd[13824]: rcvd [CHAP Response id=0x1
<8b8bc4909689269721eb01dfa5ba7619>, name = "piglet"]
Jan 16 18:03:22 cata pppd[13824]: sent [CHAP Failure id=0x1 "I don't like
you.  Go 'way."]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP TermReq id=0x2 "Authentication
failed"]
Jan 16 18:03:22 cata pppd[13824]: rcvd [CHAP Failure id=0x1 "I don't like
you.  Go 'way."]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP TermReq id=0x2 "Authentication
failed"]
Jan 16 18:03:22 cata pppd[13824]: sent [LCP TermAck id=0x2]
Jan 16 18:03:22 cata pppd[13824]: rcvd [LCP TermAck id=0x2]
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Exiting with active call
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Made a CALL DISCONNECT RPLY packet
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Made a STOP CTRL REQ packet
Jan 16 18:03:22 cata pptpd[13823]: CTRL: Exiting now
Jan 16 18:03:22 cata pptpd[13707]: MGR: Reaped child 13823

--- /etc/ppp/options

cata:~# cat /etc/ppp/options
# /etc/ppp/options
# 
# Originally created by Jim Knoble <jmknoble at mercury.interpath.net>
# Modified for Debian by alvar Bray <alvar at meiko.co.uk>
# Modified for PPP Server setup by Christoph Lameter <clameter at debian.org>
#
# To quickly see what options are active in this file, use this command:
#   egrep -v '#|^ *$' /etc/ppp/options

# Specify which DNS Servers the incoming Win95 or WinNT Connection should
use
# Two Servers can be remotely configured
# ms-dns 192.168.1.1
# ms-dns 192.168.1.2

# Specify which WINS Servers the incoming connection Win95 or WinNT should
use
# ms-wins 192.168.1.50
# ms-wins 192.168.1.51

# Run the executable or shell command specified after pppd has
# terminated the link.  This script could, for example, issue commands
# to the modem to cause it to hang up if hardware modem control signals
# were not available.
#disconnect "chat -- \d+++\d\c OK ath0 OK"

# async character map -- 32-bit hex; each bit is a character
# that needs to be escaped for pppd to receive it.  0x00000001
# represents '\x01', and 0x80000000 represents '\x1f'.
asyncmap 0

# Require the peer to authenticate itself before allowing network
# packets to be sent or received.
# Please do not disable this setting. It is expected to be standard in
# future releases of pppd. Use the call option (see manpage) to disable
# authentication for specific peers.
auth

# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
# on the serial port.
crtscts

# Use software flow control (i.e. XON/XOFF) to control the flow of data
# on the serial port.
#xonxoff

# Specifies that certain characters should be escaped on transmission
# (regardless of whether the peer requests them to be escaped with its
# async control character map).  The characters to be escaped are
# specified as a list of hex numbers separated by commas.  Note that
# almost any character can be specified for the escape option, unlike
# the asyncmap option which only allows control characters to be
# specified.  The characters which may not be escaped are those with hex
# values 0x20 - 0x3f or 0x5e.
#escape 11,13,ff

# Don't use the modem control lines.
#local

# Specifies that pppd should use a UUCP-style lock on the serial device
# to ensure exclusive access to the device.
lock

# Don't show the passwords when logging the contents of PAP packets.
# This is the default.
hide-password

# When logging the contents of PAP packets, this option causes pppd to
# show the password string in the log message.
#show-password

# Use the modem control lines.  On Ultrix, this option implies hardware
# flow control, as for the crtscts option.  (This option is not fully
# implemented.)
modem

# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
# will ask the peer to send packets of no more than <n> bytes. The
# minimum MRU value is 128.  The default MRU value is 1500.  A value of
# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
# bytes of data).
#mru 542

# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
# notation (e.g. 255.255.255.0).
#netmask 255.255.255.0

# Disables the default behaviour when no local IP address is specified,
# which is to determine (if possible) the local IP address from the
# hostname. With this option, the peer will have to supply the local IP
# address during IPCP negotiation (unless it specified explicitly on the
# command line or in an options file).
#noipdefault

# Enables the "passive" option in the LCP.  With this option, pppd will
# attempt to initiate a connection; if no reply is received from the
# peer, pppd will then just wait passively for a valid LCP packet from
# the peer (instead of exiting, as it does without this option).
#passive

# With this option, pppd will not transmit LCP packets to initiate a
# connection until a valid LCP packet is received from the peer (as for
# the "passive" option with old versions of pppd).
#silent

# Don't request or allow negotiation of any options for LCP and IPCP
# (use default values).
#-all

# Disable Address/Control compression negotiation (use default, i.e.
# address/control field disabled).
#-ac

# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
# all control characters).
#-am

# Don't fork to become a background process (otherwise pppd will do so
# if a serial device is specified).
#-detach

# Disable IP address negotiation (with this option, the remote IP
# address must be specified with an option on the command line or in
# an options file).
#-ip

# Disable IPCP negotiation and IP communication. This option should
# only be required if the peer is buggy and gets confused by requests
# from pppd for IPCP negotiation.
#noip

# Disable magic number negotiation.  With this option, pppd cannot
# detect a looped-back line.
#-mn

# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
# 1500).
#-mru

# Disable protocol field compression negotiation (use default, i.e.
# protocol field compression disabled).
#-pc

# Require the peer to authenticate itself using PAP.
#+pap

# Don't agree to authenticate using PAP.
#-pap

# Require the peer to authenticate itself using CHAP [Cryptographic
# Handshake Authentication Protocol] authentication.
#+chap

# Don't agree to authenticate using CHAP.
#-chap

# Disable negotiation of Van Jacobson style IP header compression (use
# default, i.e. no compression).
#-vj

# Increase debugging level (same as -d).  If this option is given, pppd
# will log the contents of all control packets sent or received in a
# readable form.  The packets are logged through syslog with facility
# daemon and level debug. This information can be directed to a file by
# setting up /etc/syslog.conf appropriately (see syslog.conf(5)).  (If
# pppd is compiled with extra debugging enabled, it will log messages
# using facility local2 instead of daemon).
debug

# Append the domain name <d> to the local host name for authentication
# purposes.  For example, if gethostname() returns the name porsche,
# but the fully qualified domain name is porsche.Quotron.COM, you would
# use the domain option to set the domain name to Quotron.COM.
#domain <d>

# Enable debugging code in the kernel-level PPP driver.  The argument n
# is a number which is the sum of the following values: 1 to enable
# general debug messages, 2 to request that the contents of received
# packets be printed, and 4 to request that the contents of transmitted
# packets be printed.
#kdebug n

# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
# requests a smaller value via MRU negotiation, pppd will request that
# the kernel networking code send data packets of no more than n bytes
# through the PPP network interface.
#mtu <n>

# Set the name of the local system for authentication purposes to <n>.
# This is a privileged option. With this option, pppd will use lines in the
# secrets files which have <n> as the second field when looking for a
# secret to use in authenticating the peer. In addition, unless overridden
# with the user option, <n> will be used as the name to send to the peer
# when authenticating the local system to the peer. (Note that pppd does
# not append the domain name to <n>.)
#name <n>
name bluey

# Enforce the use of the hostname as the name of the local system for
# authentication purposes (overrides the name option).
#usehostname

# Set the assumed name of the remote system for authentication purposes
# to <n>.
#remotename <n>

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.
proxyarp

# Use the system password database for authenticating the peer using
# PAP. Note: mgetty already provides this option. If this is specified
# then dialin from users using a script under Linux to fire up ppp wont
work.
# login

# If this option is given, pppd will send an LCP echo-request frame to the
# peer every n seconds. Normally the peer should respond to the echo-request
# by sending an echo-reply. This option can be used with the
# lcp-echo-failure option to detect that the peer is no longer connected.
lcp-echo-interval 30

# If this option is given, pppd will presume the peer to be dead if n
# LCP echo-requests are sent without receiving a valid LCP echo-reply.
# If this happens, pppd will terminate the connection.  Use of this
# option requires a non-zero value for the lcp-echo-interval parameter.
# This option can be used to enable pppd to terminate after the physical
# connection has been broken (e.g., the modem has hung up) in
# situations where no hardware modem control lines are available.
lcp-echo-failure 4

# Set the LCP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#lcp-restart <n>

# Set the maximum number of LCP terminate-request transmissions to <n>
# (default 3).
#lcp-max-terminate <n>

# Set the maximum number of LCP configure-request transmissions to <n>
# (default 10).
#lcp-max-configure <n>

# Set the maximum number of LCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#lcp-max-failure <n>

# Set the IPCP restart interval (retransmission timeout) to <n>
# seconds (default 3).
#ipcp-restart <n>

# Set the maximum number of IPCP terminate-request transmissions to <n>
# (default 3).
#ipcp-max-terminate <n>

# Set the maximum number of IPCP configure-request transmissions to <n>
# (default 10).
#ipcp-max-configure <n>

# Set the maximum number of IPCP configure-NAKs returned before starting
# to send configure-Rejects instead to <n> (default 10).
#ipcp-max-failure <n>

# Set the PAP restart interval (retransmission timeout) to <n> seconds
# (default 3).
#pap-restart <n>

# Set the maximum number of PAP authenticate-request transmissions to
# <n> (default 10).
#pap-max-authreq <n>