[pptp-server] poptop, mppe, and ppp cvs

[Alex King]

On Thu, May 09, 2002 at 03:16:20AM -0700, Frank Cusack wrote:
> On Wed, May 08, 2002 at 08:59:15PM +1200, Alex King wrote:
> > Where I'm at - I can connect using a win95/DUN1.4 client with CHAP and no

...
> > When I configure the server with require-mschap-v2 I get:
> > sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x8c3d3f60>
> > <pcomp> <accomp>]
> > ...
> > rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x8c3d3f60>
> > <pcomp> <accomp>]
> > sent [CHAP Challenge...
> > rcvd [CHAP Response...
> > sent [CHAP Success...
> > sent [IPCP ConfReq id=0x1 <addr 10.0.0.1> <compress VJ 0f 01>]
> > sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
> > CHAP peer authentication succeeded for workgroup\\alex
> > rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
> > rcvd [LCP TermReq id=0x3]
> > 
> > and the connection fails (note I have workgroup\\alex in the chap
> > secrets)
> > 
...
> 
> I've got it working with a win2k client.  I am currently aware of win98
> problems which I am working on, related to mschap (v1).
> 
> The ProtRej is worrisome.  This is a long shot, but try setting 'novj'
> and 'nodeflate' in your ppp options.  You might also try 'asyncmap a0000'.
> It does appear that win95 doesn't like your IPCP offering, but normally
> it should send you an IPCP ConfNak.  But it might be broken.
> 

For the record:  setting novj and nodeflate options did not help this
problem.  Nor did 'asyncmap a0000'.  With noccp, no ProtRej packet comes
through, but the TermReq still comes through, despite an apparantly
successfull MSCHAPv2 login (from the server's perspective), and even if
the client is not set up to "Require encrypted passowrd" or to "Require
data encryption"

The only thing that does fix it is to disable the "require-mschap-v2"
option on the server.  With just "require-mschap" on the server, the
Win95 client can successfully connect (and use MPPE)

Alex