Site Navigation

Date:      Thu, 2 May 2002 16:13:50 -0400 (EDT)
From:      Thomas David Rivers <rivers@dignus.com>
To:        archie@dellroad.org, rivers@dignus.com
Cc:        freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, K.J.Koster@kpn.com
Subject:   Re: Anyone using pptp?
Message-ID:  <200205022013.g42KDoc50328@lakes.dignus.com>
In-Reply-To: <200205021949.g42JnXq97404@arch20m.dellroad.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Archie Cobbs <archie@dellroad.org> wrote:
> 
> Thomas David Rivers writes:
> > > > 	enable MSChapV2
> > > >   in /etc/ppp/ppp.conf - then our ppp client requires that the
> > > >   peer (the Microsoft VPN server) authenticate using MSChapV2.  But,
> > > >   the Microsoft VPN peer refuses that (it's configured to not use
> > > >   MSChapV2.
> > > 
> > > Don't you want something like "allow MSChapV2" and "disable MSChapV2" ?
> > 
> >  Something like that...  but - that's the default setting.  With the
> >  default setting, it seems to pass through CHAP (0x80) Authentication.
> > 
> >  But - then, the MPPE encryption is not allowed - because MPPE 
> >  compression requires MSChapV2 (0x81) Authentication... and, the
> >  VPN server doesn't authenticate that way.
> > 
> >  I notice there is a line in the ppp man page:
> > 
> > 	For now, ppp can only get encryption keys from CHAP 81 
> > 	authentication.
> > 
> >  But - the (Microsoft Win2000) VPN server I'm trying to talk do doesn't 
> >  allow CHAP 81 authentication, but wants to use MPPE...  
> 
> In that case you need to use mpd I guess.
> 
> -Archie
> 

 Yes - after some other investigation - I arrived at the same idea.

 mpd fails as well... with something very similar... it seems to
 send a CCP configuration request and simply gets no answer
 back from the Microsoft server.  From the VPN log (you can see
 toward the bottom that both IPCP and CCP complain that
 parameter negotiation failed):


[vpn] LCP: authorization successful
[vpn] LCP: phase shift AUTHENTICATE --> NETWORK
[vpn] up: 1 link, total bandwidth 64000 bps
[vpn] IPCP: Up event
[vpn] IPCP: state change Starting --> Req-Sent
[vpn] IPCP: SendConfigReq #1
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: Open event
[vpn] CCP: state change Initial --> Starting
[vpn] CCP: LayerStart
[vpn] CCP: Up event
[vpn] CCP: state change Starting --> Req-Sent
[vpn] CCP: SendConfigReq #1
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: SendConfigReq #2
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: SendConfigReq #2
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: SendConfigReq #3
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: SendConfigReq #3
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: SendConfigReq #4
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: SendConfigReq #4
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: SendConfigReq #5
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: SendConfigReq #5
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: SendConfigReq #6
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: SendConfigReq #6
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: SendConfigReq #7
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: SendConfigReq #7
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: SendConfigReq #8
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: SendConfigReq #8
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: SendConfigReq #9
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: SendConfigReq #9
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: SendConfigReq #10
 IPADDR 192.168.1.1
 COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
[vpn] CCP: SendConfigReq #10
 MPPC
   0x01000060: MPPE, 40 bit, 128 bit, stateless
[vpn] IPCP: state change Req-Sent --> Stopped
[vpn] IPCP: LayerFinish
[vpn] IPCP: parameter negotiation failed
[vpn] IPCP: LayerFinish
[vpn] CCP: state change Req-Sent --> Stopped
[vpn] CCP: LayerFinish
[vpn] CCP: parameter negotiation failed
[vpn] CCP: Close event
[vpn] CCP: state change Stopped --> Closed
[vpn] CCP: encryption required, but MPPE was not negotiated in both directions
[vpn] CCP: failed to negotiate required encryption
[vpn] CCP: Close event
[vpn] CCP: LayerFinish
[vpn] IPCP: failed to negotiate required encryption
[vpn] IPCP: LayerFinish
[vpn] CCP: LayerFinish
[vpn] bundle: CLOSE event in state OPENED
[vpn] closing link "vpn"...
[vpn] bundle: CLOSE event in state CLOSED
[vpn] closing link "vpn"...
[vpn] link: CLOSE event
[vpn] LCP: Close event
[vpn] LCP: state change Opened --> Closing
[vpn] LCP: phase shift NETWORK --> TERMINATE
[vpn] up: 0 links, total bandwidth 9600 bps
[vpn] IPCP: Down event
[vpn] IPCP: state change Stopped --> Starting
[vpn] IPCP: LayerStart
[vpn] CCP: Down event
[vpn] CCP: state change Closed --> Initial
[vpn] CCP: Close event
[vpn] closing link "vpn"...
[vpn] LCP: SendTerminateReq #4
[vpn] LCP: LayerDown
[vpn] bundle: CLOSE event in state CLOSED
[vpn] link: CLOSE event
[vpn] LCP: Close event
[vpn] bundle: OPEN event in state CLOSED
[vpn] opening link "vpn"...
[vpn] link: CLOSE event
[vpn] LCP: Close event
[vpn] link: OPEN event
[vpn] LCP: Open event
[vpn] LCP: state change Closing --> Stopping
pptp0: CID 0xdac8 in SetLinkInfo not found
[vpn] LCP: rec'd Terminate Ack #4 link 0 (Stopping)
[vpn] LCP: state change Stopping --> Stopped
[vpn] LCP: phase shift TERMINATE --> ESTABLISH
[vpn] LCP: LayerFinish
[vpn] device: CLOSE event in state UP
pptp0-0: clearing call
[vpn] device is now in state CLOSING
[vpn] device: DOWN event in state CLOSING
[vpn] device is now in state DOWN
[vpn] link: DOWN event
[vpn] LCP: Down event
[vpn] LCP: state change Stopped --> Starting
[vpn] LCP: phase shift ESTABLISH --> DEAD
[vpn] LCP: LayerStart
[vpn] device: OPEN event in state DOWN
[vpn] pausing 7 seconds before open
[vpn] device is now in state DOWN
[vpn] device: OPEN event in state DOWN
[vpn] device is now in state DOWN
pptp0-0: peer call disconnected res=zero? err=none
pptp0-0: killing channel
pptp0: closing connection with 157.189.4.10:1723
pptp0: invalid length 16 for type 4
pptp0: killing connection with 157.189.4.10:1723
^Cmpd: caught fatal signal int
mpd: fatal error, exiting
[vpn] IPCP: Down event
[vpn] IFACE: Close event
[vpn] IPCP: Close event
[vpn] IPCP: state change Starting --> Initial
[vpn] IPCP: LayerFinish
mpd: process 3199 terminated
office#	^Dexit

Script done on Thu May  2 11:03:31 2002

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205022013.g42KDoc50328>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact