Re: [pptp-devel] chap authentication failure

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

You're right, I realized I am asking the server to authenticate itself, 
and and then I reject it. Pretty stupid, huh?

Anyway, I already tried what you suggested with no success (going the
noauth way). In the meantime I followed the SuSE 9.1 howto on the
pptpclient page (which was very nicely prepared), and I created readable
logs for three different cases I tried, downloadable from:
http://userwww.service.emory.edu/~cgunay/pptp-logs/

1- with-refuse-eap: If I don't add the require-mschap-v2 and use
   refuse-eap, then the authentication goes smoothly, but the server
   proposes only to use EAP, which causes MPPE to fail.

2- with-no-mppe: If I remove require-mppe to get around the problem in 1,
   pptp happily chats with the server to go to EAP authentication, but the
   servers kicks him out because it's actually expecting a CHAP v2 chat. I 
   think this is a problem with my ISP. I am not sure what the server 
   configuration is unfortunately.

3- with-require-mschap-v2: To ask for MSCHAP v2 I add the 
   require-mschap-v2 together with refuse-eap, and I am where I started 
   from. refuse-eap causes a "peer refused to authenticate". 

I think what I need is not to refuse EAP, but silently ignore it and 
engage in CHAP. Of course I don't know how to do this with the available 
pppd commands. I think it's time for me to bug my school IT department. 
Also, maybe I need to set some LCP options to "bear with" the ISP's 
EAP babble.

I still appreciate all the input, things are getting clearer for me.

-Cengiz

On Mon, 7 Feb 2005, Michael L. Wright wrote:

> One problem that you're having is that your configuration is requiring the 
> remote server to authenticate itself, which is probably not what you want.
> 
> Try this to stop asking the remote to authenticate:
> 
> 1. Remove option 'require-mschap-v2' from your /etc/ppp/options.pptp file.
> 
> 2. Add option 'noauth' to /etc/ppp/peers/EmoryU or /etc/ppp/options.pptp.
> 
> Regarding the EAP problem:
> 
> 3. Add option 'refuse-eap' to /etc/ppp/peers/EmoryU or /etc/ppp/options.pptp.
> 
> Then when the remote requests EAP, your machine will refuse and the remote 
> should offer another alternative.
> 
> Michael
> 
> On Monday 07 February 2005 04:20 pm, Cengiz Gunay wrote:
> > Hi,
> >
> > I have a SuSE 9.1 machine with 2.6.4 kernel and pppd 2.4.2 and pptp
> > version 1.4.0.
> >
> > I can use the same computer and boot into Windows XP SP1 and connect to a
> > school VPN address, but when I try to do this in linux, the authentication
> > fails.  Looking at the Windows XP connection details, I know the
> > connection type is MS CHAP 128 with MPPE 128 encryption.
> >
> > I have a few questions, and a pppd log follows:
> >
> > 1- I enter a username and password in Windows. This name doesn't seem to
> >    have a windows domain name associated with it. I'm not sure if I need
> >    to prepend a windows domain to this username when connecting from
> >    linux. Is there a way to see this domain name?
> >
> > 2- From the windows settings I'm pretty sure that EAP authentication is
> >    frowned upon (i.e., using only EAP windows cannot connect to the VPN),
> >    however in linux, PPTP tries using EAP. If I give the refuse-eap option
> >    to pppd, then it would immediately stop, saying "client refused
> >    authetication".
> >
> > 3- In the log below ``rcvd [CHAP response ... name = "127.0.0.1"]'' is the
> >    response I get from the server. Does this mean that I need an entry in
> >    my chap-secrets with the name "127.0.0.1"?
> >
> > 4- Finally, sorry for the dumb question, but, does "Peer PPTP failed
> >    authentication," which follows the above rcvd message, mean that I
> >    rejected the server's credentials, or that the server rejected me?
> >
> > Thanks in advance for any insights. Here's my pppd log from a recent
> > failure:
> >
> > Feb  4 18:33:30 linux pptp[10452]: anon log[main:pptp.c:237]: The
> > synchronous pptp option is NOT activated Feb  4 18:33:30 linux pptp[10455]:
> > anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent control packet type is 1
> > 'Start-Control-Connection-Request' Feb  4 18:33:30 linux pptp[10455]: anon
> > log[ctrlp_disp:pptp_ctrl.c:714]: Received Start Control Connection Reply
> > Feb  4 18:33:30 linux pptp[10455]: anon log[ctrlp_disp:pptp_ctrl.c:748]:
> > Client connection established. Feb  4 18:33:31 linux pptp[10455]: anon
> > log[ctrlp_rep:pptp_ctrl.c:243]: Sent control packet type is 7
> > 'Outgoing-Call-Request' Feb  4 18:33:31 linux pptp[10455]: anon
> > log[ctrlp_disp:pptp_ctrl.c:834]: Received Outgoing Call Reply. Feb  4
> > 18:33:31 linux pptp[10455]: anon log[ctrlp_disp:pptp_ctrl.c:873]: Outgoing
> > call established (call ID 0, peer's call ID 44). Feb  4 18:33:31 linux
> > pppd[10452]: pppd options in effect:
> > Feb  4 18:33:31 linux pppd[10452]: debug                # (from
> > /etc/ppp/options.pptp) Feb  4 18:33:31 linux pppd[10452]: nodetach         
> >    # (from /etc/ppp/options) Feb  4 18:33:31 linux pppd[10452]: idle 600   
> >          # (from /etc/ppp/options) Feb  4 18:33:31 linux pppd[10452]: logfd
> > 0              # (from /etc/ppp/options.pptp) Feb  4 18:33:31 linux
> > pppd[10452]: dump         # (from /etc/ppp/options.pptp) Feb  4 18:33:31
> > linux pppd[10452]: active-filter xxx # [don't know how to print value]     
> >     # (from /etc/ppp/filters) Feb  4 18:33:31 linux pppd[10452]:
> > require-mschap-v2            # (from /etc/ppp/options.pptp) Feb  4 18:33:31
> > linux pppd[10452]: name EmoryU\\cgunay          # (from
> > /etc/ppp/peers/EmoryU) Feb  4 18:33:31 linux pppd[10452]: remotename PPTP  
> >            # (from /etc/ppp/peers/EmoryU) Feb  4 18:33:31 linux
> > pppd[10452]: /dev/pts/80          # (from command line) Feb  4 18:33:31
> > linux pppd[10452]: 38400                # (from command line) Feb  4
> > 18:33:31 linux pppd[10452]: lock         # (from /etc/ppp/options.pptp) Feb
> >  4 18:33:31 linux pppd[10452]: crtscts              # (from
> > /etc/ppp/options) Feb  4 18:33:31 linux pppd[10452]: modem                #
> > (from /etc/ppp/options) Feb  4 18:33:31 linux pppd[10452]: asyncmap 0      
> >     # (from /etc/ppp/options) Feb  4 18:33:31 linux pppd[10452]: mru 1000  
> >           # (from /etc/ppp/options.pptp) Feb  4 18:33:31 linux pppd[10452]:
> > mtu 1000             # (from /etc/ppp/options.pptp) Feb  4 18:33:31 linux
> > pppd[10452]: lcp-echo-failure 10          # (from /etc/ppp/options.pptp)
> > Feb  4 18:33:31 linux pppd[10452]: lcp-echo-interval 10         # (from
> > /etc/ppp/options.pptp) Feb  4 18:33:31 linux pppd[10452]: lcp-restart 2    
> >            # (from /etc/ppp/options) Feb  4 18:33:31 linux pppd[10452]:
> > lcp-max-configure 60         # (from /etc/ppp/options) Feb  4 18:33:31
> > linux pppd[10452]: noipdefault          # (from /etc/ppp/options) Feb  4
> > 18:33:31 linux pppd[10452]: nobsdcomp            # (from
> > /etc/ppp/options.pptp) Feb  4 18:33:31 linux pppd[10452]: nodeflate        
> >    # (from /etc/ppp/options.pptp) Feb  4 18:33:31 linux pppd[10452]:
> > require-mppe         # (from /etc/ppp/options.pptp) Feb  4 18:33:31 linux
> > pppd[10452]: noipx                # (from /etc/ppp/options) Feb  4 18:33:31
> > linux pppd[10452]: eap-timeout 30               # (from
> > /etc/ppp/options.pptp) Feb  4 18:33:31 linux pppd[10452]: pppd 2.4.2
> > started by root, uid 0 Feb  4 18:33:31 linux pppd[10452]: using channel 26
> > Feb  4 18:33:31 linux pppd[10452]: Using interface ppp0
> > Feb  4 18:33:31 linux pppd[10452]: Connect: ppp0 <--> /dev/pts/80
> > Feb  4 18:33:31 linux pppd[10452]: sent [LCP ConfReq id=0x1 <mru 1000>
> > <asyncmap 0x0> <auth chap MS-v2> <magic 0xff55da2e> <pcomp> <accomp
> >
> > >]
> >
> > Feb  4 18:33:33 linux pppd[10452]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0>
> > <auth eap> <magic 0xce6afcd7> <pcomp> <accomp>] Feb  4 18:33:33 linux
> > pppd[10452]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth eap> <magic
> > 0xce6afcd7> <pcomp> <accomp>] Feb  4 18:33:33 linux pppd[10452]: rcvd [LCP
> > ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <auth chap MS-v2> <magic
> > 0xff55da2e> <pcomp> <accomp
> >
> > >]
> >
> > Feb  4 18:33:33 linux pppd[10452]: sent [LCP EchoReq id=0x0
> > magic=0xff55da2e] Feb  4 18:33:33 linux pppd[10452]: sent [CHAP Challenge
> > id=0x28 <9b81cd098380e3e0460baa02c3ed4813>, name = "EmoryU\\cgunay"] Feb  4
> > 18:33:33 linux pppd[10452]: rcvd [EAP Request id=0x46 Identity <Message
> > "Name">] Feb  4 18:33:33 linux pppd[10452]: EAP: Identity prompt "Name"
> > Feb  4 18:33:33 linux pppd[10452]: sent [EAP Response id=0x46 Identity
> > <Name "EmoryU\\cgunay">] Feb  4 18:33:33 linux pppd[10452]: rcvd [LCP
> > EchoRep id=0x0 magic=0xce6afcd7] Feb  4 18:33:33 linux pppd[10452]: rcvd
> > [CHAP Response id=0x28
> > <11dc0d753e1e71d1f70041070f80af16000000000000000085b9a2b50930340645bccd62fb
> > 60a76eafb867e7accbd8cb00>, name = "127.0.0.1"]
> > Feb  4 18:33:33 linux pppd[10452]: Peer PPTP failed CHAP authentication
> > Feb  4 18:33:33 linux pppd[10452]: sent [CHAP Failure id=0x28 "E=691 R=1
> > C=9b81cd098380e3e0460baa02c3ed4813 V=0 M=Access denied"] Feb  4 18:33:33
> > linux pppd[10452]: sent [LCP TermReq id=0x2 "Authentication failed"] Feb  4
> > 18:33:35 linux pppd[10452]: sent [LCP TermReq id=0x3 "Authentication
> > failed"] Feb  4 18:33:37 linux pppd[10452]: Terminating on signal 2.
> > Feb  4 18:33:37 linux pptp[10455]: anon
> > log[callmgr_main:pptp_callmgr.c:249]: Closing connection Feb  4 18:33:37
> > linux pptp[10455]: anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent control packet
> > type is 12 'Call-Clear-Request' Feb  4 18:33:37 linux pppd[10452]:
> > Terminating on signal 15.
> > Feb  4 18:33:37 linux pptp[10455]: anon log[ctrlp_disp:pptp_ctrl.c:905]:
> > Call disconnect notification received (call id 44) Feb  4 18:33:37 linux
> > pppd[10452]: Connection terminated.
> > Feb  4 18:33:38 linux pppd[10452]: Exit.
> > Feb  4 18:33:38 linux pptp[10473]: anon warn[decaps_hdlc:pptp_gre.c:196]:
> > short read (-1): Input/output error Feb  4 18:33:38 linux pptp[10473]: anon
> > warn[decaps_hdlc:pptp_gre.c:197]: pppd may have shutdown, see pppd log Feb 
> > 4 18:33:39 linux pptp[10455]: anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent
> > control packet type is 12 'Call-Clear-Request' Feb  4 18:33:39 linux
> > pptp[10455]: anon log[pptp_conn_close:pptp_ctrl.c:425]: Closing PPTP
> > connection Feb  4 18:33:39 linux pptp[10455]: anon
> > log[ctrlp_rep:pptp_ctrl.c:243]: Sent control packet type is 3
> > 'Stop-Control-Connection-Request' Feb  4 18:33:39 linux pptp[10455]: anon
> > log[ctrlp_disp:pptp_ctrl.c:775]: Received Stop Control Connection Reqply.
> > Feb  4 18:33:39 linux pptp[10455]: anon
> > log[call_callback:pptp_callmgr.c:77]: Closing connection
> >
> >
> > Cengiz Gunay
> 
> -- 
> 
> Michael L. Wright
> System Administrator, Vashti.Net & MRServer, Inc.
> Email: MichaelW@Vashti.Net
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> pptpclient-devel mailing list
> ppt...@li...
> https://lists.sourceforge.net/lists/listinfo/pptpclient-devel
> 

Cengiz Gunay
--
cg...@em...  cen...@us... 	cen...@ya...
Lab: +1-404-727-4103	Home/Cell: +1-337-255-3660
http://www.cacs.louisiana.edu/~cxg9789
ICQ# 21104923, cen...@ja...
--