From: Cengiz G. <cg...@em...> - 2005-02-08 17:46:14
|
Hi, You're right, I realized I am asking the server to authenticate itself, and and then I reject it. Pretty stupid, huh? Anyway, I already tried what you suggested with no success (going the noauth way). In the meantime I followed the SuSE 9.1 howto on the pptpclient page (which was very nicely prepared), and I created readable logs for three different cases I tried, downloadable from: http://userwww.service.emory.edu/~cgunay/pptp-logs/ 1- with-refuse-eap: If I don't add the require-mschap-v2 and use refuse-eap, then the authentication goes smoothly, but the server proposes only to use EAP, which causes MPPE to fail. 2- with-no-mppe: If I remove require-mppe to get around the problem in 1, pptp happily chats with the server to go to EAP authentication, but the servers kicks him out because it's actually expecting a CHAP v2 chat. I think this is a problem with my ISP. I am not sure what the server configuration is unfortunately. 3- with-require-mschap-v2: To ask for MSCHAP v2 I add the require-mschap-v2 together with refuse-eap, and I am where I started from. refuse-eap causes a "peer refused to authenticate". I think what I need is not to refuse EAP, but silently ignore it and engage in CHAP. Of course I don't know how to do this with the available pppd commands. I think it's time for me to bug my school IT department. Also, maybe I need to set some LCP options to "bear with" the ISP's EAP babble. I still appreciate all the input, things are getting clearer for me. -Cengiz On Mon, 7 Feb 2005, Michael L. Wright wrote: > One problem that you're having is that your configuration is requiring the > remote server to authenticate itself, which is probably not what you want. > > Try this to stop asking the remote to authenticate: > > 1. Remove option 'require-mschap-v2' from your /etc/ppp/options.pptp file. > > 2. Add option 'noauth' to /etc/ppp/peers/EmoryU or /etc/ppp/options.pptp. > > Regarding the EAP problem: > > 3. Add option 'refuse-eap' to /etc/ppp/peers/EmoryU or /etc/ppp/options.pptp. > > Then when the remote requests EAP, your machine will refuse and the remote > should offer another alternative. > > Michael > > On Monday 07 February 2005 04:20 pm, Cengiz Gunay wrote: > > Hi, > > > > I have a SuSE 9.1 machine with 2.6.4 kernel and pppd 2.4.2 and pptp > > version 1.4.0. > > > > I can use the same computer and boot into Windows XP SP1 and connect to a > > school VPN address, but when I try to do this in linux, the authentication > > fails. Looking at the Windows XP connection details, I know the > > connection type is MS CHAP 128 with MPPE 128 encryption. > > > > I have a few questions, and a pppd log follows: > > > > 1- I enter a username and password in Windows. This name doesn't seem to > > have a windows domain name associated with it. I'm not sure if I need > > to prepend a windows domain to this username when connecting from > > linux. Is there a way to see this domain name? > > > > 2- From the windows settings I'm pretty sure that EAP authentication is > > frowned upon (i.e., using only EAP windows cannot connect to the VPN), > > however in linux, PPTP tries using EAP. If I give the refuse-eap option > > to pppd, then it would immediately stop, saying "client refused > > authetication". > > > > 3- In the log below ``rcvd [CHAP response ... name = "127.0.0.1"]'' is the > > response I get from the server. Does this mean that I need an entry in > > my chap-secrets with the name "127.0.0.1"? > > > > 4- Finally, sorry for the dumb question, but, does "Peer PPTP failed > > authentication," which follows the above rcvd message, mean that I > > rejected the server's credentials, or that the server rejected me? > > > > Thanks in advance for any insights. Here's my pppd log from a recent > > failure: > > > > Feb 4 18:33:30 linux pptp[10452]: anon log[main:pptp.c:237]: The > > synchronous pptp option is NOT activated Feb 4 18:33:30 linux pptp[10455]: > > anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent control packet type is 1 > > 'Start-Control-Connection-Request' Feb 4 18:33:30 linux pptp[10455]: anon > > log[ctrlp_disp:pptp_ctrl.c:714]: Received Start Control Connection Reply > > Feb 4 18:33:30 linux pptp[10455]: anon log[ctrlp_disp:pptp_ctrl.c:748]: > > Client connection established. Feb 4 18:33:31 linux pptp[10455]: anon > > log[ctrlp_rep:pptp_ctrl.c:243]: Sent control packet type is 7 > > 'Outgoing-Call-Request' Feb 4 18:33:31 linux pptp[10455]: anon > > log[ctrlp_disp:pptp_ctrl.c:834]: Received Outgoing Call Reply. Feb 4 > > 18:33:31 linux pptp[10455]: anon log[ctrlp_disp:pptp_ctrl.c:873]: Outgoing > > call established (call ID 0, peer's call ID 44). Feb 4 18:33:31 linux > > pppd[10452]: pppd options in effect: > > Feb 4 18:33:31 linux pppd[10452]: debug # (from > > /etc/ppp/options.pptp) Feb 4 18:33:31 linux pppd[10452]: nodetach > > # (from /etc/ppp/options) Feb 4 18:33:31 linux pppd[10452]: idle 600 > > # (from /etc/ppp/options) Feb 4 18:33:31 linux pppd[10452]: logfd > > 0 # (from /etc/ppp/options.pptp) Feb 4 18:33:31 linux > > pppd[10452]: dump # (from /etc/ppp/options.pptp) Feb 4 18:33:31 > > linux pppd[10452]: active-filter xxx # [don't know how to print value] > > # (from /etc/ppp/filters) Feb 4 18:33:31 linux pppd[10452]: > > require-mschap-v2 # (from /etc/ppp/options.pptp) Feb 4 18:33:31 > > linux pppd[10452]: name EmoryU\\cgunay # (from > > /etc/ppp/peers/EmoryU) Feb 4 18:33:31 linux pppd[10452]: remotename PPTP > > # (from /etc/ppp/peers/EmoryU) Feb 4 18:33:31 linux > > pppd[10452]: /dev/pts/80 # (from command line) Feb 4 18:33:31 > > linux pppd[10452]: 38400 # (from command line) Feb 4 > > 18:33:31 linux pppd[10452]: lock # (from /etc/ppp/options.pptp) Feb > > 4 18:33:31 linux pppd[10452]: crtscts # (from > > /etc/ppp/options) Feb 4 18:33:31 linux pppd[10452]: modem # > > (from /etc/ppp/options) Feb 4 18:33:31 linux pppd[10452]: asyncmap 0 > > # (from /etc/ppp/options) Feb 4 18:33:31 linux pppd[10452]: mru 1000 > > # (from /etc/ppp/options.pptp) Feb 4 18:33:31 linux pppd[10452]: > > mtu 1000 # (from /etc/ppp/options.pptp) Feb 4 18:33:31 linux > > pppd[10452]: lcp-echo-failure 10 # (from /etc/ppp/options.pptp) > > Feb 4 18:33:31 linux pppd[10452]: lcp-echo-interval 10 # (from > > /etc/ppp/options.pptp) Feb 4 18:33:31 linux pppd[10452]: lcp-restart 2 > > # (from /etc/ppp/options) Feb 4 18:33:31 linux pppd[10452]: > > lcp-max-configure 60 # (from /etc/ppp/options) Feb 4 18:33:31 > > linux pppd[10452]: noipdefault # (from /etc/ppp/options) Feb 4 > > 18:33:31 linux pppd[10452]: nobsdcomp # (from > > /etc/ppp/options.pptp) Feb 4 18:33:31 linux pppd[10452]: nodeflate > > # (from /etc/ppp/options.pptp) Feb 4 18:33:31 linux pppd[10452]: > > require-mppe # (from /etc/ppp/options.pptp) Feb 4 18:33:31 linux > > pppd[10452]: noipx # (from /etc/ppp/options) Feb 4 18:33:31 > > linux pppd[10452]: eap-timeout 30 # (from > > /etc/ppp/options.pptp) Feb 4 18:33:31 linux pppd[10452]: pppd 2.4.2 > > started by root, uid 0 Feb 4 18:33:31 linux pppd[10452]: using channel 26 > > Feb 4 18:33:31 linux pppd[10452]: Using interface ppp0 > > Feb 4 18:33:31 linux pppd[10452]: Connect: ppp0 <--> /dev/pts/80 > > Feb 4 18:33:31 linux pppd[10452]: sent [LCP ConfReq id=0x1 <mru 1000> > > <asyncmap 0x0> <auth chap MS-v2> <magic 0xff55da2e> <pcomp> <accomp > > > > >] > > > > Feb 4 18:33:33 linux pppd[10452]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> > > <auth eap> <magic 0xce6afcd7> <pcomp> <accomp>] Feb 4 18:33:33 linux > > pppd[10452]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth eap> <magic > > 0xce6afcd7> <pcomp> <accomp>] Feb 4 18:33:33 linux pppd[10452]: rcvd [LCP > > ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <auth chap MS-v2> <magic > > 0xff55da2e> <pcomp> <accomp > > > > >] > > > > Feb 4 18:33:33 linux pppd[10452]: sent [LCP EchoReq id=0x0 > > magic=0xff55da2e] Feb 4 18:33:33 linux pppd[10452]: sent [CHAP Challenge > > id=0x28 <9b81cd098380e3e0460baa02c3ed4813>, name = "EmoryU\\cgunay"] Feb 4 > > 18:33:33 linux pppd[10452]: rcvd [EAP Request id=0x46 Identity <Message > > "Name">] Feb 4 18:33:33 linux pppd[10452]: EAP: Identity prompt "Name" > > Feb 4 18:33:33 linux pppd[10452]: sent [EAP Response id=0x46 Identity > > <Name "EmoryU\\cgunay">] Feb 4 18:33:33 linux pppd[10452]: rcvd [LCP > > EchoRep id=0x0 magic=0xce6afcd7] Feb 4 18:33:33 linux pppd[10452]: rcvd > > [CHAP Response id=0x28 > > <11dc0d753e1e71d1f70041070f80af16000000000000000085b9a2b50930340645bccd62fb > > 60a76eafb867e7accbd8cb00>, name = "127.0.0.1"] > > Feb 4 18:33:33 linux pppd[10452]: Peer PPTP failed CHAP authentication > > Feb 4 18:33:33 linux pppd[10452]: sent [CHAP Failure id=0x28 "E=691 R=1 > > C=9b81cd098380e3e0460baa02c3ed4813 V=0 M=Access denied"] Feb 4 18:33:33 > > linux pppd[10452]: sent [LCP TermReq id=0x2 "Authentication failed"] Feb 4 > > 18:33:35 linux pppd[10452]: sent [LCP TermReq id=0x3 "Authentication > > failed"] Feb 4 18:33:37 linux pppd[10452]: Terminating on signal 2. > > Feb 4 18:33:37 linux pptp[10455]: anon > > log[callmgr_main:pptp_callmgr.c:249]: Closing connection Feb 4 18:33:37 > > linux pptp[10455]: anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent control packet > > type is 12 'Call-Clear-Request' Feb 4 18:33:37 linux pppd[10452]: > > Terminating on signal 15. > > Feb 4 18:33:37 linux pptp[10455]: anon log[ctrlp_disp:pptp_ctrl.c:905]: > > Call disconnect notification received (call id 44) Feb 4 18:33:37 linux > > pppd[10452]: Connection terminated. > > Feb 4 18:33:38 linux pppd[10452]: Exit. > > Feb 4 18:33:38 linux pptp[10473]: anon warn[decaps_hdlc:pptp_gre.c:196]: > > short read (-1): Input/output error Feb 4 18:33:38 linux pptp[10473]: anon > > warn[decaps_hdlc:pptp_gre.c:197]: pppd may have shutdown, see pppd log Feb > > 4 18:33:39 linux pptp[10455]: anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent > > control packet type is 12 'Call-Clear-Request' Feb 4 18:33:39 linux > > pptp[10455]: anon log[pptp_conn_close:pptp_ctrl.c:425]: Closing PPTP > > connection Feb 4 18:33:39 linux pptp[10455]: anon > > log[ctrlp_rep:pptp_ctrl.c:243]: Sent control packet type is 3 > > 'Stop-Control-Connection-Request' Feb 4 18:33:39 linux pptp[10455]: anon > > log[ctrlp_disp:pptp_ctrl.c:775]: Received Stop Control Connection Reqply. > > Feb 4 18:33:39 linux pptp[10455]: anon > > log[call_callback:pptp_callmgr.c:77]: Closing connection > > > > > > Cengiz Gunay > > -- > > Michael L. Wright > System Administrator, Vashti.Net & MRServer, Inc. > Email: MichaelW@Vashti.Net > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > pptpclient-devel mailing list > ppt...@li... > https://lists.sourceforge.net/lists/listinfo/pptpclient-devel > Cengiz Gunay -- cg...@em... cen...@us... cen...@ya... Lab: +1-404-727-4103 Home/Cell: +1-337-255-3660 http://www.cacs.louisiana.edu/~cxg9789 ICQ# 21104923, cen...@ja... -- |