Menu
▾
▴
Re: [pptp-devel] VPN PPTP connection error
|
From: James C. <qu...@la...> - 2017-12-27 02:21:22
|
On Sun, Dec 24, 2017 at 11:25:40PM +1100, * wrote: > Hi, > > I am trying to connect to work's VPN on PPTP. My work uses Draytek VPN. I am > using macOS High Sierra pppd version 2.4.2 Wow, why so old? More recent pppd is available. > I think VPN server accepts my username and password. But I get MS-CHAPv2 > Success packet is badly formed. > > I don't understand what is happening. https://github.com/paulusmack/ppp/blob/84684243d651f55f6df69d2a6707b52fbbe62bb9/pppd/chap_ms.c#L411 is the source code that reports the error. > Thu Dec 21 08:40:39 2017 : rcvd [CHAP Challenge id=0x1 <3b1b5105149215be4074824c50c16eeb>, name = "Draytek"] > Thu Dec 21 08:40:39 2017 : sent [CHAP Response id=0x1 <fe5aad17a54a55819832957268cef98500000000000000004c3a2b98f53babccb4d02e7608d88cbd9693cae7023ebe1600>, name = "workdomain\\myusername"] > Thu Dec 21 08:40:39 2017 : rcvd [CHAP Success id=0x1 "\001S=6FD1D958714C524CB910F77CA4A7D9803AFE5518"] > Thu Dec 21 08:40:39 2017 : MS-CHAPv2 Success packet is badly formed. pppd has correctly refused the packet, as it doesn't start with "S=", instead it has a prefix "\001". At this point in the negotiation, GRE packets are being exchanged between the server and the client, and pptp is re-encapsulating the data for pppd. You might use tcpdump or wireshark to look at the GRE stream at both the server and the client to find the origin of the prefix. My guess is an intervening NAT implementation with bugs. NAT causes such problem for PPTP. -- James Cameron http://quozl.netrek.org/ |
