Re: [pptp-devel] VPN PPTP connection error

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Depends on what you mean by simple, I guess.

You could change chap_ms.c to do it, recompile pppd, and reinstall it.

But if you don't find out why and where the prefix is inserted,
there's a chance it may come back while transferring data.

Potentially exciting and interesting.

On Wed, Dec 27, 2017 at 01:14:30PM +1100, Jake He wrote:
> Hi James
> 
> Is there a simple way to remove the "\001" prefix? I am not sure how to use
> tcpdump to capture the GRE packets.
> 
> Jake He
> 
> On 27 December 2017 at 13:03, James Cameron <[1]qu...@la...> wrote:
> 
>     On Sun, Dec 24, 2017 at 11:25:40PM +1100, * wrote:
>     > Hi,
>     >
>     > I am trying to connect to work's VPN on PPTP. My work uses Draytek VPN. I
>     am
>     > using macOS High Sierra pppd version 2.4.2
> 
>     Wow, why so old?  More recent pppd is available.
>    
>     > I think VPN server accepts my username and password. But I get MS-CHAPv2
>     > Success packet is badly formed.
>     >
>     > I don't understand what is happening.
> 
>     [2]https://github.com/paulusmack/ppp/blob/84684243d651f55f6df69d2a6707b5
>     2fbbe62bb9/pppd/chap_ms.c#L411
>     is the source code that reports the error.
>    
>     > Thu Dec 21 08:40:39 2017 : rcvd [CHAP Challenge id=0x1 <
>     3b1b5105149215be4074824c50c16eeb>, name = "Draytek"]
>     > Thu Dec 21 08:40:39 2017 : sent [CHAP Response id=0x1 <
>     fe5aad17a54a55819832957268cef98500000000000000004c3a2b98f53b
>     abccb4d02e7608d88cbd9693cae7023ebe1600>, name = "workdomain\\myusername"]
>     > Thu Dec 21 08:40:39 2017 : rcvd [CHAP Success id=0x1 "\001S=
>     6FD1D958714C524CB910F77CA4A7D9803AFE5518"]
>     > Thu Dec 21 08:40:39 2017 : MS-CHAPv2 Success packet is badly formed.
> 
>     pppd has correctly refused the packet, as it doesn't start with "S=",
>     instead it has a prefix "\001".
> 
>     At this point in the negotiation, GRE packets are being exchanged
>     between the server and the client, and pptp is re-encapsulating the
>     data for pppd.
> 
>     You might use tcpdump or wireshark to look at the GRE stream at both
>     the server and the client to find the origin of the prefix.
> 
>     My guess is an intervening NAT implementation with bugs.  NAT causes
>     such problem for PPTP.
>    
>     --
>     James Cameron
>     [3]http://quozl.netrek.org/
> 
> References:
> 
> [1] mailto:qu...@la...
> [2] https://github.com/paulusmack/ppp/blob/84684243d651f55f6df69d2a6707b52fbbe62bb9/pppd/chap_ms.c#L411
> [3] http://quozl.netrek.org/

-- 
James Cameron
http://quozl.netrek.org/