Re: [pptp-devel] "Unauthorized remote IP address" error during VPN connection

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sun, Aug 24, 2003 at 12:16:46AM +0200, Fabrice DI MEGLIO wrote:
> sent [IPCP ConfReq id=0x1 <addr 10.0.1.3> <compress VJ 0f 01>]
> rcvd [IPCP ConfReq id=0x1 <addr 172.31.0.3> <compress VJ 0f 01>]
> sent [IPCP ConfAck id=0x1 <addr 172.31.0.3> <compress VJ 0f 01>]
> rcvd [IPCP ConfAck id=0x1 <addr 10.0.1.3> <compress VJ 0f 01>]
> local  IP address 10.0.1.3
> remote IP address 172.31.0.3
> rcvd [IPCP TermReq id=0x2 "Unauthorized remote IP address"]
> IPCP terminated by peer (Unauthorized remote IP address)

(a) your client offers 10.0.1.3 as the IP address to use,

(b) contrary to most other cases I've seen, your server accepts this
address (ConfAck), and *then* says it is unauthorised.

There are three solutions that I propose, choose one;

1. add the "noipdefault" option to PPP for the tunnel.  

"man pppd" says for ipdefault ...  "Disables the default behaviour when
no local IP address is specified, which is to determine (if possible)
the local IP address from the hostname.  With this option, the peer will
have to supply the local IP address during IPCP negotiation (unless it
specified explicitly on the command line or in an options file)."

2. change the server to reject the proposed address using a ConfNak, so
that it behaves like most other servers, (you can see this in action in
the Known Working Log section of the Diagnosis HOWTO on the PPTP client
web site.) 

3. change the server to accept the 10.0.1.3 address.

-- 
James Cameron                         http://quozl.netrek.org/
HP Open Source, Volunteer             http://opensource.hp.com/
PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/