Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 2 May 2002 17:33:35 -0400 (EDT)
From:      Thomas David Rivers <rivers@dignus.com>
To:        archie@dellroad.org, tlambert2@mindspring.com
Cc:        freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, K.J.Koster@kpn.com, rivers@dignus.com
Subject:   Re: Anyone using pptp?
Message-ID:  <200205022133.g42LXZE51368@lakes.dignus.com>
In-Reply-To: <3CD1AD80.DFCC100F@mindspring.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Terry Lambert <tlambert2@mindspring.com> wrote:
> 
> Archie Cobbs wrote:
> > Thomas David Rivers writes:
> > >   If I add
> > >       enable MSChapV2
> > >   in /etc/ppp/ppp.conf - then our ppp client requires that the
> > >   peer (the Microsoft VPN server) authenticate using MSChapV2.  But,
> > >   the Microsoft VPN peer refuses that (it's configured to not use
> > >   MSChapV2.
> > 
> > Don't you want something like "allow MSChapV2" and "disable MSChapV2" ?
> 
> The MS PAP/CHAP stuff never made it to RFC because of the
> protocol layering violations.
> 
> I think the problem T.D.R. is seeing are a result of not
> having some covert channel, which is *not* MSChapV2, to get
> a session key for the VPN session.
> 
> I guess we need to see a packet trace for a Windows machine
> being successful, and a FreeBSD machine being unsuccessful,
> in order to run a side-by-side comparison.

 Believe me!  I've asked for such a thingy...  apparently, 
 the "magic software" needed to do a packet trace on Windows
 isn't installed on the server.

	- Dave Rivers -

--
rivers@dignus.com                        Work: (919) 676-0847
Get your mainframe programming tools at http://www.dignus.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205022133.g42LXZE51368>