Date: Wed, 15 Nov 2000 22:45:51 +0900 (JST) From: Motonori Shindo <mshindo@mshindo.net> To: freebsd-net@freebsd.org Cc: KuriyaKK@cpf.navy.mil, Jos Backus <josb@cncdsl.com> Subject: Re: Question regarding 'pptpclient' Message-ID: <20001115.224551.59462131.mshindo@mshindo.net> In-Reply-To: <20001019.182543.74756319.mshindo@mshindo.net> References: <A567A7C3889FD2119D2600204840388C04469455@uemspricpf3.cpf.navy.mil> <20001019.182543.74756319.mshindo@mshindo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Folks,
From: Motonori Shindo <mshindo@mshindo.net>
Subject: Re: Question regarding 'pptpclient'
Date: Thu, 19 Oct 2000 18:25:43 +0900 (JST)
Message-ID: <20001019.182543.74756319.mshindo@mshindo.net>
> Kuriyama-san,
>
> From: "Kuriyama, Kent K Mr (CPF N651KK)" <KuriyaKK@cpf.navy.mil>
> Subject: Question regarding 'pptpclient'
> Date: Wed, 18 Oct 2000 22:28:34 -1000
>
> > I'm trying to establish a PPTP connection between our FreeBSD 4.1.1-STABLE
> > box and an NT4.0 RAS. I have loaded the pptpclient from the packages
> > collection but when I attempt to connect I get the message:
> >
> > "CHAP 0x81 not supported"
> >
> > What does this message mean and is there a work around? Thanks.
>
> CHAP 0x81 is MS-CHAPv2. I'm not using the package version of pptp,
> instead, I'm using pptp-linux-1.0.2 slightly modified by myself a
> while back. It's working with NT4.0 RAS.
Some folks asked me how I made pptp-linux-1.0.2 to work under FreeBSD,
so here it goes. (sorry this response is so delayed. I had so many
other things to do these days...)
What I did for pptp-linux-1.0.2 was basically the same as the patches
/usr/ports/net/pptpclient/patches/patch-a[a-f]. I just had to do it
myself because there was no "ports" for pptp-linux-1.0.2 when I needed
it:-) People using packages/ports version don't have to worry about a
couple of bugs in original pptp-linux-1.0.2 (notably one where
pptp_gre_call_id is falsely set).
Depending on what you're using as a PNS, you may still encounter some
problems. What I had when I used NT 4.0 as a PNS was a CHAP
authentication issue. In LCP negotiation, initially, NT 4.0 requests
pptpclient to use EAP but pptpclient reject it (since it doesn't
support it) and suggest to use CHAP-MD5 instead. NT accepts CHAP-MD5,
and hence pptpclient calculate CHAP Challenge-Response by CHAP-MD5
algorithm. However, NT is, in fact, expecting MS-CHAP!! So, NT
responds with CHAP Auth-Failure!! NT should NOT accept CHAP-MD5 in
this case but it does.... Sigh.
To alliviate this problem, I had to modify pppd so that it offers
MS-CHAPv1 instead of CHAP-MD5 first when there's no auth algorithm
that it can agree upon. Here's a small patch for it:
*** lcp.c.org Wed Nov 15 13:21:47 2000
--- lcp.c Wed Nov 15 13:24:33 2000
***************
*** 1403,1409 ****
if (ao->neg_chap) {
PUTCHAR(CILEN_CHAP, nakp);
PUTSHORT(PPP_CHAP, nakp);
! PUTCHAR(ao->chap_mdtype, nakp);
} else {
PUTCHAR(CILEN_SHORT, nakp);
PUTSHORT(PPP_PAP, nakp);
--- 1403,1410 ----
if (ao->neg_chap) {
PUTCHAR(CILEN_CHAP, nakp);
PUTSHORT(PPP_CHAP, nakp);
! /* PUTCHAR(ao->chap_mdtype, nakp); */
! PUTCHAR(CHAP_MICROSOFT, nakp); /* added by mshindo */
} else {
PUTCHAR(CILEN_SHORT, nakp);
PUTSHORT(PPP_PAP, nakp);
I hope this helps.
Regards,
=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
+----+----+
|.. .| | Motonori Shindo
|_~__| |
| .. |~~_~| Sr. Systems Engineer
| . | | CoSine Communications Inc.
+----+----+
C o S i n e e-mail: mshindo@cosinecom.com
Communications
=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001115.224551.59462131.mshindo>