From owner-freebsd-net Wed Nov 15 5:45: 7 2000 Delivered-To: freebsd-net@freebsd.org Received: from center.mshindo.net (center.mshindo.net [210.231.221.221]) by hub.freebsd.org (Postfix) with ESMTP id 1FF1537B4C5 for ; Wed, 15 Nov 2000 05:45:04 -0800 (PST) Received: from localhost (IDENT:mshindo@016.cosine.nttpc.gr.jp [202.229.42.16] (may be forged)) by center.mshindo.net (8.9.3/3.7W/00041811) with ESMTP id XAA75435; Wed, 15 Nov 2000 23:01:11 +0900 (JST) Date: Wed, 15 Nov 2000 22:45:51 +0900 (JST) Message-Id: <20001115.224551.59462131.mshindo@mshindo.net> To: freebsd-net@freebsd.org Cc: KuriyaKK@cpf.navy.mil, Jos Backus Subject: Re: Question regarding 'pptpclient' From: Motonori Shindo In-Reply-To: <20001019.182543.74756319.mshindo@mshindo.net> References: <20001019.182543.74756319.mshindo@mshindo.net> X-Mailer: Mew version 1.95b76 on Emacs 20.7 / Mule 4.0 (HANANOEN) X-PGP-fingerprint: 06 B0 B1 A4 06 C1 6A 14 63 C0 D7 18 01 CD D9 83 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Folks, From: Motonori Shindo Subject: Re: Question regarding 'pptpclient' Date: Thu, 19 Oct 2000 18:25:43 +0900 (JST) Message-ID: <20001019.182543.74756319.mshindo@mshindo.net> > Kuriyama-san, > > From: "Kuriyama, Kent K Mr (CPF N651KK)" > Subject: Question regarding 'pptpclient' > Date: Wed, 18 Oct 2000 22:28:34 -1000 > > > I'm trying to establish a PPTP connection between our FreeBSD 4.1.1-STABLE > > box and an NT4.0 RAS. I have loaded the pptpclient from the packages > > collection but when I attempt to connect I get the message: > > > > "CHAP 0x81 not supported" > > > > What does this message mean and is there a work around? Thanks. > > CHAP 0x81 is MS-CHAPv2. I'm not using the package version of pptp, > instead, I'm using pptp-linux-1.0.2 slightly modified by myself a > while back. It's working with NT4.0 RAS. Some folks asked me how I made pptp-linux-1.0.2 to work under FreeBSD, so here it goes. (sorry this response is so delayed. I had so many other things to do these days...) What I did for pptp-linux-1.0.2 was basically the same as the patches /usr/ports/net/pptpclient/patches/patch-a[a-f]. I just had to do it myself because there was no "ports" for pptp-linux-1.0.2 when I needed it:-) People using packages/ports version don't have to worry about a couple of bugs in original pptp-linux-1.0.2 (notably one where pptp_gre_call_id is falsely set). Depending on what you're using as a PNS, you may still encounter some problems. What I had when I used NT 4.0 as a PNS was a CHAP authentication issue. In LCP negotiation, initially, NT 4.0 requests pptpclient to use EAP but pptpclient reject it (since it doesn't support it) and suggest to use CHAP-MD5 instead. NT accepts CHAP-MD5, and hence pptpclient calculate CHAP Challenge-Response by CHAP-MD5 algorithm. However, NT is, in fact, expecting MS-CHAP!! So, NT responds with CHAP Auth-Failure!! NT should NOT accept CHAP-MD5 in this case but it does.... Sigh. To alliviate this problem, I had to modify pppd so that it offers MS-CHAPv1 instead of CHAP-MD5 first when there's no auth algorithm that it can agree upon. Here's a small patch for it: *** lcp.c.org Wed Nov 15 13:21:47 2000 --- lcp.c Wed Nov 15 13:24:33 2000 *************** *** 1403,1409 **** if (ao->neg_chap) { PUTCHAR(CILEN_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp); ! PUTCHAR(ao->chap_mdtype, nakp); } else { PUTCHAR(CILEN_SHORT, nakp); PUTSHORT(PPP_PAP, nakp); --- 1403,1410 ---- if (ao->neg_chap) { PUTCHAR(CILEN_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp); ! /* PUTCHAR(ao->chap_mdtype, nakp); */ ! PUTCHAR(CHAP_MICROSOFT, nakp); /* added by mshindo */ } else { PUTCHAR(CILEN_SHORT, nakp); PUTSHORT(PPP_PAP, nakp); I hope this helps. Regards, =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--= +----+----+ |.. .| | Motonori Shindo |_~__| | | .. |~~_~| Sr. Systems Engineer | . | | CoSine Communications Inc. +----+----+ C o S i n e e-mail: mshindo@cosinecom.com Communications =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message