From owner-freebsd-questions@FreeBSD.ORG Fri Nov 10 12:46:00 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B71316A412 for ; Fri, 10 Nov 2006 12:46:00 +0000 (UTC) (envelope-from sebster@sebster.com) Received: from smtp.profdata.nl (server.profdata.nl [213.196.2.244]) by mx1.FreeBSD.org (Postfix) with SMTP id F24E043D73 for ; Fri, 10 Nov 2006 12:45:59 +0000 (GMT) (envelope-from sebster@sebster.com) Received: (qmail 10342 invoked from network); 10 Nov 2006 12:45:59 -0000 Received: from unknown (HELO piglet.sebster.com) (85.147.225.232) by server.profdata.nl with SMTP; 10 Nov 2006 12:45:58 -0000 Received: (qmail 39365 invoked from network); 10 Nov 2006 12:46:51 -0000 Received: from unknown (HELO ?192.168.1.6?) (192.168.1.6) by 10.0.0.1 with SMTP; 10 Nov 2006 12:46:51 -0000 Message-ID: <45547488.6000108@sebster.com> Date: Fri, 10 Nov 2006 13:46:00 +0100 From: Sebastiaan van Erk User-Agent: Thunderbird 1.5.0.7 (X11/20060918) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4553BEAD.70906@sebster.com> In-Reply-To: <4553BEAD.70906@sebster.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Problem setting up PPTP server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Nov 2006 12:46:00 -0000 Hi, I solved the problem, and I'll post the resolution for reference purposes. There were two configuration issues: 1) To enable MPPE encryption the encryption option on the bundle should be DISABLED, since MPPE lives in the compression layer and not the encryption layer; thus by commenting the "set bundle enable encryption" and "set bundle enable crypt-reqd" lines, this problem was solved. 2) Since the client (a linux ppp client) had the option "require-mppe-128" enabled, the server got a config request for 128 bit MPPE stateless, but then rejected it. The reason for this was the "set ccp enable mppc" line, which should have read "set ccp yes mppc" since otherwise the accept flag is disabled. Finally, I have not found a way to force MPPE encryption on the *server* side. There seems to be no equivalent to "require-mppe-128" or "set bundle enable comp-reqd" or something like that in mpd. Does anybody know a way to require MPPE in mpd? Regards, Sebastiaan Sebastiaan van Erk wrote: > Hi, > > I'm trying to set up mpd (3.18) on a FreeBSD server to allow windows and > linux clients to connect. Currently I've only been trying to make the > linux connection succeed (Ubuntu with ppp-2.4.4), but I get the > following output from linux pppd: > > CHAP authentication succeeded > sent [CCP ConfReq id=0x1 ] > rcvd [IPCP ConfReq id=0x1 ] > sent [IPCP TermAck id=0x1] > rcvd [CCP ConfReq id=0x1 ] > sent [CCP ConfAck id=0x1 ] > rcvd [CCP ConfRej id=0x1 ] > MPPE required but peer refused > sent [LCP TermReq id=0x2 "MPPE required but peer refused"] > rcvd [LCP TermAck id=0x4] > Connection terminated. > > I don't understand why the linux client sends a TermAck on IPCP without > getting a TermReq first, but apart from that mpd seems to be failing to > negotiate MPPE even though I configured both the linux client and mpd to > allow ONLY mppe-128, i.e., in my mpd.conf I have the following: > > # Microsoft Point to Point Encryption > set bundle enable compression > set ccp enable mppc > set ccp enable mpp-e128 > set ccp yes mpp-stateless > set ccp no mpp-e40 > > The linux client is requesting exactly that: MPPE 128 bit stateless as > can been seen from the mpd log: > > [pptp0] CCP: rec'd Configure Request #1 link 0 (Req-Sent) > MPPC > 0x01000040: MPPE, 128 bit, stateless > > Am I doing something obviously wrong? Does anybody know how to fix this > problem? Any advice is welcome! > > Thanks in advance, > Sebastiaan > > P.S.: I have attached the mpd.conf, mpd.links, mpd.log and ppp.log files > for completeness. > > > ------------------------------------------------------------------------ > > startup: > > default: > load client0 > > client0: > new -i ng0 pptp0 pptp > set ipcp ranges 10.0.0.1/32 10.0.0.128/32 > load pptp_common > > pptp_common: > set iface disable on-demand > set iface enable proxy-arp > set iface idle 0 > set iface enable tcpmssfix > set link yes acfcomp protocomp > set link disable pap > set link enable chap > set link no chap-md5 > set link mtu 1460 > set link keep-alive 10 60 > set ipcp dns 192.168.1.10 192.168.1.1 > set ipcp nbns 10.0.0.1 > > # Microsoft Point to Point Encryption > set bundle enable compression > set ccp enable mppc > set ccp enable mpp-e128 > set ccp yes mpp-stateless > set ccp no mpp-e40 > > # Require encryption or drop connection > set bundle enable encryption > set bundle enable crypt-reqd > > > > ------------------------------------------------------------------------ > > pptp: > set link type pptp > set pptp self 192.168.1.10 > set pptp enable incoming > set pptp disable originate > > > > ------------------------------------------------------------------------ > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"