Date: Thu, 9 May 2002 15:51:09 -0700 (PDT) From: Archie Cobbs <archie@dellroad.org> To: Matthew Braithwaite <matt@braithwaite.net> Cc: dgilbert@velocet.ca, freebsd-net@FreeBSD.ORG Subject: Re: mpd-netgraph problem. Message-ID: <200205092251.g49Mp9C04122@arch20m.dellroad.org> In-Reply-To: <86k7qd553q.fsf@limekiller.braithwaite.net> "from Matthew Braithwaite at May 9, 2002 03:27:53 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
[ note: removing -stable from the CC: list ] Matthew Braithwaite writes: > [vpn] LCP: rec'd Configure Request #250 link 0 (Ack-Rcvd) > MRU 1500 > ACCMAP 0x000a0000 > AUTHPROTO CHAP MSOFTv2 > MAGICNUM 43a911e1 > PROTOCOMP > ACFCOMP > [vpn] LCP: SendConfigAck #250 > MRU 1500 > ACCMAP 0x000a0000 > AUTHPROTO CHAP MSOFTv2 > MAGICNUM 43a911e1 > PROTOCOMP > ACFCOMP > [vpn] LCP: state change Ack-Rcvd --> Opened > [vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE > [vpn] LCP: auth: peer wants CHAP, I want nothing > [vpn] LCP: LayerUp > [vpn] CHAP: rec'd CHALLENGE #173 > Name: "10.16.97.5" > Using authname "XXX" > [vpn] CHAP: sending RESPONSE > [vpn] LCP: rec'd Configure Request #172 link 0 (Opened) > MRU 1500 > ACCMAP 0x000a0000 > AUTHPROTO CHAP MSOFT > MAGICNUM 3ce7fe6d > PROTOCOMP > ACFCOMP > [vpn] LCP: LayerDown There is the problem... the machine you are talking to first asks you to authenticate via CHAP MSOFTv2, and then immediately after that asks you to authenticate via CHAP MSOFTv1. You don't even get a yes/no from the first authentication response. So that's screwey if you're doing MPPE encryption because which authentication do you use to generate the MPPE keys?? Apparently we are using the wrong one. In any case, we can't use the first one because we'd need the yes/no response to generate MPPE keys from CHAP MSOFTv2 authentication. And why is it authenticating you twice in the first place? -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205092251.g49Mp9C04122>