Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 May 2002 15:51:09 -0700 (PDT)
From:      Archie Cobbs <archie@dellroad.org>
To:        Matthew Braithwaite <matt@braithwaite.net>
Cc:        dgilbert@velocet.ca, freebsd-net@FreeBSD.ORG
Subject:   Re: mpd-netgraph problem.
Message-ID:  <200205092251.g49Mp9C04122@arch20m.dellroad.org>
In-Reply-To: <86k7qd553q.fsf@limekiller.braithwaite.net> "from Matthew Braithwaite at May 9, 2002 03:27:53 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 

[ note: removing -stable from the CC: list ]

Matthew Braithwaite writes:
> [vpn] LCP: rec'd Configure Request #250 link 0 (Ack-Rcvd)
>  MRU 1500
>  ACCMAP 0x000a0000
>  AUTHPROTO CHAP MSOFTv2
>  MAGICNUM 43a911e1
>  PROTOCOMP
>  ACFCOMP
> [vpn] LCP: SendConfigAck #250
>  MRU 1500
>  ACCMAP 0x000a0000
>  AUTHPROTO CHAP MSOFTv2
>  MAGICNUM 43a911e1
>  PROTOCOMP
>  ACFCOMP
> [vpn] LCP: state change Ack-Rcvd --> Opened
> [vpn] LCP: phase shift ESTABLISH --> AUTHENTICATE
> [vpn] LCP: auth: peer wants CHAP, I want nothing
> [vpn] LCP: LayerUp
> [vpn] CHAP: rec'd CHALLENGE #173
>  Name: "10.16.97.5"
>  Using authname "XXX"
> [vpn] CHAP: sending RESPONSE
> [vpn] LCP: rec'd Configure Request #172 link 0 (Opened)
>  MRU 1500
>  ACCMAP 0x000a0000
>  AUTHPROTO CHAP MSOFT
>  MAGICNUM 3ce7fe6d
>  PROTOCOMP
>  ACFCOMP
> [vpn] LCP: LayerDown

There is the problem... the machine you are talking to first
asks you to authenticate via CHAP MSOFTv2, and then immediately
after that asks you to authenticate via CHAP MSOFTv1. You don't
even get a yes/no from the first authentication response.

So that's screwey if you're doing MPPE encryption because which
authentication do you use to generate the MPPE keys?? Apparently
we are using the wrong one. In any case, we can't use the first
one because we'd need the yes/no response to generate MPPE keys
from CHAP MSOFTv2 authentication.

And why is it authenticating you twice in the first place?

-Archie

__________________________________________________________________________
Archie Cobbs     *     Packet Design     *     http://www.packetdesign.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205092251.g49Mp9C04122>