Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 May 2002 16:45:57 -0700
From:      Matthew Braithwaite <matt@braithwaite.net>
To:        Archie Cobbs <archie@dellroad.org>
Cc:        Matthew Braithwaite <matt@braithwaite.net>, dgilbert@velocet.ca, freebsd-net@FreeBSD.ORG
Subject:   Re: mpd-netgraph problem.
Message-ID:  <20020509164557.A28528@dogberry.braithwaite.net>
In-Reply-To: <200205092251.g49Mp9C04122@arch20m.dellroad.org>; from archie@dellroad.org on Thu, May 09, 2002 at 03:51:09PM -0700
References:  <86k7qd553q.fsf@limekiller.braithwaite.net> <200205092251.g49Mp9C04122@arch20m.dellroad.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, May 09, 2002 at 03:51:09PM -0700, Archie Cobbs wrote:
> 
> So that's screwey if you're doing MPPE encryption because which
> authentication do you use to generate the MPPE keys?? Apparently
> we are using the wrong one. In any case, we can't use the first
> one because we'd need the yes/no response to generate MPPE keys
> from CHAP MSOFTv2 authentication.

Let me see if I understand: a key used in CHAP authentication is also
used for MPPE.  However, I authenticate twice, once using CHAP MSOFTv2
and once using CHAP MSOFTv2 -- and you think mpd is choosing the MPPE
key from the wrong one of these two authentications?

Is there a way to fix this in mpd?  According to the manual you *have*
to use CHAP MSOFTv2 to use MPPE, so I'd think it'd be okay to
categorically ignore -- for MPPE purposes -- any key obtained through
a CHAP MSOFTv1 authentication.

Can I force mpd to speak *only* CHAP MSOFTv2?  I don't find any such
option in the manual, unfortunately.

> And why is it authenticating you twice in the first place?

I don't know.  Any suggestions on how I can perturb this behavior?
I couldn't find any likely candidates in the manual.

I could also go ask the guys who run the VPN server, but I'm unlikely
to get a useful response, since It Works With Windows.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020509164557.A28528>