From owner-freebsd-net Mon Oct 9 23: 8:14 2000 Delivered-To: freebsd-net@freebsd.org Received: from sr14.nsw-remote.bigpond.net.au (sr14.nsw-remote.bigpond.net.au [24.192.3.29]) by hub.freebsd.org (Postfix) with ESMTP id 9746737B66D for ; Mon, 9 Oct 2000 23:08:09 -0700 (PDT) Received: from areilly.bpc-users.org (CPE-144-132-245-92.nsw.bigpond.net.au [144.132.245.92]) by sr14.nsw-remote.bigpond.net.au (Pro-8.9.3/8.9.3) with SMTP id RAA11209 for ; Tue, 10 Oct 2000 17:08:01 +1100 (EDT) Received: (qmail 3751 invoked by uid 1000); 10 Oct 2000 06:07:58 -0000 From: "Andrew Reilly" Date: Tue, 10 Oct 2000 17:07:58 +1100 To: Archie Cobbs Cc: freebsd-net@freebsd.org Subject: Re: mpd-netgraph port vs Windows-2000 PPTP vpn Message-ID: <20001010170757.A1428@gurney.reilly.home> References: <20000718231031.A16524@gurney.reilly.home> <200007181745.KAA55411@bubba.whistle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200007181745.KAA55411@bubba.whistle.com>; from archie@whistle.com on Tue, Jul 18, 2000 at 10:45:59AM -0700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jul 18, 2000 at 10:45:59AM -0700, Archie Cobbs wrote: > Andrew Reilly writes: > > mpd: [vpn] LCP: auth: peer wants CHAP, I want CHAP > > mpd: [vpn] CHAP: sending CHALLENGE > > mpd: [vpn] LCP: LayerUp > > mpd: pptp0: CID 0xa525 in SetLinkInfo not found > > mpd: [vpn] CHAP: rec'd CHALLENGE #0 > > mpd: Name: "FIREWALL" > > mpd: Using authname "andrew" > > mpd: [vpn] CHAP: sending RESPONSE > > mpd: [vpn] CHAP: rec'd FAILURE #0 > > mpd: [vpn] LCP: authorization failed > > This is a bit weird.. the remote side claims to support CHAP MD5 > but either doesn't really, or your password is wrong. But even > if this were fixed, you need MS-CHAP to do MPPE encryption, so > that would still be a problem. > > Just for fun, try the patch below and see if you get any further. > =================================================================== > RCS file: /cvs/mod/whistle/ia/daemon/mpd/lcp.c,v > retrieving revision 1.12.2.18 > diff -u -r1.12.2.18 lcp.c > --- lcp.c 2000/05/08 20:33:34 1.12.2.18 > +++ lcp.c 2000/07/18 17:43:22 > @@ -736,7 +736,11 @@ > case TY_AUTHPROTO: /* authentication protocol */ > { > static const u_char chapcf[] = > +#ifdef MICROSOFT_CHAP > + { PROTO_CHAP >> 8, PROTO_CHAP & 0xff, CHAP_ALG_MSOFT }; > +#else > { PROTO_CHAP >> 8, PROTO_CHAP & 0xff, CHAP_ALG_MD5 }; > +#endif > static const struct fsmoption chapNak = > { TY_AUTHPROTO, 2 + sizeof(chapcf), (u_char *) chapcf }; > static const u_char papcf[] = I've just upgraded to mpd-netgraph-3.1, and that patch still seems to be required for authentication against the office's Windows{NT,2000} PPTP server. Any chance of this making it into the distribution? Or is this indicative that there is still something horribly wrong with my setup? Oh: the define MICROSOFT_CHAP is also necessary, but isn't mentioned in the ports/net/mpd-netgraph/Makefile. It is described in work/mpd-3.1/doc/mpd8.html, but by then it's too late for a straight make install. Should this be a send-pr? -- Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message