From owner-freebsd-net  Tue Sep 25 11: 9:33 2001
Delivered-To: freebsd-net@freebsd.org
Received: from wall.polstra.com (wall-gw.polstra.com [206.213.73.130])
	by hub.freebsd.org (Postfix) with ESMTP id 8DE0937B410
	for <net@freebsd.org>; Tue, 25 Sep 2001 11:09:30 -0700 (PDT)
Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13])
	by wall.polstra.com (8.11.3/8.11.3) with ESMTP id f8PI9S806663;
	Tue, 25 Sep 2001 11:09:28 -0700 (PDT)
	(envelope-from jdp@wall.polstra.com)
Received: (from jdp@localhost)
	by vashon.polstra.com (8.11.6/8.11.0) id f8PI9Rl19337;
	Tue, 25 Sep 2001 11:09:27 -0700 (PDT)
	(envelope-from jdp)
Date: Tue, 25 Sep 2001 11:09:27 -0700 (PDT)
Message-Id: <200109251809.f8PI9Rl19337@vashon.polstra.com>
To: net@freebsd.org
From: John Polstra <jdp@polstra.com>
Cc: larse@ISI.EDU
Subject: Re: Solution (RE: VPN client with mpd)
In-Reply-To: <PCELJJEJJMODEMKEBLLBIEDHCAAA.larse@isi.edu>
References: <PCELJJEJJMODEMKEBLLBIEDHCAAA.larse@isi.edu>
Organization: Polstra & Co., Seattle, WA
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

In article <PCELJJEJJMODEMKEBLLBIEDHCAAA.larse@isi.edu>,
Lars Eggert <larse@ISI.EDU> wrote:
> 
> Thanks to Archie and Brian, I now have a working PPTP tunnel up. Here's
> what I changed from the example vpn configuration included in the mpd
> package in /usr/local/etc/mpd/mpd.conf, I thought I'd document this in
> case someone else runs accross the same problem:
[...]
> 4. Change "set link yes chap" to "set link allow chap". Both Archie and
> Brian suggested this; with the change, mpd will allow negotiation with
> remote peers that do not want to CHAP-authenticate themselves (like my
> remote VPN servers, it seems).

The trouble with this is that your password will be sent unencrypted
across the Internet, very possibly hitting a sniffer or two along the
way.  It's better to insist on chap and fix the broken peers.

John
-- 
  John Polstra                                               jdp@polstra.com
  John D. Polstra & Co., Inc.                        Seattle, Washington USA
  "Disappointment is a good sign of basic intelligence."  -- Chögyam Trungpa


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message