Date: Tue, 10 Oct 2000 17:07:58 +1100 From: "Andrew Reilly" <areilly@bigpond.net.au> To: Archie Cobbs <archie@whistle.com> Cc: freebsd-net@freebsd.org Subject: Re: mpd-netgraph port vs Windows-2000 PPTP vpn Message-ID: <20001010170757.A1428@gurney.reilly.home> In-Reply-To: <200007181745.KAA55411@bubba.whistle.com>; from archie@whistle.com on Tue, Jul 18, 2000 at 10:45:59AM -0700 References: <20000718231031.A16524@gurney.reilly.home> <200007181745.KAA55411@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 18, 2000 at 10:45:59AM -0700, Archie Cobbs wrote:
> Andrew Reilly writes:
> > mpd: [vpn] LCP: auth: peer wants CHAP, I want CHAP
> > mpd: [vpn] CHAP: sending CHALLENGE
> > mpd: [vpn] LCP: LayerUp
> > mpd: pptp0: CID 0xa525 in SetLinkInfo not found
> > mpd: [vpn] CHAP: rec'd CHALLENGE #0
> > mpd: Name: "FIREWALL"
> > mpd: Using authname "andrew"
> > mpd: [vpn] CHAP: sending RESPONSE
> > mpd: [vpn] CHAP: rec'd FAILURE #0
> > mpd: [vpn] LCP: authorization failed
>
> This is a bit weird.. the remote side claims to support CHAP MD5
> but either doesn't really, or your password is wrong. But even
> if this were fixed, you need MS-CHAP to do MPPE encryption, so
> that would still be a problem.
>
> Just for fun, try the patch below and see if you get any further.
> ===================================================================
> RCS file: /cvs/mod/whistle/ia/daemon/mpd/lcp.c,v
> retrieving revision 1.12.2.18
> diff -u -r1.12.2.18 lcp.c
> --- lcp.c 2000/05/08 20:33:34 1.12.2.18
> +++ lcp.c 2000/07/18 17:43:22
> @@ -736,7 +736,11 @@
> case TY_AUTHPROTO: /* authentication protocol */
> {
> static const u_char chapcf[] =
> +#ifdef MICROSOFT_CHAP
> + { PROTO_CHAP >> 8, PROTO_CHAP & 0xff, CHAP_ALG_MSOFT };
> +#else
> { PROTO_CHAP >> 8, PROTO_CHAP & 0xff, CHAP_ALG_MD5 };
> +#endif
> static const struct fsmoption chapNak =
> { TY_AUTHPROTO, 2 + sizeof(chapcf), (u_char *) chapcf };
> static const u_char papcf[] =
I've just upgraded to mpd-netgraph-3.1, and that patch still
seems to be required for authentication against the office's
Windows{NT,2000} PPTP server.
Any chance of this making it into the distribution? Or is this
indicative that there is still something horribly wrong with my
setup?
Oh: the define MICROSOFT_CHAP is also necessary, but isn't
mentioned in the ports/net/mpd-netgraph/Makefile. It is
described in work/mpd-3.1/doc/mpd8.html, but by then it's too
late for a straight make install.
Should this be a send-pr?
--
Andrew
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001010170757.A1428>