Date: Fri, 01 Feb 2002 01:51:37 +0000 From: Brian Somers <brian@freebsd-services.com> To: Jon Drukman <jsd@cluttered.com> Cc: freebsd-net@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: pptp + mschap Message-ID: <200202010151.g111pbJ06655@hak.lan.Awfulhak.org> In-Reply-To: Message from Jon Drukman <jsd@cluttered.com> of "Thu, 31 Jan 2002 16:48:56 PST." <4.3.2.7.2.20020131164433.00c62678@10.10.10.1>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
I don't know a great deal about PPTP, but as it happens, I recently
looked for a radius server that'd talk MSCHAPv2 - so that I could teach
ppp to do it.
I couldn't find any support in the ports, and then our [potential]
client backed out, so I never got any further.
If you could find a spec on how to talk MSCHAP & MSCHAPv2 to a radius
server, I'd certainly be happy to add support to ppp. You never know
- the client may come back :*)
Cheers.
> my company recently switched from a nortel vpn system to a radius based
> scheme that is very windows-centric. i had no problems connecting to the
> nortel using pptpclient (from the ports).
>
> now it seems i'm being thrown by ms-chap authentication. i don't really
> know how to set this up. as far as i can see from reading the
> documentation that comes with pptpclient, this should suffice:
>
> cnet:
> set authname cnet\\jdrukman
> set authkey xxxxx
> set timeout 0
> set login
> enable chap
> set log LCP
>
>
> i type "pptp vpn-sf.cnet.com cnet" to initiate the connection. the log
> file shows:
>
> Jan 31 16:19:22 cluttered ppp[32201]: Phase: Using interface: tun0
> Jan 31 16:19:22 cluttered ppp[32201]: Phase: deflink: Created in closed state
> Jan 31 16:19:23 cluttered ppp[32201]: LCP: FSM: Using "deflink" as a transport
> Jan 31 16:19:23 cluttered ppp[32201]: LCP: deflink: State change Initial
> --> Closed
> Jan 31 16:19:23 cluttered ppp[32201]: LCP: deflink: State change Closed -->
> Stopped
> Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: LayerStart
> Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: SendConfigReq(1) state
> = Stopped
> Jan 31 16:19:24 cluttered ppp[32201]: LCP: ACFCOMP[2]
> Jan 31 16:19:24 cluttered ppp[32201]: LCP: PROTOCOMP[2]
> Jan 31 16:19:24 cluttered ppp[32201]: LCP: ACCMAP[6] 0x00000000
> Jan 31 16:19:24 cluttered ppp[32201]: LCP: MRU[4] 1500
> Jan 31 16:19:24 cluttered ppp[32201]: LCP: MAGICNUM[6] 0x451f9b67
> Jan 31 16:19:24 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> Jan 31 16:19:24 cluttered ppp[32201]: LCP: deflink: State change Stopped
> --> Req-Sent
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: RecvConfigReq(77) state
> = Req-Sent
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: MRU[4] 1500
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: ACCMAP[6] 0x000a0000
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81)
> Jan 31 16:19:25 cluttered ppp[32201]: Warning: CHAP 0x81 not supported
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: MAGICNUM[6] 0x2567e117
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: PROTOCOMP[2]
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: ACFCOMP[2]
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: SendConfigNak(77) state
> = Req-Sent
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05)
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: SendTerminateReq(1)
> state = Req-Sent
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: State change Req-Sent
> --> Closing
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: LayerFinish
> Jan 31 16:19:25 cluttered ppp[32201]: LCP: deflink: State change Closing
> --> Initial
>
> and i'm not connected. the tech support people at my company are not very
> helpful. they said, use windows. i can get it to work fine from windows
> but it's so annoying (it interrupts existing connections and forces
> everything to go through the vpn regardless of whether it makes any
> sense). it used to work great with freebsd... any help appreciated!!
>
> thanks
> -jsd-
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202010151.g111pbJ06655>