Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] mppe encryption with pptpd under suse 7.2
  • From: Ken Schneider <kschneider@xxxxxxxx>
  • Date: 12 May 2003 09:47:08 -0400
  • Message-id: <1052747228.13122.3.camel@xxxxxxxxxxxx>
On Mon, 2003-05-12 at 09:39, Marc Samendinger wrote:
> Hi list,
>
> I try to build a vpn server with the PoPToP VPN Server.
>
> installed software:
>
> ppp-2.4.0-93
> pptpd-1.1.2-60
>
> /etc/pptpd.conf
>
> option /etc/ppp/options
> debug
> localip 192.168.0.1
> remoteip 192.168.1.100-199
> listen 10.0.0.1
>
> /etc/ppp/options
>
> lock
> debug
> auth
> refuse-chap
> refuse-chap
> refuse-pap
> refuse-chap-md5
> refuse-chapms
> require-chapms-v2
> mppe-128
> mppe-stateless
> nodeflate
> nobsdcomp
> nopredictor1
>
> When I try to establish a connection from a windows
> 2000 client I get the following log entries:
>
> --
> May 12 15:20:15 cps pptpd[1166]: MGR: Launching /usr/sbin/pptpctrl to handle client
> May 12 15:20:15 cps pptpd[1166]: CTRL: local address = 192.168.0.1
> May 12 15:20:15 cps pptpd[1166]: CTRL: remote address = 192.168.1.100
> May 12 15:20:15 cps pptpd[1166]: CTRL: pppd options file = /etc/ppp/options
> May 12 15:20:15 cps pptpd[1166]: CTRL: Client 10.0.0.2 control connection
> started
> May 12 15:20:15 cps pptpd[1166]: CTRL: Received PPTP Control Message (type: 1)
> May 12 15:20:15 cps pptpd[1166]: CTRL: Made a START CTRL CONN RPLY packet
> May 12 15:20:15 cps pptpd[1166]: CTRL: I wrote 156 bytes to the client.
> May 12 15:20:15 cps pptpd[1166]: CTRL: Sent packet to client
> May 12 15:20:15 cps pptpd[1166]: CTRL: Received PPTP Control Message (type: 7)
> May 12 15:20:15 cps pptpd[1166]: CTRL: 0 min_bps, 1525 max_bps, 32 window size
> May 12 15:20:15 cps pptpd[1166]: CTRL: Made a OUT CALL RPLY packet
> May 12 15:20:15 cps pptpd[1166]: CTRL: Starting call (launching pppd, opening GRE)
> May 12 15:20:15 cps pptpd[1166]: CTRL: pty_fd = 5
> May 12 15:20:15 cps pptpd[1166]: CTRL: tty_fd = 6
> May 12 15:20:15 cps pptpd[1167]: CTRL (PPPD Launcher): Connection speed = 115200May 12 15:20:15 cps pptpd[1167]: CTRL (PPPD Launcher): local address = 192.168.0.1
> May 12 15:20:15 cps pptpd[1167]: CTRL (PPPD Launcher): remote address = 192.168.1.100
> May 12 15:20:15 cps pptpd[1166]: CTRL: I wrote 32 bytes to the client.
> May 12 15:20:15 cps pptpd[1166]: CTRL: Sent packet to client
> May 12 15:20:15 cps pptpd[1166]: CTRL: Received PPTP Control Message (type: 15)
> May 12 15:20:15 cps pptpd[1166]: CTRL: Got a SET LINK INFO packet with standard
> ACCMs
> May 12 15:20:15 cps modprobe: modprobe: Can't locate module char-major-108
> May 12 15:20:15 cps pppd[1167]: The remote system is required to authenticate itself
> May 12 15:20:15 cps pppd[1167]: but I couldn't find any suitable secret (password) for it to use to do so.
> May 12 15:20:15 cps pppd[1167]: (None of the available passwords would let it use an IP address.)
> May 12 15:20:15 cps pptpd[1166]: Error reading from pppd: Input/output error
> May 12 15:20:15 cps pptpd[1166]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5)
> May 12 15:20:15 cps pptpd[1166]: CTRL: Client 10.0.0.2 control connection
> finished
> May 12 15:20:15 cps pptpd[1166]: CTRL: Exiting now
> May 12 15:20:15 cps pptpd[1164]: MGR: Reaped child 1166
> --
>
> I tried to use various settings, like chapms-v2 authentication
> with weak encryption (40 bit), chap authentication without
> encryption... but it seems like I overlook something.
>
> if anyone could give me a hint in the right direction.
>

You need to add an entry in /etc/ppp/chap-secrets as well for
authentication.

Ken


< Previous Next >
References