| View previous topic :: View next topic |
| Author |
Message |
PhiJ
Apprentice
Joined: 20 Dec 2005
Posts: 173
Location: UK
|
 Posted: Tue Feb 10, 2009 11:07 am Post subject: PPTP VPN connection failed: chap MS-v2 rejected [SOLVED] |
 |
|
I'm trying to set up a PPTP VPN connection to my uni. I've finally got to the stage when I | Code: | | pon UOB debug dump logfd 2 nodetach |
it, but I get this output:
| Code: | pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
refuse-chap # (from /etc/ppp/options.pptp)
refuse-mschap # (from /etc/ppp/options.pptp)
refuse-eap # (from /etc/ppp/options.pptp)
name UOB\\JP6877 # (from /etc/ppp/peers/UOB)
remotename PPTP # (from /etc/ppp/peers/UOB)
# (from /etc/ppp/options.pptp)
pty pptp student-vpn.bris.ac.uk --nolaunchpppd # (from /etc/ppp/peers/UOB)
ipparam UOB # (from /etc/ppp/peers/UOB)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
require-mppe-128 # (from /etc/ppp/peers/UOB)
using channel 2
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x5a5e3bad> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8cb5e596> <pcomp> <accomp>]
No auth is possible
sent [LCP ConfRej id=0x1 <auth chap MS-v2>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x5a5e3bad> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x2 <mru 1450> <asyncmap 0x0> <magic 0x8cb5e596> <pcomp> <accomp>]
sent [LCP ConfAck id=0x2 <mru 1450> <asyncmap 0x0> <magic 0x8cb5e596> <pcomp> <accomp>]
MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed.
sent [LCP TermReq id=0x2 "MPPE required but not available"]
rcvd [LCP EchoReq id=0x0 magic=0x8cb5e596]
rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]
sent [LCP TermAck id=0x3]
rcvd [LCP TermAck id=0x2]
Connection terminated.
Script pptp student-vpn.bris.ac.uk --nolaunchpppd finished (pid 9827), status = 0x0 |
My 'peers' file is
| Code: | pty "pptp student-vpn.bris.ac.uk --nolaunchpppd"
name UOB\\JP6877
remotename PPTP
require-mppe-128
require-mschap-v2
file /etc/ppp/options.pptp
ipparam UOB |
my chap-secrets file is
| Code: | | domain\\username PPTP "psswd" * |
and my ppp use flags are
| Code: | | activefilter dhcp eap-tls gtk ipv6 pam radius -atm -mppe-mppc |
Last edited by PhiJ on Tue Feb 24, 2009 6:20 pm; edited 1 time in total |
|
| Back to top |
|
 |
Will Scarlet
Apprentice
Joined: 19 Mar 2004
Posts: 239
|
| Posted: Sun Feb 15, 2009 8:42 pm Post subject: |
|
|
In your peers file take out the line of
Hope this helps... 
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. |
|
| Back to top |
|
|
PhiJ
Apprentice
Joined: 20 Dec 2005
Posts: 173
Location: UK
|
| Posted: Tue Feb 17, 2009 9:26 am Post subject: |
|
|
It seems to be giving the same error message.  |
|
| Back to top |
|
|
Will Scarlet
Apprentice
Joined: 19 Mar 2004
Posts: 239
|
| Posted: Wed Feb 18, 2009 3:48 am Post subject: |
|
|
Do you have ppp_mppe enable as a module or compiled in your kernel? In your .config file for your kernel you would see something like
| Code: | CONFIG_PPP_MPPE=m
or
CONFIG_PPP_MPPE=y |
If it's a module, is it loading when you start your pptp session?
Also, here is my options.pptp file:
| Code: | # Lock the port
lock
# Authentication
# We don't need the tunnel server to authenticate itself
noauth
# We won't do EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
refuse-eap
refuse-chap
refuse-mschap
# Compression
# Turn off compression protocols we know won't be used
nobsdcomp
nodeflate
# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use. Note that MPPE
# requires the use of MSCHAP-V2 during authentication)
# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
# {{{
# Require MPPE 128-bit encryption
require-mppe-128
# }}}
# http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec
# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
# {{{
# Require MPPE 128-bit encryption
#mppe stateless
# }}} |
Make sure that in your file that the "require-mppe-128" is not commented and "mppe stateless" is commented.
Hope this helps...
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. |
|
| Back to top |
|
|
PhiJ
Apprentice
Joined: 20 Dec 2005
Posts: 173
Location: UK
|
| Posted: Wed Feb 18, 2009 11:27 am Post subject: |
|
|
CONFIG_PPP_MPPE=y (I don't do anything as modules except ALSA as I don't know enough about kernel stuff to know when I'd want to, and it all works fine for me compiled in anyway)
Well, require-mppe-128 was commented, but uncommenting it (on peers and/or options.pptp) didn't change the output |
|
| Back to top |
|
|
Will Scarlet
Apprentice
Joined: 19 Mar 2004
Posts: 239
|
| Posted: Fri Feb 20, 2009 4:56 am Post subject: |
|
|
After doing more research, I ran across http://pptpclient.sourceforge.net/howto-diagnosis.phtml and found this:
| Quote: | No auth is possible
Symptom: you are using PPP 2.4.2 or later and logs contain this sequence:
rcvd [LCP ConfReq id=0x0 <auth chap MS-v2> <magic 0x7a73> <pcomp> <accomp>]
No auth is possible
sent [LCP ConfRej id=0x0 <auth chap MS-v2>
Diagnosis: your pppd is refusing to perform MS-CHAP-V2 authentication. The PPTP Server requires it, and so it terminates the connection. The known causes are:
* pppd could not find a matching entry in the chap-secrets file, (see below for causes)
* pppd was built without MS-CHAP-V2 support (quite uncommon).
The search in the chap-secrets file uses the name and remotename options given to pppd. The name is usually the authentication domain and username. The remotename is usually PPTP, or the name of the tunnel.
The chap-secrets file is a series of lines with blank separated fields. The file is searched for a line where:
* the first field matches the local name option value (e.g. domain\\username),
* the second field matches the remotename option value (e.g. tunnelname or PPTP), and
* the fourth field contains a valid IP address or asterisk.
Any spaces or special characters in the local name, password, or remote name must be properly quoted. The hash character (#) in a password is a definite cause of this; add quotes around the password to fix it. See man pppd section AUTHENTICATION for more details.
Solution: fix the chap-secrets file or the pppd options so that they match. |
It appears that something in your chap-secrets may be incorrect. Maybe your password.
Also, looking at http://www.bristol.ac.uk/is/computing/advice/homeusers/uobvpn/howto/linux/ I found this:
| Quote: | You will need the following details to configure your connection:
* Your UOB username and password.
* The address of the server you are trying to connect to. (staff-vpn.bris.ac.uk for staff and student-vpn.bris.ac.uk for students)
* If you need a 'Domain' this is UOB but can usually be left blank. |
So it appears that you can remove "UOB\\" from your username in both your peers and chap-secrets files. Who knows, maybe that's the problem.
Hope this helps...
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. |
|
| Back to top |
|
|
gentoo_ram
Guru
Joined: 25 Oct 2007
Posts: 513
Location: San Diego, California USA
|
| Posted: Fri Feb 20, 2009 7:58 am Post subject: |
|
|
I have the PPTP server working to my Mac and iPod Touch. My chap-secrets contains:
| Code: |
username pptpd PaSsWoRd *
|
It's a little different than the O.P. No domain, password is not in double-quotes, and the service name is 'pptpd'. |
|
| Back to top |
|
|
PhiJ
Apprentice
Joined: 20 Dec 2005
Posts: 173
Location: UK
|
| Posted: Tue Feb 24, 2009 6:19 pm Post subject: |
|
|
Had to be an embarrassing error didn't it. My username was in all-caps in the peers file and in lowercase in chap-secrets. Shame
Thanks for the help. |
|
| Back to top |
|
|
|
Networking & Security
