Hi, Can anyone help me to configure a pptpd-server on Debian (5.0) to serve Windows clients? I can make it work if I disable required data encryption on the Windows client, but I don't want to run it like that in production.
I've already tried a number of different combinations of settings. For example, with pptpd-options containing this: refuse-pap refuse-chap refuse-mschap # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft # Challenge Handshake Authentication Protocol, Version 2] authentication. require-mschap-v2 # Require MPPE 128-bit encryption # (note that MPPE requires the use of MSCHAP-V2 during authentication) #require-mppe-128 and required encryption disabled on the Windows client, I can make a connection. The strange thing is that it works even if I supply an invalid username?! If I uncomment require-mppe-128, the connection fails: Oct 14 15:37:02 rack02 pptpd[19812]: CTRL: Client 192.168.1.24 control connection started Oct 14 15:37:02 rack02 pptpd[19812]: CTRL: Starting call (launching pppd, opening GRE) Oct 14 15:37:02 rack02 pppd[19813]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Oct 14 15:37:02 rack02 pppd[19813]: pptpd-logwtmp: $Version$ Oct 14 15:37:02 rack02 pppd[19813]: pppd 2.4.4 started by root, uid 0 Oct 14 15:37:02 rack02 pppd[19813]: using channel 43 Oct 14 15:37:02 rack02 pppd[19813]: Using interface ppp0 Oct 14 15:37:02 rack02 pppd[19813]: Connect: ppp0 <--> /dev/pts/3 Oct 14 15:37:02 rack02 pppd[19813]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa524bd4f> <pcomp> <accomp>] Oct 14 15:37:02 rack02 pptpd[19812]: GRE: Bad checksum from pppd. Oct 14 15:37:02 rack02 pppd[19813]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x114d79f8> <pcomp> <accomp> <callback CBCP>] Oct 14 15:37:02 rack02 pppd[19813]: sent [LCP ConfRej id=0x0 <callback CBCP>] Oct 14 15:37:02 rack02 pppd[19813]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xa524bd4f> <pcomp> <accomp>] Oct 14 15:37:02 rack02 pppd[19813]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x114d79f8> <pcomp> <accomp>] Oct 14 15:37:02 rack02 pppd[19813]: sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x114d79f8> <pcomp> <accomp>] Oct 14 15:37:02 rack02 pppd[19813]: sent [LCP EchoReq id=0x0 magic=0xa524bd4f] Oct 14 15:37:02 rack02 pppd[19813]: MPPE required, but MS-CHAP[v2] auth not performed. Oct 14 15:37:02 rack02 pppd[19813]: sent [LCP TermReq id=0x2 "MPPE required but not available"] Oct 14 15:37:02 rack02 pppd[19813]: rcvd [LCP Ident id=0x2 magic=0x114d79f8 "MSRASV5.10"] Oct 14 15:37:02 rack02 pppd[19813]: rcvd [LCP Ident id=0x3 magic=0x114d79f8 "MSRAS-0-PCROEL"] Oct 14 15:37:02 rack02 pppd[19813]: rcvd [CCP ConfReq id=0x4 <mppe +H -M -S -L -D +C>] Oct 14 15:37:02 rack02 pppd[19813]: Discarded non-LCP packet when LCP not open Oct 14 15:37:02 rack02 pppd[19813]: rcvd [LCP EchoRep id=0x0 magic=0x114d79f8] Oct 14 15:37:02 rack02 pppd[19813]: rcvd [LCP TermAck id=0x2 "MPPE required but not available"] Oct 14 15:37:02 rack02 pppd[19813]: Connection terminated. Oct 14 15:37:02 rack02 pptpd[19812]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Oct 14 15:37:02 rack02 pptpd[19812]: CTRL: Reaping child PPP[19813] Oct 14 15:37:02 rack02 pppd[19813]: Exit. Oct 14 15:37:02 rack02 pptpd[19812]: CTRL: Client 192.168.1.24 control connection finished I don't understand "MPPE required, but MS-CHAP[v2] auth not performed.": why is MS-CHAP[v2] not performed? Shouldn't the require-mschap-v2 setting force the system to use that? Another thing I noticed is "GRE: Bad checksum from pppd", but that doesn't seem to be the problem since that line occurs also in the case where the connection does succeed. Can someone help me troubleshoot and solve the problem? Best regards, Roel Schroeven -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/i971ch$np...@dough.gmane.org
