David Corbin writes: > I'm trying to get a PPTP tunnel running (on a gentoo client). The tunnel > tries to start, but then fails. At the end is my output from attempting to > diagnose the failure. > > >From the "No auth is possible", and the "auth eap", I assume there is a > problem with the way something is built on my system, but I can find very > little useful information about 'eap'.
The "no auth is possible" message means that there are no valid credentials for the protocol requested by the peer (nothing usable in the various /etc/ppp/*_secrets files), so there's no point even trying to authenticate. EAP (Extensible Authentication Protocol) is somewhat like a transport protocol. It can carry any of a wide range of "authentication methods" -- what you might call protocols. In the current ppp-2.4 sources, there's support for the RFC-required MD5-Challenge (using /etc/ppp/chap-secrets) and draft SRP-SHA1 (using /etc/ppp/srp-secrets) methods. Thus "no auth is possible" message means that the pppd didn't find any usable keys in either location, meaning that no known EAP methods are usable, and the peer's request for EAP itself can't be satisfied. Since you're using Microsoft's proprietary PPTP, adding keys to those files probably won't help. Your peer is likely planning to insist on one of the many proprietary EAP methods that pppd doesn't currently support, and will also require MPPE key exchange for use with tunnel encryption. To find out which EAP method is needed, you could either ask the person who owns that peer system, or set up some temporary credentials in /etc/ppp/chap-secrets and find out what EAP method the peer requests. When it's not one that's implemented by pppd (almost a certainty), you'll need to go off and find code (a patch) that does this for you, or implement it yourself. It might be easier, though, to find patches that support MPPE and MS-CHAPv2, and ask the owner of that peer system to enable MS-CHAPv2 support. Though you're still likely to have some trouble getting your system to support this, I'd expect that'd be more likely to succeed. For what it's worth (and it might not be much), PPTP is quirky and of probably questionable value. -- James Carlson 42.703N 71.076W <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-ppp" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
