PPTP: no proper LCP negotiation?

PPTP: no proper LCP negotiation?

Post by gpf081 » Sun, 05 Feb 2006 00:27:26



Hi out there,
Im trying to (re)build our VPN-gateway for Roadwarriors. First
everything seemed to be fine: win2k and WinXP clients from outside
could connect as usual.
But then the first windows mobile 5 device came knocking on gateways
door and doesnt come in.

conditions are as follows:
gentoo, kernel 2.6.16 with pptpd 1.2.3, pppd 2.4.2

/var/log/messages says:

Feb  3 13:30:02 vger pppd[15639]: pppd options in effect:
Feb  3 13:30:02 vger pppd[15639]: debug         # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: nologfd               # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: dump          # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: require-mschap-v2             # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: refuse-pap            # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: refuse-chap           # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: refuse-mschap         # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: refuse-eap            # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: name vger             # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: 115200                # (from command
line)
Feb  3 13:30:02 vger pppd[15639]: lock          # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: local         # (from command line)
Feb  3 13:30:02 vger pppd[15639]: mru 1500              # (from
/etc/ppp/options)
Feb  3 13:30:02 vger pppd[15639]: mtu 1500              # (from
/etc/ppp/options)
Feb  3 13:30:02 vger pppd[15639]: -vj           # (from
/etc/ppp/options)
Feb  3 13:30:02 vger pppd[15639]: ipparam 80.226.250.97         # (from
command line)
Feb  3 13:30:02 vger pppd[15639]: ms-dns xxx # [don't know how to print
value]          # (from /etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: ms-wins xxx # [don't know how to
print value]         # (from /etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: 192.168.1.3:192.168.1.71
# (from command line)
Feb  3 13:30:02 vger pppd[15639]: nobsdcomp             # (from
/etc/ppp/options)
Feb  3 13:30:02 vger pppd[15639]: nodeflate             # (from
/etc/ppp/options)
Feb  3 13:30:02 vger pppd[15639]: require-mppe-128              # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: mppe-stateful         # (from
/etc/ppp/options.pptpd)
Feb  3 13:30:02 vger pppd[15639]: pppd 2.4.2 started by root, uid 0

*(after this MS-Chap v2 authentication works fine - acces granted!)

*But NOW:

Feb  3 13:30:07 vger pppd[15639]: sent [CCP ConfReq id=0x1 <mppe +H -M
+S -L -D -C>]

*The server tells the client +H (stateless) and +S (128bit mppe) -
thats right

Feb  3 13:30:07 vger pppd[15639]: rcvd [IPCP ConfReq id=0x0 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins
0.0.0.0>]

*Client "asks" for proper DNS & IP, OK

Feb  3 13:30:07 vger pppd[15639]: sent [IPCP TermAck id=0x0]
Feb  3 13:30:07 vger pppd[15639]: rcvd [IPV6CP ConfReq id=0x0 <addr
fe80::0209:2dff:fe7a:5463>]
Feb  3 13:30:07 vger pppd[15639]: Unsupported protocol 0x8057 received
Feb  3 13:30:07 vger pppd[15639]: sent [LCP ProtRej id=0x2 80 57 01 00
00 0e 01 0a 02 09 2d ff fe 7a 54 63]
**************************************************************************************
*Feb  3 13:30:07 vger pppd[15639]: rcvd [CCP ConfReq id=0x0 <mppe -H -M
-S -L -D -C>]*
**************************************************************************************

*THAT is the problem: The Client tells his capabilities wrong an the
server rejects it now:

Feb  3 13:30:07 vger pppd[15639]: MPPE required but peer negotiation
failed
Feb  3 13:30:07 vger pppd[15639]: sent [LCP TermReq id=0x3 "MPPE
required but peer negotiation failed"]
Feb  3 13:30:07 vger pppd[15639]: sent [CCP ConfRej id=0x0 <mppe -H -M
-S -L -D -C>]

*it does not negotiate with the client and so the nex LCP-answer: +S
128mppe-able is discarded:

Feb  3 13:30:07 vger pppd[15639]: rcvd [CCP ConfNak id=0x1 <mppe -H -M
+S -L -D -C>]
Feb  3 13:30:07 vger pppd[15639]: Discarded non-LCP packet when LCP not
open

*thats it, connection closed.
*****

Coming from a WindowsXp-machine the things are working and differ:

Feb  3 15:37:18 vger pppd[15797]: sent [CHAP Success id=0xf8
"S=7F90195A610EE1044B0DECF838B2E90A9DAE6013 M=Access granted"]

* Authentication OK, and now the server tells the client first its
capabilities:

Feb  3 15:37:18 vger pppd[15797]: sent [CCP ConfReq id=0x1 <mppe +H -M
+S -L -D -C>]
Feb  3 15:37:18 vger pppd[15797]: rcvd [CCP ConfReq id=0x4 <mppe +H +M
+S +L -D +C>]
Feb  3 15:37:18 vger pppd[15797]: sent [CCP ConfNak id=0x4 <mppe +H -M
+S -L -D -C>]
Feb  3 15:37:18 vger pppd[15797]: rcvd [IPCP ConfReq id=0x5 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins
0.0.0.0>]
Feb  3 15:37:18 vger pppd[15797]: sent [IPCP TermAck id=0x5]
Feb  3 15:37:18 vger pppd[15797]: rcvd [CCP ConfAck id=0x1 <mppe +H -M
+S -L -D -C>]
Feb  3 15:37:18 vger pppd[15797]: rcvd [CCP ConfReq id=0x6 <mppe +H -M
+S -L -D -C>]
Feb  3 15:37:18 vger pppd[15797]: sent [CCP ConfAck id=0x6 <mppe +H -M
+S -L -D -C>]

*and they do negotiated as long as it becomes suiteable.

Feb  3 15:37:18 vger pppd[15797]: MPPE 128-bit stateless compression
enabled
Feb  3 15:37:18 vger pppd[15797]: sent [IPCP ConfReq id=0x1 <addr
192.168.1.2>]
Feb  3 15:37:18 vger pppd[15797]: rcvd [IPCP ConfAck id=0x1 <addr
192.168.1.2>]
Feb  3 15:37:19 vger pppd[15797]: rcvd [IPCP ConfReq id=0x7 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins
0.0.0.0>]
Feb  3 15:37:19 vger pppd[15797]: sent [IPCP ConfNak id=0x7 <addr
192.168.1.70> <ms-dns1 192.168.0.17> <ms-wins 192.168.0.33> <ms-dns3
192.168.0.33> <ms-wins 192.168.0.33>]
Feb  3 15:37:19 vger pppd[15797]: rcvd [IPCP ConfReq id=0x8 <addr
192.168.1.70> <ms-dns1 192.168.0.17> <ms-wins 192.168.0.33> <ms-dns3
192.168.0.33> <ms-wins 192.168.0.33>]
Feb  3 15:37:19 vger pppd[15797]: sent [IPCP ConfAck id=0x8 <addr
192.168.1.70> <ms-dns1 192.168.0.17> <ms-wins 192.168.0.33> <ms-dns3
192.168.0.33> <ms-wins 192.168.0.33>]
Feb  3 15:37:19 vger pppd[15797]: local  IP address 192.168.1.2
Feb  3 15:37:19 vger pppd[15797]: remote IP address 192.168.1.70
Feb  3 15:37:19 vger pppd[15797]: Script /etc/ppp/ip-up started (pid
15802)
Feb  3 15:37:19 vger pppd[15797]: Script /etc/ppp/ip-up finished (pid
15802), status = 0x1

*and the connection is stable.

If I disable "require-mppe-128" the mobile device works fine but
unencrypted.

*before teaching me that there is something wrong in Windows Mobile
PPP-Client (of course it would be helpful to force that client to offer
mppe128 first) I have some remarks:

*- why doesnt the server negotiate?
*- as you can see, the client has the needed capabilities (mppe +H -M
+S -L -D -C), indeed.
*- why does it work with pppd 2.4.1 on gentoo 2.4.21 as shown below
here:

*optins.pptp:
lock
debug
name vyger
proxyarp
bsdcomp 0
+chapms-v2
mppe-128
mppe-stateless

*/var/log/messages on the old and working gateway during handshake with
windows mobile 5:

12:49:56 vyger pppd[9165]: pppd 2.4.1 started by root, uid 0
Feb  3 12:49:56 vyger pppd[9165]: using channel 246
Feb  3 12:49:56 vyger pppd[9165]: Using interface ppp1
Feb  3 12:49:56 vyger pppd[9165]: Connect: ppp1 <--> /dev/pts/1
Feb  3 12:49:56 vyger pppd[9165]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0xb7738278> <pcomp> <accomp>]
Feb  3 12:49:57 vyger pptpd[9164]: GRE: Discarding duplicate packet
Feb  3 12:49:57 vyger pppd[9165]: rcvd [LCP ConfAck id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0xb7738278> <pcomp> <accomp>]
Feb  3 12:49:59 vyger pppd[9165]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0xb7738278> <pcomp> <accomp>]
Feb  3 12:50:00 vyger pppd[9165]: rcvd [LCP ConfReq id=0x0 <mru 1400>
<asyncmap 0x0> <pcomp> <accomp>]
Feb  3 12:50:00 vyger pppd[9165]: sent [LCP ConfAck id=0x0 <mru 1400>
<asyncmap 0x0> <pcomp> <accomp>]
Feb  3 12:50:00 vyger pppd[9165]: rcvd [LCP ConfAck id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0xb7738278> <pcomp> <accomp>]
Feb  3 12:50:00 vyger pppd[9165]: cbcp_lowerup
Feb  3 12:50:00 vyger pppd[9165]: want: 2
Feb  3 12:50:00 vyger pppd[9165]: sent [CHAP Challenge id=0x1
<152208217a3b3eb242daa21d249e5394>, name = "vyger"]
Feb  3 12:50:00 vyger pptpd[9164]: CTRL: Received PPTP Control Message
(type: 15)
Feb  3 12:50:00 vyger pptpd[9164]: CTRL: Ignored a SET LINK INFO packet
with real ACCMs!
Feb  3 12:50:01 vyger pppd[9165]: rcvd [CHAP Response id=0x1 <xyz...>,
name = "name"]
Feb  3 12:50:01 vyger pppd[9165]: sent [CHAP Success id=0x1
"S=ACC359085FFFF1CB03216EECD2993024256185B4"]
Feb  3 12:50:01 vyger pppd[9165]: sent [IPCP ConfReq id=0x1 <addr
192.168.1.1> <compress VJ 0f 01>]
Feb  3 12:50:01 vyger pppd[9165]: sent [CCP ConfReq id=0x1 <deflate 15>
<deflate(old#) 15> <mppe 1 0 0 40>]
Feb  3 12:50:01 vyger pppd[9165]: MSCHAP-v2 peer authentication
succeeded for name
Feb  3 12:50:02 vyger pppd[9165]: rcvd [IPCP ConfReq id=0x0 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins
0.0.0.0>]
Feb  3 12:50:02 vyger pppd[9165]: sent [IPCP ConfNak id=0x0 <addr
192.168.1.129> <ms-dns1 192.168.0.33> <ms-wins 192.168.0.33> <ms-dns3
192.168.0.33> <ms-wins 192.168.0.33>]
Feb  3 12:50:02 vyger pppd[9165]: rcvd [proto=0x8057] 01 00 00 0e 01 0a
02 09 2d ff fe 7a 54 63
Feb  3 12:50:02 vyger pppd[9165]: Unsupported protocol 0x8057 received
Feb  3 12:50:02 vyger pppd[9165]: sent [LCP ProtRej id=0x2 80 57 01 00
00 0e 01 0a 02 09 2d ff fe 7a 54 63]
Feb  3 12:50:02 vyger pppd[9165]: rcvd [IPCP ConfRej id=0x1 <compress
VJ 0f 01>]
Feb  3 12:50:02 vyger pppd[9165]: sent [IPCP ConfReq id=0x2 <addr
192.168.1.1>]
Feb  3 12:50:02 vyger pppd[9165]: rcvd [CCP ConfReq id=0x0 <mppe 0 0 0
0>]
Feb  3 12:50:02 vyger pppd[9165]: sent [CCP ConfRej id=0x0 <mppe 0 0 0
0>]
Feb  3 12:50:02 vyger pppd[9165]: rcvd [CCP ConfRej id=0x1 <deflate 15>
<deflate(old#) 15>]
Feb  3
...

read more »

 
 
 

PPTP: no proper LCP negotiation?

Post by gpf081 » Sat, 11 Feb 2006 20:35:50


Hi,
nobody out there with any idea?

So sad - Chris

 
 
 

PPTP: no proper LCP negotiation?

Post by Clifford Kit » Sun, 12 Feb 2006 01:53:36



> Hi,
> nobody out there with any idea?

Maybe.  Check out this:

http://marc.theaimsgroup.com/?l=linux-ppp&m=113941559509914&w=2

--