PPTP client to NT VPN server problems

PPTP client to NT VPN server problems

Post by Erin Charpenti » Fri, 07 Sep 2001 22:11:02



Hello,

I am having problems trying to setup a PPTP client, to connect to an
NT VPN Server.  Thanks in advance for any help or suggestions you
have.

My system is a Slackware box, with kernel version 2.2.19.  I have
compiled and installed the pptp client 1.0.3-1 and the
ppp-mppe-2.4.0-4 package, and I have loaded the mppe kernel module.

My pptp connection succeeds in authentication, and I get local and
remote IPs for ppp0.  My problem comes shortly after, when the tunnel
closes down.  The log seems to show CCP problems, where the
negotiation never succeeds for compression?  Here is an excerpt from
my log, after some of the initial LCP and CHAP messages.  I'm not sure
what else to try.  Thank you for any suggestions!

Erin

pppd[21109]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15>
<mppe 1 0 0 60>]
pppd[21109]: rcvd [CCP ConfReq id=0x23 <mppe 1 0 0 41>]
pppd[21109]: sent [CCP ConfNak id=0x23 <mppe 1 0 0 60>]
pppd[21109]: rcvd [CHAP Success id=0xca "S=..."]
pppd[21109]: sent [IPCP ConfReq id=0x2 <addr 192.168.2.51> <compress
VJ 0f 01>]
pppd[21109]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15>]
pppd[21109]: sent [CCP ConfReq id=0x2 <mppe 1 0 0 60>]
pppd[21109]: rcvd [CCP ConfReq id=0x24 <mppe 1 0 0 40>]
pppd[21109]: sent [CCP ConfRej id=0x24 <mppe 1 0 0 40>]
pppd[21109]: rcvd [IPCP ConfAck id=0x2 <addr 192.168.2.51> <compress
VJ 0f 01>]
pppd[21109]: local  IP address 192.168.1.51
pppd[21109]: remote IP address 192.168.2.7
pppd[21109]: rcvd [CCP ConfNak id=0x2 <mppe 1 0 0 40>]
pppd[21109]: sent [CCP ConfReq id=0x3]
pppd[21109]: rcvd [CCP TermReq id=0x25]
pppd[21109]: sent [CCP TermAck id=0x25]
pppd[21109]: rcvd [CCP ConfAck id=0x3]
pppd[21109]: Received bad configure-ack:
pppd[21109]: sent [CCP ConfReq id=0x3]
pppd[21109]: sent [CCP ConfReq id=0x3]
pppd[21109]: sent [LCP EchoReq id=0x1 magic=0x62eeee0a]
pppd[21109]: sent [CCP ConfReq id=0x3]
last message repeated 2 times
pppd[21109]: sent [LCP EchoReq id=0x2 magic=0x62eeee0a]
pppd[21109]: sent [CCP ConfReq id=0x3]
last message repeated 2 times
pppd[21109]: sent [LCP EchoReq id=0x3 magic=0x62eeee0a]
pppd[21109]: sent [CCP ConfReq id=0x3]
pppd[21109]: CCP: timeout sending Config-Requests
pppd[21109]: sent [LCP EchoReq id=0x4 magic=0x62eeee0a]
pppd[21109]: sent [LCP EchoReq id=0x5 magic=0x62eeee0a]
pppd[21109]: sent [LCP EchoReq id=0x6 magic=0x62eeee0a]
pppd[21109]: sent [LCP EchoReq id=0x7 magic=0x62eeee0a]
pppd[21109]: sent [LCP EchoReq id=0x8 magic=0x62eeee0a]
pppd[21109]: sent [LCP EchoReq id=0x9 magic=0x62eeee0a]
pppd[21109]: sent [LCP EchoReq id=0xa magic=0x62eeee0a]
pppd[21109]: No response to 10 echo-requests
pppd[21109]: Serial link appears to be disconnected.
pppd[21109]: sent [LCP TermReq id=0x3 "Peer not responding"]
pppd[21109]: sent [LCP TermReq id=0x4 "Peer not responding"]
pppd[21109]: Connection terminated.
pppd[21109]: Connect time 1.9 minutes.

 
 
 

PPTP client to NT VPN server problems

Post by Clifford Kit » Sat, 08 Sep 2001 01:42:52



> pppd[21109]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15>
> <mppe 1 0 0 60>]
> pppd[21109]: rcvd [CCP ConfReq id=0x23 <mppe 1 0 0 41>]
> pppd[21109]: sent [CCP ConfNak id=0x23 <mppe 1 0 0 60>]
> pppd[21109]: rcvd [CHAP Success id=0xca "S=..."]
> pppd[21109]: sent [IPCP ConfReq id=0x2 <addr 192.168.2.51> <compress
> VJ 0f 01>]
> pppd[21109]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15>]
> pppd[21109]: sent [CCP ConfReq id=0x2 <mppe 1 0 0 60>]
> pppd[21109]: rcvd [CCP ConfReq id=0x24 <mppe 1 0 0 40>]
> pppd[21109]: sent [CCP ConfRej id=0x24 <mppe 1 0 0 40>]

MS-PPC fails and thus the PPP negotiation fails.  This is the only
type of CCP that causes the PPP negotiations to fail when it fails
to be negotiated with the MS-PPE option set.  It looks like it fails
because you haven't configured MS-PPC with compression enabled.

You are giving the peer two choices for encryption (the 6 in 0x60)
but don't have compression enabled (the 0 in 0x60) and the peer does
(the 1 in 0x41).

I haven't any experience with configuring a modified pppd for MS-PPC
(nor do I wish to) so I can't tell you how to configure for compression.


/* When men do not regard govenmental measures as just and right
   they will find a way around them.  The effects extend beyond
   the source, generate widespread disrespect for the law, and
   promote corruption and *.          -Milton Friedman    */

 
 
 

PPTP client to NT VPN server problems

Post by Erin Charpentie » Sun, 09 Sep 2001 23:29:17


Thanks for the info - I hadn't found what those numbers meant yet.  I
have been looking further into this, and I don't think I am doing mppe
encryption properly right now.  The VPN server gives me two choices - 41
or 40.  The 40 means 128 bit mppe encryption without compression, and my
end rejects that too, so its not just a compression problem.  For others
who also didn't know what the CCP numbers mean, I found this link -

http://www.veryComputer.com/

I thought my pppd was capable of mppe-128, though -  I installed the
ppp-mppe-2.4.0-4 package, from http://www.veryComputer.com/; I
basically just did a make and a make install, and loaded the mppe kernel
mod, but there must be something else I need to do to get mppe running.
Perhaps I needed to do something more with the rc4.a lib, or maybe I'm
missing another kernel mod?  My current kernel mods that I have loaded
are listed below.  If anyone sees anything missing, I'd appreciate it!
Thanks again!

# lsmod
Module                  Size  Used by
mppe                   23488   0
pcmcia_core            45184   0
8139too                13184   1
ppp_deflate            40032   0
ppp                    21328   0  [mppe ppp_deflate]
slip                    7808   0  (unused)
slhc                    4512   0  [ppp slip]
lp                      5904   0  (unused)
parport_pc              7536   1
parport                 7392   1  [lp parport_pc]



> > pppd[21109]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15>
> > <mppe 1 0 0 60>]
> > pppd[21109]: rcvd [CCP ConfReq id=0x23 <mppe 1 0 0 41>]
> > pppd[21109]: sent [CCP ConfNak id=0x23 <mppe 1 0 0 60>]
> > pppd[21109]: rcvd [CHAP Success id=0xca "S=..."]
> > pppd[21109]: sent [IPCP ConfReq id=0x2 <addr 192.168.2.51> <compress
> > VJ 0f 01>]
> > pppd[21109]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15>]
> > pppd[21109]: sent [CCP ConfReq id=0x2 <mppe 1 0 0 60>]
> > pppd[21109]: rcvd [CCP ConfReq id=0x24 <mppe 1 0 0 40>]
> > pppd[21109]: sent [CCP ConfRej id=0x24 <mppe 1 0 0 40>]

> MS-PPC fails and thus the PPP negotiation fails.  This is the only
> type of CCP that causes the PPP negotiations to fail when it fails
> to be negotiated with the MS-PPE option set.  It looks like it fails
> because you haven't configured MS-PPC with compression enabled.

> You are giving the peer two choices for encryption (the 6 in 0x60)
> but don't have compression enabled (the 0 in 0x60) and the peer does
> (the 1 in 0x41).

> I haven't any experience with configuring a modified pppd for MS-PPC
> (nor do I wish to) so I can't tell you how to configure for compression.


> /* When men do not regard govenmental measures as just and right
>    they will find a way around them.  The effects extend beyond
>    the source, generate widespread disrespect for the law, and
>    promote corruption and *.          -Milton Friedman    */

 
 
 

PPTP client to NT VPN server problems

Post by Clifford Kit » Mon, 10 Sep 2001 04:29:08



> Thanks for the info - I hadn't found what those numbers meant yet.  I
> have been looking further into this, and I don't think I am doing mppe
> encryption properly right now.  The VPN server gives me two choices - 41
> or 40.  The 40 means 128 bit mppe encryption without compression, and my
> end rejects that too, so its not just a compression problem.  For others

Okay, I think you're right.

Quote:> who also didn't know what the CCP numbers mean, I found this link -
> http://www.microsoft.com/WINDOWS2000/techinfo/reskit/en/Intwork/inbb_...

There should be a draft for MS-PPE too.  The last one I found was

http://www.ietf.org/internet-drafts/draft-ietf-pppext-mppe-04.txt

but drafts are supposed to be updated every 6 months, and it may not
be there anymore, or have been replace with a newer one.

[...]


>> > pppd[21109]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15>
>> > <mppe 1 0 0 60>]
>> > pppd[21109]: rcvd [CCP ConfReq id=0x23 <mppe 1 0 0 41>]
>> > pppd[21109]: sent [CCP ConfNak id=0x23 <mppe 1 0 0 60>]
>> > pppd[21109]: rcvd [CHAP Success id=0xca "S=..."]
>> > pppd[21109]: sent [IPCP ConfReq id=0x2 <addr 192.168.2.51> <compress
>> > VJ 0f 01>]
>> > pppd[21109]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15>]
>> > pppd[21109]: sent [CCP ConfReq id=0x2 <mppe 1 0 0 60>]
>> > pppd[21109]: rcvd [CCP ConfReq id=0x24 <mppe 1 0 0 40>]
>> > pppd[21109]: sent [CCP ConfRej id=0x24 <mppe 1 0 0 40>]

At the end the peer did request 40 but your side rejected it - even
though it had indicated a willingness to accept it with the earlier
Nak (40+20=60).  Maybe you need an upgrade for the MS-PPC patched pppd
since this Configure-Reject is almost certainly what caused the failure
of the CCP negotiations and thus the failure to establish a PPP link.

Or maybe I just don't understand the MS-PPC negotiations...


/* ... packets usually cross many administrative boundaries on their way
   from a source to a destination and often the only point of agreement
   between those separate administrations is that all problems are someone
   else's fault.   --Van Jacobson, abstract of April 97 MSRI talk */

 
 
 

1. pptp linux client to pptp nt server

hello,
i try in the moment desperatly to connect a linux (a 2.2 kernel) to
connect via pptp to a nt server. my provider uses this tunnel to give us
direct access to the internet. (till now we have only www with a proxy).
the problem is, that the nt just does not answer. the provider testet
with a windows system from our office (it's inhouse), this did work.

does anyone know this problem or better even a solution?

we use
pptp-linux client 1.0.2
pppd 2.3.8
the nt version i don't know, i think it's quite new
there is no firewall between the two computers (because it's to tunnel
the intranet)
we want to use PAP for authentification

in our log file only is written that pppd sends a LCP config request,
after doing this some times it disconnects, because no answer arrives.
(sorry, i have now the exactly text not here, because i am now home).
also the log file from the provider did only say, that something
connected but not more.

we testet with a linux pptp server, this worked. we have allready tried
really all kinds of configuration, so if this is the reason it must be
quite tricky.

it seems the both linux softwares understand and the both ms softwares,
but unfortunally not linux-ms.

anyone knows something?

thanks,
heiko

2. S3 High Resolution Problem

3. bash vs ksh

4. Linux Firewall settings to allow PPTP VPN acces to NT Server?

5. TLI Programming

6. Getting Linux PPTP-Client working with MS VPN server

7. More help needed

8. Trying again with my linux pptp client problem to Microsoft vpn.

9. LAN-to-LAN VPN(Poptop+PPTP client) problem

10. Linux as PPTP Server for MS PPTP Clients?

11. why i still can't use pptp client to connect to windows 2000 pptp server

12. PopTop VPN Server can see Win98 client but client can't see server