| View previous topic :: View next topic |
| Author |
Message |
transcend
n00b
Joined: 05 Nov 2003
Posts: 31
Location: NY, NY
|
 Posted: Mon Apr 25, 2005 6:13 pm Post subject: [RESOLVED] Unencrypted VPN and pptpclient |
 |
|
I have my pptpclient set up for many different peers. I can connect to my LAN mssrv2003 vpn server/peer, and one other ms based vpn server on the net, outside my lan, as well.
However, I have an important vpn account at a server that I can not connect with through my gentoo box. It authenticates me fine, but drops my sorry ass immediately after the successful CHAP auth. Here's a snipping:
| Quote: | pppd options in effect:
debug # (from /etc/ppp/opts.vpn2)
nodetach # (from /etc/ppp/opts.vpn2)
logfd 2 # (from /etc/ppp/opts.vpn2)
dump # (from /etc/ppp/opts.vpn2)
noauth # (from /etc/ppp/opts.vpn2)
refuse-eap # (from /etc/ppp/opts.vpn2)
name XXXXX\\xxxxxx # (from /etc/ppp/peers/vpn2)
remotename PPTP # (from /etc/ppp/peers/vpn2)
pty pptp vpn.XXXXX.com --nolaunchpppd # (from /etc/ppp/peers/vpn2)
local # (from /etc/ppp/opts.vpn2)
mru 1490 # (from /etc/ppp/opts.vpn2)
mtu 1490 # (from /etc/ppp/opts.vpn2)
passive # (from /etc/ppp/opts.vpn2)
ipparam vpn2 # (from /etc/ppp/peers/vpn2)
noproxyarp # (from /etc/ppp/opts.vpn2)
usepeerdns # (from /etc/ppp/opts.vpn2)
noccp # (from /etc/ppp/opts.vpn2)
nobsdcomp # (from /etc/ppp/opts.vpn2)
nodeflate # (from /etc/ppp/opts.vpn2)
noipx # (from /etc/ppp/opts.vpn2)
using channel 24
Using interface ppp0
Connect: ppp0 <--> /dev/pts/4
sent [LCP ConfReq id=0x1 <mru 1490> <asyncmap 0x0> <magic 0x51ad0b0c> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MD5> <magic 0x8cb34cXX> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MD5> <magic 0x8cb34cXX> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <mru 1490> <asyncmap 0x0> <magic 0xXXXXXX> <pcomp> <accomp>]
rcvd [LCP EchoReq id=0x0 magic=0x8cb34cXX]
sent [LCP EchoRep id=0x0 magic=0x8cb34cXX]
rcvd [CHAP Challenge id=0xb <cXX1bf66d68495e1aa7c6a3305aede66266XXX>, name = "*"]
Warning - secret file /etc/ppp/chap-secrets has world and/or group access
sent [CHAP Response id=0xb <0XXcb14e106b47be3640342893e4XXXX>, name = "XXXXXX\\xxxxxx"]
rcvd [CHAP Success id=0xb "Access granted"]
CHAP authentication succeeded: Access granted
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 172.31.31.101> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>] #My internal addy
rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 10.xx.0.114>]
sent [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 10.xx.0.114>]
rcvd [IPCP ConfNak id=0x1 <ms-dns1 216.55.144.5> <ms-dns3 216.55.144.5>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 172.31.31.101> <ms-dns1 216.55.144.5> <ms-dns3 216.55.144.5>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 172.31.31.101> <ms-dns1 216.55.144.5> <ms-dns3 216.55.144.5>]
local IP address 172.31.31.101
remote IP address 10.xx.0.114
primary DNS address 216.55.144.5
secondary DNS address 216.55.144.5
Script /etc/ppp/ip-up started (pid 22656)
Script /etc/ppp/ip-up finished (pid 22656), status = 0x1
rcvd [IPCP TermReq id=0x2 "Unauthorized remote IP address"]
IPCP terminated by peer (Unauthorized remote IP address)
Connect time 0.0 minutes.
Sent 0 bytes, received 34 bytes.
Script /etc/ppp/ip-down started (pid 22664)
sent [IPCP TermAck id=0x2]
Script /etc/ppp/ip-down finished (pid 22664), status = 0x1
rcvd [LCP TermReq id=0x2 "No network protocols running"]
LCP terminated by peer (No network protocols running)
sent [LCP TermAck id=0x2]
Script pptp vpn.XXXXX.com --nolaunchpppd finished (pid 21892), status = 0x0
Modem hangup
Connection terminated.
|
My ip-up script is the portage default, and i'm not sure if it needs alteration for this vpnserver.
I can connect to this vpn server under a windows platform without any problems, further, i can use this gentoo box to connect with other vpns, but/just not this one. The server admin will not support me, other than to say the tunnel is unencrypted, and so, I need to turn off all encryption settings.
I want to do without emerging pptpconfig, which has too many dependencies for my thin gentoo box.
Last edited by transcend on Wed Apr 27, 2005 7:16 pm; edited 1 time in total |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Mon Apr 25, 2005 6:48 pm Post subject: |
|
|
Since this is an AH only connection, it stands to reason that pptp will at least require you to pre-authenticate the remote servers' IP.
Do so 
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
transcend
n00b
Joined: 05 Nov 2003
Posts: 31
Location: NY, NY
|
| Posted: Mon Apr 25, 2005 8:46 pm Post subject: |
|
|
| adaptr wrote: | Since this is an AH only connection, it stands to reason that pptp will at least require you to pre-authenticate the remote servers' IP.
Do so |
Thanks adaptr! 
But now how the heck do i pre-authenticate (pre-register) the remote ip?!? |
|
| Back to top |
|
|
transcend
n00b
Joined: 05 Nov 2003
Posts: 31
Location: NY, NY
|
| Posted: Wed Apr 27, 2005 7:18 pm Post subject: |
|
|
| Ahh, it's just an option i had to pass to pptp... specifically, just adding, "noipdefault" to the options file (or the peer script). |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
