Re: Linux VPN Server w/ MPPE MPPC Help

To: debian-user@lists.debian.org
Subject: Re: Linux VPN Server w/ MPPE MPPC Help
From: Chris Swanson <chrisjswanson@gmail.com>
Date: Sat, 9 Apr 2005 17:05:14 -0700
Message-id: <[🔎] 1bdcbebf05040917056851054b@mail.gmail.com>
Reply-to: Chris Swanson <chrisjswanson@gmail.com>
In-reply-to: <[🔎] 1bdcbebf0504091642347e0a9d@mail.gmail.com>
References: <[🔎] 1bdcbebf0504091642347e0a9d@mail.gmail.com>

> Hello,
> I have built a Debian VPN server with a 2.6.10 kernel that I intend to
> use to support microsoft clients.   I followed the directions at the
> following url:
> 
> http://gfxcafe.com/VPN%20Howto.html
> 
> Now I have this problem:  When I try to connect using a windows
> machine, it says
> "Error 741: The local computer does not support the required data
> encryption type"
> 
> lsmod shows that the ppp_mppe_mppc module is loaded, as well as sha1 and arc4
> 
> I noticed the following in /var/log/daemon.log
> 
> Apr  9 15:26:17 vpn1 pptpd[1629]: CTRL: Client 169.254.65.187 control
> connection started
> Apr  9 15:26:17 vpn1 pptpd[1629]: CTRL: Starting call (launching pppd,
> opening GRE)
> Apr  9 15:26:17 vpn1 pppd[1630]: pppd 2.4.3 started by root, uid 0
> Apr  9 15:26:17 vpn1 pppd[1630]: Using interface ppp0
> Apr  9 15:26:17 vpn1 pppd[1630]: Connect: ppp0 <--> /dev/pts/1
> Apr  9 15:26:20 vpn1 pptpd[1629]: CTRL: Ignored a SET LINK INFO packet
> with real ACCMs!
> Apr  9 15:26:20 vpn1 pppd[1630]: MPPE required, but MS-CHAP[v2] auth
> not performed.
> Apr  9 15:26:20 vpn1 pptpd[1629]: CTRL: Reaping child PPP[1630]
> Apr  9 15:26:20 vpn1 pppd[1630]: Modem hangup
> Apr  9 15:26:20 vpn1 pppd[1630]: Connection terminated.
> Apr  9 15:26:20 vpn1 pppd[1630]: Connect time 0.1 minutes.
> Apr  9 15:26:20 vpn1 pppd[1630]: Sent 0 bytes, received 0 bytes.
> Apr  9 15:26:20 vpn1 pppd[1630]: Exit.
> Apr  9 15:26:20 vpn1 pptpd[1629]: CTRL: Client 169.254.65.187 control
> connection finished
> 
> Can someone help me sort out what is going on here?  I cannot tell if
> the mppe support is not working, or if there is some other problem.
> One strange behavior I have noticed is this: I tell the windows client
> not to require encryption, and then try to connect.  It complains,
> since the server requires authentication.  Then I recheck the box to
> require encryption and try again, and it works.  I cannot tell at this
> point if encryption is happening or not, but I do know that it will
> continue to work until I delete the connection and recreate it.  At
> this point I will get the same err 741 that I mentioned above.
> 
> Any help is hugely appreciated
> Chris
> 

Looks like I got this to work now.  For anyone else who runs into this
issue, I solved the problem by removing these lines from
/etc/ppp/options-pptpd:
+chap
+mschap-v2 

Then I added this:
require-mschap-v2

And now it works.  My options-pptpd looks like this:
name *
lock
mtu 1450
mru 1450
proxyarp
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
mppe required
require-mschap-v2

Chris

Reply to:

References:
- Linux VPN Server w/ MPPE MPPC Help
  - From: Chris Swanson <chrisjswanson@gmail.com>

Prev by Date: Linux VPN Server w/ MPPE MPPC Help
Next by Date: resolvconf and dnsmasq
Previous by thread: Linux VPN Server w/ MPPE MPPC Help
Next by thread: resolvconf and dnsmasq
Index(es):
- Date
- Thread