hi,
maybe one of the cisco users here on the list can help me.
I want to run dialin vpdn on a cisco 1712, using pptp tunnels with mppe
encryption and authenticate against freeradius 1.1.0
The strange thing is, my setup used to work just fine, until i tried to
upgrade IOS from 12.2 to 12.3T or 12.4. in both trains (> 12.2) mppe
suddenly fails to work. a normal, unencrypted pptp works.
"debug" shows that cisco gets a radius reply with ms-chap mppe attributes,
but seems to miss/misunderstand something. "debug mppe" says:
MPPE: keying material missing from radius
the relevant parts of my cisco config:
aaa authentication login vpnauth group radius
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated
aaa authorization network vpnauth group radius
vpdn enable
vpdn multihop
vpdn source-ip 217.196.69.198
vpdn logging
vpdn logging user
vpdn logging tunnel-drop
vpdn session-limit 10
vpdn search-order multihop-hostname
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
lcp renegotiation on-mismatch
interface Virtual-Template1
ip unnumbered FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
peer default ip address pool vpnpool
compress mppc
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2
ppp eap refuse callin
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key xxx
radius-server authorization default Framed-Protocol ppp
radius-server vsa send accounting
radius-server vsa send authentication
... and from radiusd.conf:
mschap {
authtype = MS-CHAP
use_mppe = yes
require_encryption = no
require_strong = no
}
i already tried to find information or to change some of the config
settings, but no luck :(
thanks in advance,
jakob
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
