Recently, my dialup account went from a standard PPP to an RAS-served
one. Since that time I have struggled to get connected, authenticated,
and accepted by this new setup. I am nearly there (thanks in part to
perusing the archives of this list on mail-archive.com). I'm hoping
someone out there can push me through the last wall.
Here's the situation: I have grabbed and compiled the patches to both
2.3.8 and 2.3.10 from http://www.moretonbay.com/vpn/download_pptp.html.
This includes copying the SSLeay rc4.h and rc4_enc.c files for the
build. I have updated my conf.modules to alias ppp_mppe, and have added
the +chapms and mppe-40 lines to my ppp/options file. [near as I can
tell, the patched 2.3.8 and 2.3.10 perform identically for the rest of
this discussion.] Thanks in advance for any willing to wade through the
following morass of data.
Here is the command line I use to invoke/connect pppd:
/usr/sbin/pppd -d -detach noauth connect "/usr/sbin/chat -v '' ATZ OK
ATDT<<PHONENUMBER...REST OF LOGIN SCRIPT>>" /dev/ttyS1 115200
ipcp-accept-local &
((I have, in the course of debug, tried the nopcomp and noaccomp flags,
to no effect))
Output:
======
Serial connection established.
Using interface ppp0
Connect: ppp0 <--> /dev/ttyS1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x2f0f22bb> <pcomp>
<accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x2f0f22bb> <pcomp>
<accomp>]
rcvd [LCP ConfReq id=0x0 <asyncmap 0x0> <auth chap m$oft> <magic 0xcbf>
<pcomp> <accomp>]
sent [LCP ConfAck id=0x0 <asyncmap 0x0> <auth chap m$oft> <magic 0xcbf>
<pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x2f0f22bb> <pcomp>
<accomp>]
rcvd [CHAP Challenge id=0x68 <fddf93be36121e40>, name =
"<<ACCT_SERVER>>"]
sent [CHAP Response id=0x68
<0000000000000000000000000000000000000000000000004b20b409f6ffcd816e5f387ae641f05eebe924ee484ddc6401>,
name = "<<ME>>"]
rcvd [CHAP Success id=0x68 ""]
!!! At this point, I appear to have successfully authenticated via
CHAP
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <compress VJ 0f 01>]
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <mppe 0 0 0 20>
<bsd v1 15>]
!!!Ask for simple compressions
rcvd [CCP ConfReq id=0x2 <mppe 0 0 0 71>]
sent [CCP ConfNak id=0x2 <mppe 0 0 0 60>]
!!!SPECULATION-> Looks like I'm asked to support High, Medium and Low
MPPE Encryption/Compression. I respond with 'no' to High and
Medium Is
that in fact what these codes mean?
rcvd [IPCP ConfReq id=0x3 <compress VJ 0f 01> <addr <<SERVER_IP>> >]
sent [IPCP ConfAck id=0x3 <compress VJ 0f 01> <addr <<SERVER_IP>> >]
rcvd [IPCP ConfNak id=0x1 <addr <<MY_NEW_IP>> >]
sent [IPCP ConfReq id=0x2 <addr <<MY_NEW_IP>> > <compress VJ 0f 01>]
rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
!!!Assigned my IP address and prior VJ compression request NAK'd.
Deflate and BSD
Compression Rej'd
sent [CCP ConfReq id=0x2 <mppe 0 0 0 20>]
rcvd [CCP ConfReq id=0x4 <mppe 0 0 0 40>]
sent [CCP ConfAck id=0x4 <mppe 0 0 0 40>]
rcvd [IPCP ConfAck id=0x2 <addr <<MY_NEW_IP>> > <compress VJ 0f 01>]
!!!! ?? I'm not clear here, but it looks like I ask for a flavor of
mppe compression. Before the
server answers, it asks me for a different flavor. I agree to
him, he agrees to my prior
VJ request.
local IP address <<MY_NEW_IP>>
remote IP address <<SERVER_IP>>
Script /etc/ppp/ip-up started (pid 4937)
rcvd [CCP ConfAck id=0x2 <mppe 0 0 0 20>]
!!! Now he also agrees to my mppe flavor. Note that I ONLY have
mppe-40 in my options file
at this point. At one point I had mppe-128 and mppe-stateless as
well, to no apparent effect.
MPPE 40 bit, non-stateless compression enabled
Script /etc/ppp/ip-up finished (pid 4937), status = 0x0
!!! You would think I'm in the clear now. I seem to have settled on
MPPE-40 However, I
cannot now ping <<SERVER_IP>> without seeing:
rcvd [LCP ProtRej id=0x5 c0 d6 7d 15 da 80 73 e4 ee 28 ff 7d 1e 1d 6f 73
d6 23 9f 3f 12 33 f3 e1 cb c3 15 f0 27 30 cc 15 dd 7e 4b fe 30 0a 79 0c
cc bf c1 4c d5 25 0e 99 59 21 88 9c 4f dc 38 e7 bb a3 6b b1 5f 7d 3a 5b
95 fc 6f d1 44 56 0b a1 ff 23 bb c3 c8
Protocol-Reject for unsupported protocol 0xc0d6
rcvd [LCP ProtRej id=0x6 ce 17 6d 77 fa 7d 51 fc a8 0b 88 a1 6c 8d 35 d7
65 c0 61 7b 79 0c a9 3a fa 01 f1 a1 79 a2 0a ed 64 2c b3 91 e4 58 3d 12
a1 86 58 6e c3 b1 4d 43 0d c4 38 ca cc 08 7d 8e b4 25 65 b5 07 fa 6a 44
4c c8 f7 14 c6 df f3 2c 3f 35 ba 7b 3c
Protocol-Reject for unsupported protocol 0xce17
rcvd [LCP ProtRej id=0x7 f2 06 10 a3 bc d7 70 09 6d 55 c5 ad e8 ba 15 b8
51 f3 60 57 fc e5 a4 43 dd 69 42 be 1f 87 ea 9a b7 99 cb 37 ca f5 06 0c
06 c5 72 d2 58 a0 10 4e 45 1c 22 a1 5e c9 9e 3d df 27 dc 36 eb 00 ac 65
05 9c 50 01 9e 04 85 62 d2 cb cf c8 35
Protocol-Reject for unsupported protocol 0xf206
(etc.)
!!! The rejected protocols adhere to no pattern I can detect, and I
do not need to ping to see these. THat's just the surest way to get
them on demand. No packets are returned from the ping. SPECULATION-->
I suspect these are encrypted/compressed packets that ppp/ppp_mppe is
not decoding for me. I had presumed that the negotiated protocol meant
the decoder was active, yet somehow it isn't. Anyone know what I'm
missing?
FYI: /var/log/messages from same transaction:
=====================================
May 17 14:03:39 localhost kernel: CSLIP: code copyright 1989 Regents of
the University of California
May 17 14:03:39 localhost kernel: PPP: version 2.3.8 (demand dialling)
May 17 14:03:39 localhost kernel: PPP line discipline registered.
May 17 14:03:39 localhost kernel: registered device ppp0
May 17 14:03:39 localhost pppd[4983]: pppd 2.3.8 started by <<ME>>, uid
0
May 17 14:03:40 localhost chat[4987]: send (ATZ^M)
May 17 14:03:41 localhost chat[4987]: expect (OK)
May 17 14:03:42 localhost chat[4987]: ATZ^M^M
May 17 14:03:42 localhost chat[4987]: OK
May 17 14:03:42 localhost chat[4987]: -- got it
(chat script follows to successful completion)
May 17 14:04:01 localhost pppd[4983]: Serial connection established.
May 17 14:04:01 localhost pppd[4983]: Using interface ppp0
May 17 14:04:01 localhost pppd[4983]: Connect: ppp0 <--> /dev/ttyS1
May 17 14:04:06 localhost kernel: PPP BSD Compression module registered
May 17 14:04:06 localhost kernel: PPP MPPE compression module registered
May 17 14:04:06 localhost kernel: PPP Deflate Compression module
registered
May 17 14:04:06 localhost pppd[4983]: local IP address <<MY_NEW_IP>>
May 17 14:04:06 localhost pppd[4983]: remote IP address <<SERVER_IP>>
May 17 14:04:06 localhost pppd[4983]: MPPE 40 bit, non-stateless
compression enabled
May 17 14:04:24 localhost pppd[4983]: Protocol-Reject for unsupported
protocol 0xc0d6
May 17 14:04:43 localhost pppd[4983]: Protocol-Reject for unsupported
protocol 0xce17
May 17 14:04:50 localhost pppd[4983]: Protocol-Reject for unsupported
protocol 0xf206
May 17 14:07:37 localhost pppd[4983]: Unsupported protocol (0x3c78)
received
Lordy, a headache just composing this. You can imagine my frustration
living it.
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
