I have a follow-on question. Below I said I was able to connect with MSCHAPv2 or no authentication. I think I was actually not authenticating in either case. So... Is there a way to have PPP try authentication first before giving up and trying no authentication? (This may be a violation of LCP, I'm not sure. It just seems like it should/could be a negotiable option.)
If I set ppp_set_auth_required(, 0);, then I think it always connects with no auth, regardless of what I've set in ppp_set_auth(). If I set ppp_set_auth_required(, 1);, then it refuses the peers that don't support auth at all. Is there a solution here that I'm not seeing? Slightly outside of the scope of lwIP, but if it's possible, what are the appropriate pppd options to allow its side? Thanks. -- G From: Greg Smith Sent: Wednesday, 10 August 2016 19:30 To: Mailing list for lwIP users <[email protected]> Subject: PPP MPPE "Optional" Support Hello. I have some devices in the field that have all PPP authentication turned off for PPP. Now that lwIP supports MSCHAPv2 and MPPE (in the 2.0.0 betas), I'd like to enable those features on my devices to encrypt the traffic. But I also need to support older units that are running older lwIP versions and don't have authentication support. If I ppp_set_auth(, PPPAUTHTYPE_ANY,,) in my startup code, I can get peers to connect with both no authentication and MSCHAPv2 successfully. (Yea!) However, if I then try ppp_set_mppe(pppPcb, PPP_MPPE_ENABLE | PPP_MPPE_REFUSE_128); (with or without the REFUSE flag), my clients with no authentication fail because MPPE is "required". (LwIP responds with "MPPE required, but MS-CHAP[v2] auth not performed.".) I'd like to make it so MPPE is only required if MSCHAPv2 negotiates. (Alternately, don't require MPPE if no authentication is negotiated, but require it (and fail) if any other form is negotiated.) Is there a way to do this? Or is that behavior completely unsupported? I've thought about using PPP_NOTIFY_PHASE in some way, but I haven't explored that yet. Would that be viable (even if clunky) to manually do ppp_set_mppe after MSCHAPv2 negotiates? Or is even that poor practice to change LCP options in the middle of the negotiation? -- G --------------------------------------------------------------------------------------- This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com ---------------------------------------------------------------------------------------
_______________________________________________ lwip-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/lwip-users
