Hi,
I solved the problem, and I'll post the resolution for reference
purposes. There were two configuration issues:
1) To enable MPPE encryption the encryption option on the bundle should
be DISABLED, since MPPE lives in the compression layer and not the
encryption layer; thus by commenting the "set bundle enable encryption"
and "set bundle enable crypt-reqd" lines, this problem was solved.
2) Since the client (a linux ppp client) had the option
"require-mppe-128" enabled, the server got a config request for 128 bit
MPPE stateless, but then rejected it. The reason for this was the "set
ccp enable mppc" line, which should have read "set ccp yes mppc" since
otherwise the accept flag is disabled.
Finally, I have not found a way to force MPPE encryption on the *server*
side. There seems to be no equivalent to "require-mppe-128" or "set
bundle enable comp-reqd" or something like that in mpd. Does anybody
know a way to require MPPE in mpd?
Regards,
Sebastiaan
Sebastiaan van Erk wrote:
Hi,
I'm trying to set up mpd (3.18) on a FreeBSD server to allow windows and
linux clients to connect. Currently I've only been trying to make the
linux connection succeed (Ubuntu with ppp-2.4.4), but I get the
following output from linux pppd:
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x1 <addr 10.0.0.1> <compress VJ 0f 00>]
sent [IPCP TermAck id=0x1]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfRej id=0x1 <mppe +H -M +S -L -D -C>]
MPPE required but peer refused
sent [LCP TermReq id=0x2 "MPPE required but peer refused"]
rcvd [LCP TermAck id=0x4]
Connection terminated.
I don't understand why the linux client sends a TermAck on IPCP without
getting a TermReq first, but apart from that mpd seems to be failing to
negotiate MPPE even though I configured both the linux client and mpd to
allow ONLY mppe-128, i.e., in my mpd.conf I have the following:
# Microsoft Point to Point Encryption
set bundle enable compression
set ccp enable mppc
set ccp enable mpp-e128
set ccp yes mpp-stateless
set ccp no mpp-e40
The linux client is requesting exactly that: MPPE 128 bit stateless as
can been seen from the mpd log:
[pptp0] CCP: rec'd Configure Request #1 link 0 (Req-Sent)
MPPC
0x01000040: MPPE, 128 bit, stateless
Am I doing something obviously wrong? Does anybody know how to fix this
problem? Any advice is welcome!
Thanks in advance,
Sebastiaan
P.S.: I have attached the mpd.conf, mpd.links, mpd.log and ppp.log files
for completeness.
------------------------------------------------------------------------
startup:
default:
load client0
client0:
new -i ng0 pptp0 pptp
set ipcp ranges 10.0.0.1/32 10.0.0.128/32
load pptp_common
pptp_common:
set iface disable on-demand
set iface enable proxy-arp
set iface idle 0
set iface enable tcpmssfix
set link yes acfcomp protocomp
set link disable pap
set link enable chap
set link no chap-md5
set link mtu 1460
set link keep-alive 10 60
set ipcp dns 192.168.1.10 192.168.1.1
set ipcp nbns 10.0.0.1
# Microsoft Point to Point Encryption
set bundle enable compression
set ccp enable mppc
set ccp enable mpp-e128
set ccp yes mpp-stateless
set ccp no mpp-e40
# Require encryption or drop connection
set bundle enable encryption
set bundle enable crypt-reqd
------------------------------------------------------------------------
pptp:
set link type pptp
set pptp self 192.168.1.10
set pptp enable incoming
set pptp disable originate
------------------------------------------------------------------------
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
