I have pptp server running FreeBSD 4.11 with pptpd. This server is serving Windows clients without problems for more than a year. But I tried hard to connect to it from Gentoo box and failed. I use pppd version 2.4.2 emerged without mppe-mppc USE flag, pptp-client version 1.7.0, kernel 2.6.15-gentoo-r1. The pon log looks like this: [21:52]:hive:~:#:>pon UCEWP-pptp debug dump logfd 2 nodetach pppd options in effect: debug # (from command line) nodetach # (from command line) logfd 2 # (from command line) dump # (from command line) require-mschap-v2 # (from /etc/ppp/options.pptp) name punk # (from /etc/ppp/peers/UCEWP-pptp) remotename # (from /etc/ppp/peers/UCEWP-pptp) # (from /etc/ppp/options.pptp) pty pptp env.com.ua --nolaunchpppd # (from /etc/ppp/peers/UCEWP-pptp) lcp-echo-failure 10 # (from /etc/ppp/options.pptp) lcp-echo-interval 10 # (from /etc/ppp/options.pptp) ipparam UCEWP-pptp # (from /etc/ppp/peers/UCEWP-pptp) nobsdcomp # (from /etc/ppp/options.pptp) nodeflate # (from /etc/ppp/options.pptp) require-mppe-128 # (from /etc/ppp/options.pptp) using channel 20 Using interface ppp0 Connect: ppp0 <--> /dev/pts/4 sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xb906e5db> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x1 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x1aec8557> <auth chap MD5>] sent [LCP ConfAck id=0x1 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x1aec8557> <auth chap MD5>] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xb906e5db> <pcomp> <accomp>] sent [LCP EchoReq id=0x0 magic=0xb906e5db] sent [CHAP Challenge id=0x13 <b48642b81ea8eca88821748ed101fb30>, name = "punk"] rcvd [CHAP Challenge id=0x1 <554ea3b6aa01d8a29d73e23095ee908d0174d05ed9de666e74affbe80f58>, name = ""] sent [CHAP Response id=0x1 <0ee7bf07986e7dae410ffd4ff453a1a5>, name = "punk"] rcvd [LCP EchoRep id=0x0 magic=0x1aec8557] rcvd [CHAP Response id=0x13 <554ea3b6aa01d8a29d73e23095ee908d00000000000000002a5282a228670ff6e2ac34ad2d0a97c09041a324c042340f00>, name = ""] sent [CHAP Success id=0x13 "S=407F1405A49A9CEF27F37348F74D2F1D25DDA717 M=Access granted"] rcvd [CHAP Challenge id=0x14 <554ea3b6aa01d8a29d73e23095ee908d0174d05ed9de666e74affbe80f58>, name = ""] sent [CHAP Response id=0x14 <f91349179a86420b176173ea51fc2b99>, name = "punk"] Modem hangup Connection terminated. Waiting for 1 child processes... script pptp env.com.ua --nolaunchpppd, pid 10142 Script pptp env.com.ua --nolaunchpppd finished (pid 10142), status = 0x0 [21:52]:hive:~:#:> /etc/ppp/chap-secrets: punk "" PunksNotDead * "" punk "" * /etc/ppp/peers/UCEWP-pptp: pty "pptp env.com.ua --nolaunchpppd" name punk remotename "" file /etc/ppp/options.pptp ipparam UCEWP-pptp /etc/ppp/options.pptp: lock noauth nobsdcomp nodeflate require-mschap-v2 require-mppe-128 lcp-echo-failure 10 lcp-echo-interval 10 On the FreeBSD (server) side file /etc/ppp/ppp.conf is: pptp: disable pap enable chap enable MSChap enable MSChapV2 enable proxy set timeout 0 set log connect phase lcp ipcp ccp # Server (local) IP address, Range for Clients, and Netmask set ifaddr 10.0.0.1 10.0.0.103-10.0.0.109 255.255.255.255 # DNS Servers to assign client accept dns set dns 10.0.0.5 # NetBIOS/WINS Servers to assign client set nbns 10.0.0.1 /etc/ppp/ppp.secrets contains line punk PunksNotDead 10.0.0.106 and the log contains these messages: Apr 15 21:52:41 env pptpd[88883]: MGR: Launching /usr/local/sbin/pptpctrl to han dle client Apr 15 21:52:41 env pptpd[88883]: CTRL: pppd options file = /etc/ppp/ppp.conf Apr 15 21:52:41 env pptpd[88883]: CTRL: Client 195.26.18.9 control connection st arted Apr 15 21:52:41 env pptpd[88883]: CTRL: Received PPTP Control Message (type: 1) Apr 15 21:52:41 env pptpd[88883]: CTRL: Made a START CTRL CONN RPLY packet Apr 15 21:52:41 env pptpd[88883]: CTRL: I wrote 156 bytes to the client. Apr 15 21:52:41 env pptpd[88883]: CTRL: Sent packet to client Apr 15 21:52:42 env pptpd[88883]: CTRL: Received PPTP Control Message (type: 7) Apr 15 21:52:42 env pptpd[88883]: CTRL: Set parameters to 152 maxbps, 3 window s ize Apr 15 21:52:42 env pptpd[88883]: CTRL: Made a OUT CALL RPLY packet Apr 15 21:52:42 env pptpd[88883]: CTRL: Starting call (launching pppd, opening G RE) Apr 15 21:52:42 env pptpd[88883]: CTRL: pty_fd = 6 Apr 15 21:52:42 env pptpd[88883]: CTRL: tty_fd = 5 Apr 15 21:52:42 env pptpd[88883]: CTRL: I wrote 32 bytes to the client. Apr 15 21:52:42 env pptpd[88883]: CTRL: Sent packet to client Apr 15 21:52:42 env ppp[88884]: Phase: Using interface: tun0 Apr 15 21:52:42 env ppp[88884]: Phase: deflink: Created in closed state Apr 15 21:52:42 env ppp[88884]: IPCP: Selected IP address 10.0.0.104 Apr 15 21:52:42 env ppp[88884]: Phase: PPP Started (direct mode). Apr 15 21:52:42 env ppp[88884]: Phase: bundle: Establish Apr 15 21:52:42 env ppp[88884]: Phase: deflink: closed -> opening Apr 15 21:52:42 env ppp[88884]: Phase: deflink: Connected! Apr 15 21:52:42 env ppp[88884]: Phase: deflink: opening -> carrier Apr 15 21:52:42 env ppp[88884]: Phase: deflink: carrier -> lcp Apr 15 21:52:42 env ppp[88884]: LCP: FSM: Using "deflink" as a transport Apr 15 21:52:42 env ppp[88884]: LCP: deflink: State change Initial --> Closed Apr 15 21:52:42 env ppp[88884]: LCP: deflink: State change Closed --> Stopped Apr 15 21:52:42 env ppp[88884]: LCP: deflink: RecvConfigReq(1) state = Stopped Apr 15 21:52:42 env ppp[88884]: LCP: ACCMAP[6] 0x00000000 Apr 15 21:52:42 env ppp[88884]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81) Apr 15 21:52:42 env ppp[88884]: LCP: MAGICNUM[6] 0xb906e5db Apr 15 21:52:42 env ppp[88884]: LCP: PROTOCOMP[2] Apr 15 21:52:42 env ppp[88884]: LCP: ACFCOMP[2] Apr 15 21:52:42 env ppp[88884]: LCP: deflink: SendConfigReq(1) state = Stopped Apr 15 21:52:42 env ppp[88884]: LCP: ACFCOMP[2] Apr 15 21:52:42 env ppp[88884]: LCP: PROTOCOMP[2] Apr 15 21:52:42 env ppp[88884]: LCP: ACCMAP[6] 0x00000000 Apr 15 21:52:42 env ppp[88884]: LCP: MRU[4] 1500 Apr 15 21:52:42 env ppp[88884]: LCP: MAGICNUM[6] 0x1aec8557 Apr 15 21:52:42 env ppp[88884]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Apr 15 21:52:42 env ppp[88884]: LCP: deflink: SendConfigAck(1) state = Stopped Apr 15 21:52:42 env ppp[88884]: LCP: ACCMAP[6] 0x00000000 Apr 15 21:52:42 env ppp[88884]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81) Apr 15 21:52:42 env ppp[88884]: LCP: MAGICNUM[6] 0xb906e5db Apr 15 21:52:42 env ppp[88884]: LCP: PROTOCOMP[2] Apr 15 21:52:42 env ppp[88884]: LCP: ACFCOMP[2] Apr 15 21:52:42 env ppp[88884]: LCP: deflink: LayerStart Apr 15 21:52:42 env ppp[88884]: LCP: deflink: State change Stopped --> Ack-Sent Apr 15 21:52:42 env ppp[88884]: LCP: deflink: RecvConfigAck(1) state = Ack-Sent Apr 15 21:52:42 env ppp[88884]: LCP: ACFCOMP[2] Apr 15 21:52:42 env ppp[88884]: LCP: PROTOCOMP[2] Apr 15 21:52:42 env ppp[88884]: LCP: ACCMAP[6] 0x00000000 Apr 15 21:52:42 env ppp[88884]: LCP: MRU[4] 1500 Apr 15 21:52:42 env ppp[88884]: LCP: MAGICNUM[6] 0x1aec8557 Apr 15 21:52:42 env ppp[88884]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Apr 15 21:52:42 env ppp[88884]: LCP: deflink: State change Ack-Sent --> Opened Apr 15 21:52:42 env ppp[88884]: LCP: deflink: LayerUp Apr 15 21:52:42 env ppp[88884]: Phase: bundle: Authenticate Apr 15 21:52:42 env ppp[88884]: Phase: deflink: his = CHAP 0x81, mine = CHAP 0x8 1 Apr 15 21:52:42 env ppp[88884]: Phase: Chap Output: CHALLENGE Apr 15 21:52:42 env ppp[88884]: LCP: deflink: RecvEchoRequest(0) state = Opened Apr 15 21:52:42 env ppp[88884]: LCP: deflink: SendEchoReply(0) state = Opened Apr 15 21:52:42 env ppp[88884]: Phase: Chap Input: CHALLENGE (16 bytes from punk ) Apr 15 21:52:42 env ppp[88884]: Phase: Chap Output: RESPONSE () Apr 15 21:52:42 env ppp[88884]: Phase: Chap Input: RESPONSE dropped (got id 1, n ot 19) Apr 15 21:52:42 env ppp[88884]: Phase: Chap Input: SUCCESS (S=407F1405A49A9CEF27 F37348F74D2F1D25DDA717 M=Access granted) Apr 15 21:52:45 env ppp[88884]: Phase: Chap Output: CHALLENGE Apr 15 21:52:45 env ppp[88884]: Phase: Chap Input: RESPONSE (16 bytes from punk) Apr 15 21:52:45 env ppp[88884]: Phase: Chap Output: SUCCESS Apr 15 21:52:45 env ppp[88884]: CCP: FSM: Using "deflink" as a transport Apr 15 21:52:45 env ppp[88884]: CCP: deflink: State change Initial --> Closed Apr 15 21:52:45 env ppp[88884]: CCP: deflink: LayerStart. Apr 15 21:52:45 env ppp[88884]: CCP: MPPE: MasterKey is invalid, MPPE is availab le only with CHAP81 authentication Apr 15 21:52:45 env pptpd[88883]: GRE: read(fd=6,buffer=804d960,len=8196) from P TY failed: status = 0 error = No error Apr 15 21:52:45 env pptpd[88883]: CTRL: PTY read or GRE write failed (pty,gre)=( 6,5) Apr 15 21:52:45 env pptpd[88883]: CTRL: Closing child ppp with pid 88884 Apr 15 21:52:45 env pptpd[88883]: CTRL: Client 195.26.18.9 control connection fi nished Apr 15 21:52:45 env pptpd[88883]: CTRL: Exiting now Apr 15 21:52:45 env pptpd[296]: MGR: Reaped child 88883 emerge --info on the client side goes here: [22:26]:hive:~:#:>emerge --info Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r3, 2.6.15-gentoo-r1 i686) ================================================================= System uname: 2.6.15-gentoo-r1 i686 Pentium III (Coppermine) Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i386-pc-linux-gnu" CFLAGS="-O3 -march=pentium3 -pipe" CHOST="i386-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/env.d" CXXFLAGS="-O3 -march=pentium3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X alsa arts audiofile avi berkdb bitmap-fonts bzip2 cli crypt ctype curl dba dri elibc_glibc exif expat fam fastbuild force-cgi-redirect ftp gd gif glut gmp gpm gtk2 idn isdnlog java jpeg kde kdeenablefinal kernel_linux lcms libwww memlimit mng mp3 mpeg ncurses ogg opengl oss pam pcre pdflib perl png posix pppd python qt readline samba session simplexml soap sockets spl ssl tcpd tiff tokenizer truetype truetype-fonts type1-fonts udev userland_GNU userlocales vorbis xml2 xmms xpm xsl zlib" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY [22:33]:hive:~:#:>
please try ppp-2.4.3-r14. if it doesn't work, post again the logs from both machines.
You should also try pptpclient-1.7.1.
I have emerged pppd and pptpclient versions you advised, but have the same error. Logs of the client and server attached.
Created attachment 84862 [details] Client log (Linux)
Created attachment 84863 [details] Server (FreeBSD) log
At least now you don't have the "Chap Input: RESPONSE dropped (got id 1, not 19)" error, but the BSD logs are a lot harder to read than before. Can you understand something from it?
are you sure your firewall accepts GRE packages? please try to connect with firewall disabled.
well? it was the firewall?
No, this is NOT a firewall. This machine has dual-boot Gentoo - Windows XP configuration and from Windows VPN connections can be established without problems. I have just proved it again - last two days my home network laid down. Moreover, if I try from Linux once again without MSCHAPv2 and without MPPE, it also works well (except for one little issue - I should add a route to the remote corporate network via ppp0 manually). So it is MSCHAPv2/MPPE issue. FreeBSD logs I provided here contain full debug information and I can add nothing to it.
I've just noticed something that might be the cause. You launched pppd without "noauth" option, which means the client will request authentication from the server (actually, it will do if you already have a default route, but I bet you have). Please add noauth. (In reply to comment #9) > Moreover, if I try from Linux once again without MSCHAPv2 and without MPPE, it > also works well (except for one little issue - I should add a route to the > remote corporate network via ppp0 manually). So it is MSCHAPv2/MPPE issue. PPP protocol don't negotiate routes. When you start a PPP connection, a host route will be added and optionally, if defaultroute option has been used, it will set the default route through the peer's address. Besides that, any other routes should be set through /etc/ppp/if-up.local script. > FreeBSD logs I provided here contain full debug information and I can add > nothing to it. > The last BSD log is radically different than the first one. Please disable debug on BSD (or whatever option set that sort of junk log).
Created attachment 85092 [details] successfull pptpclient log This is how a successfull login should look like.
I tried once again - now the error is access denied, though I cannot imagine why access is granted with CHAP and denied with MSCHAPv2 with the same file /etc/ppp/chap-secrets. Client and server logs are: [21:29]:hive:~:#:>pon UCEWP-pptp debug dump logfd 2 nodetach pppd options in effect: debug debug # (from command line) nodetach # (from command line) logfd 2 # (from command line) linkname UCEWP-pptp # (from /etc/ppp/peers/UCEWP-pptp) dump # (from command line) noauth # (from /etc/ppp/options.pptp) refuse-chap # (from /etc/ppp/options.pptp) refuse-mschap # (from /etc/ppp/options.pptp) refuse-eap # (from /etc/ppp/options.pptp) name punk # (from /etc/ppp/peers/UCEWP-pptp) remotename # (from /etc/ppp/peers/UCEWP-pptp) # (from /etc/ppp/options) pty pptp env.kiev.ua --nolaunchpppd # (from /etc/ppp/peers/UCEWP-pptp) ipparam UCEWP-pptp # (from /etc/ppp/peers/UCEWP-pptp) nobsdcomp # (from /etc/ppp/options.pptp) nodeflate # (from /etc/ppp/options.pptp) require-mppe # (from /etc/ppp/peers/UCEWP-pptp) using channel 12 Using interface ppp0 Connect: ppp0 <--> /dev/pts/4 sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x60743cd9> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x1 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0xef3c3b00> <auth chap MD5>] sent [LCP ConfNak id=0x1 <auth chap MS-v2>] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x60743cd9> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x2 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0xef3c3b00> <auth chap MS-v2>] sent [LCP ConfAck id=0x2 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0xef3c3b00> <auth chap MS-v2>] rcvd [CHAP Challenge id=0x1 <52825de1a19ed35f784af784506cbca0>, name = ""] sent [CHAP Response id=0x1 <0edb89f843ab80bebd3c02ee3e38fe03000000a0adf7bf002871987a43471450e6a109c3f4c7f5958dad05e4fcd7467900>, name = "punk"] rcvd [CHAP Failure id=0x1 "E=691 R=0 C=52825DE1A19ED35F784AF784506CBCA0 V=3 M=Invalid!\000"] MS-CHAP authentication failed: Invalid! CHAP authentication failed sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"] rcvd [LCP TermReq id=0x3] sent [LCP TermAck id=0x3] Script pptp env.kiev.ua --nolaunchpppd finished (pid 5783), status = 0x0 Modem hangup Connection terminated. [21:29]:hive:~:#:> Apr 21 21:29:08 env pptpd[42104]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Apr 21 21:29:08 env pptpd[42104]: CTRL: pppd options file = /etc/ppp/ppp.conf Apr 21 21:29:08 env pptpd[42104]: CTRL: Client 195.26.18.9 control connection started Apr 21 21:29:08 env pptpd[42104]: CTRL: Received PPTP Control Message (type: 1) Apr 21 21:29:08 env pptpd[42104]: CTRL: Made a START CTRL CONN RPLY packet Apr 21 21:29:08 env pptpd[42104]: CTRL: I wrote 156 bytes to the client. Apr 21 21:29:08 env pptpd[42104]: CTRL: Sent packet to client Apr 21 21:29:09 env pptpd[42104]: CTRL: Received PPTP Control Message (type: 7) Apr 21 21:29:09 env pptpd[42104]: CTRL: Set parameters to 152 maxbps, 3 window size Apr 21 21:29:09 env pptpd[42104]: CTRL: Made a OUT CALL RPLY packet Apr 21 21:29:09 env pptpd[42104]: CTRL: Starting call (launching pppd, opening GRE) Apr 21 21:29:09 env pptpd[42104]: CTRL: pty_fd = 6 Apr 21 21:29:09 env pptpd[42104]: CTRL: tty_fd = 5 Apr 21 21:29:09 env pptpd[42104]: CTRL: I wrote 32 bytes to the client. Apr 21 21:29:09 env pptpd[42104]: CTRL: Sent packet to client Apr 21 21:29:09 env ppp[42105]: Phase: Using interface: tun0 Apr 21 21:29:09 env ppp[42105]: Phase: deflink: Created in closed state Apr 21 21:29:09 env ppp[42105]: IPCP: Selected IP address 10.0.0.108 Apr 21 21:29:09 env ppp[42105]: Phase: PPP Started (direct mode). Apr 21 21:29:09 env ppp[42105]: Phase: bundle: Establish Apr 21 21:29:09 env ppp[42105]: Phase: deflink: closed -> opening Apr 21 21:29:09 env ppp[42105]: Phase: deflink: Connected! Apr 21 21:29:09 env ppp[42105]: Phase: deflink: opening -> carrier Apr 21 21:29:09 env ppp[42105]: Phase: deflink: carrier -> lcp Apr 21 21:29:09 env ppp[42105]: LCP: FSM: Using "deflink" as a transport Apr 21 21:29:09 env ppp[42105]: LCP: deflink: State change Initial --> Closed Apr 21 21:29:09 env ppp[42105]: LCP: deflink: State change Closed --> Stopped Apr 21 21:29:09 env ppp[42105]: LCP: deflink: RecvConfigReq(1) state = Stopped Apr 21 21:29:09 env ppp[42105]: LCP: ACCMAP[6] 0x00000000 Apr 21 21:29:09 env ppp[42105]: LCP: MAGICNUM[6] 0x60743cd9 Apr 21 21:29:09 env ppp[42105]: LCP: PROTOCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: ACFCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: deflink: SendConfigReq(1) state = Stopped Apr 21 21:29:09 env ppp[42105]: LCP: ACFCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: PROTOCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: ACCMAP[6] 0x00000000 Apr 21 21:29:09 env ppp[42105]: LCP: MRU[4] 1500 Apr 21 21:29:09 env ppp[42105]: LCP: MAGICNUM[6] 0xef3c3b00 Apr 21 21:29:09 env ppp[42105]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Apr 21 21:29:09 env ppp[42105]: LCP: deflink: SendConfigAck(1) state = Stopped Apr 21 21:29:09 env ppp[42105]: LCP: ACCMAP[6] 0x00000000 Apr 21 21:29:09 env ppp[42105]: LCP: MAGICNUM[6] 0x60743cd9 Apr 21 21:29:09 env ppp[42105]: LCP: PROTOCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: ACFCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: deflink: LayerStart Apr 21 21:29:09 env ppp[42105]: LCP: deflink: State change Stopped --> Ack-Sent Apr 21 21:29:09 env ppp[42105]: LCP: deflink: RecvConfigNak(1) state = Ack-Sent Apr 21 21:29:09 env ppp[42105]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81) Apr 21 21:29:09 env ppp[42105]: LCP: deflink: SendConfigReq(2) state = Ack-Sent Apr 21 21:29:09 env ppp[42105]: LCP: ACFCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: PROTOCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: ACCMAP[6] 0x00000000 Apr 21 21:29:09 env ppp[42105]: LCP: MRU[4] 1500 Apr 21 21:29:09 env ppp[42105]: LCP: MAGICNUM[6] 0xef3c3b00 Apr 21 21:29:09 env ppp[42105]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81) Apr 21 21:29:09 env ppp[42105]: LCP: deflink: RecvConfigAck(2) state = Ack-Sent Apr 21 21:29:09 env ppp[42105]: LCP: ACFCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: PROTOCOMP[2] Apr 21 21:29:09 env ppp[42105]: LCP: ACCMAP[6] 0x00000000 Apr 21 21:29:09 env ppp[42105]: LCP: MRU[4] 1500 Apr 21 21:29:09 env ppp[42105]: LCP: MAGICNUM[6] 0xef3c3b00Apr 21 21:29:09 env ppp[42105]: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x81) Apr 21 21:29:09 env ppp[42105]: LCP: deflink: State change Ack-Sent --> Opened Apr 21 21:29:09 env ppp[42105]: LCP: deflink: LayerUp Apr 21 21:29:09 env ppp[42105]: Phase: bundle: Authenticate Apr 21 21:29:09 env ppp[42105]: Phase: deflink: his = none, mine = CHAP 0x81 Apr 21 21:29:09 env ppp[42105]: Phase: Chap Output: CHALLENGE Apr 21 21:29:09 env ppp[42105]: Phase: Chap Input: RESPONSE (49 bytes from punk) Apr 21 21:29:09 env ppp[42105]: Phase: Chap Output: FAILURE Apr 21 21:29:09 env ppp[42105]: LCP: deflink: LayerDown Apr 21 21:29:09 env ppp[42105]: LCP: deflink: SendTerminateReq(3) state = Opened Apr 21 21:29:09 env ppp[42105]: LCP: deflink: State change Opened --> Closing Apr 21 21:29:09 env ppp[42105]: LCP: deflink: RecvTerminateReq(2) state = Closing Apr 21 21:29:09 env ppp[42105]: LCP: deflink: SendTerminateAck(2) state = Closing Apr 21 21:29:09 env ppp[42105]: LCP: deflink: RecvTerminateAck(3) state = Closing Apr 21 21:29:09 env ppp[42105]: LCP: deflink: LayerFinish Apr 21 21:29:09 env ppp[42105]: LCP: deflink: State change Closing --> Closed Apr 21 21:29:09 env ppp[42105]: LCP: deflink: State change Closed --> Initial Apr 21 21:29:09 env ppp[42105]: Phase: deflink: Disconnected! Apr 21 21:29:09 env pptpd[42104]: GRE: read(fd=6,buffer=804d960,len=8196) from PTY failed: status = 0 error = No error Apr 21 21:29:09 env ppp[42105]: Phase: deflink: Connect time: 0 secs: 280 octets in, 298 octets out Apr 21 21:29:09 env pptpd[42104]: CTRL: PTY read or GRE write failed (pty,gre)=(6,5) Apr 21 21:29:09 env ppp[42105]: Phase: deflink: 6 packets in, 7 packets out Apr 21 21:29:09 env pptpd[42104]: CTRL: Closing child ppp with pid 42105 Apr 21 21:29:09 env ppp[42105]: Phase: total 578 bytes/sec, peak 0 bytes/sec on Fri Apr 21 21:29:0 9 2006 Apr 21 21:29:09 env pptpd[42104]: CTRL: Client 195.26.18.9 control connection finished Apr 21 21:29:09 env ppp[42105]: Phase: deflink: lcp -> closed Apr 21 21:29:09 env pptpd[42104]: CTRL: Exiting now Apr 21 21:29:09 env pptpd[55595]: MGR: Reaped child 42104 Apr 21 21:29:09 env ppp[42105]: Phase: bundle: Dead Apr 21 21:29:09 env ppp[42105]: Phase: PPP Terminated (normal).
Seems to me that BSD is unable to use mschap-v2. Loose the refuse-* options.
FreeBSD server fails to authenticate you on mschap-v2, therefore this bug is INVALID.
If so, please tell me why the same FreeBSD server authenticates the same client via MSCHAPv2 when the client is under Windows? Why in Windows MPPE-128 works well? Why FreeBSD server does not authenticate the Linux client via MSCHAP too, but authenticates it with CHAP while /etc/ppp/chap-secrets has the same content?
what makes you think it authenticates on mschap-v2? based on following log line, I conclude that FreeBSD server propose CHAP-v1 authentication: rcvd [LCP ConfReq id=0x1 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x1aec8557> <auth chap MD5>] Does a successful Windows login produce a BSD log line containing 'CHAP 0x81' string?
correction for the previous comment: BSD server propose CHAP, not mschap-v1 (alias CHAP 0x80) or mschap-v2 (alias CHAP 0x81).
Created attachment 85475 [details] FreeBSD talking to Windows client (with MSCHAPv2 and MPPE) log
Created attachment 85476 [details] Windows VPN connection with MSCHAPv2 and MPPE128
please try it with "silent" option activated, in addition to the ones used in comment #12.
[10:40]:hive:~:#:>pon UCEWP-pptp debug dump logfd 2 nodetach silent pppd options in effect: debug debug # (from command line) nodetach # (from command line) logfd 2 # (from command line) linkname UCEWP-pptp # (from /etc/ppp/peers/UCEWP-pptp) dump # (from command line) noauth # (from /etc/ppp/options.pptp) refuse-chap # (from /etc/ppp/options.pptp) refuse-mschap # (from /etc/ppp/options.pptp) refuse-eap # (from /etc/ppp/options.pptp) name punk # (from /etc/ppp/peers/UCEWP-pptp) remotename # (from /etc/ppp/peers/UCEWP-pptp) # (from /etc/ppp/options) pty pptp env.kiev.ua --nolaunchpppd # (from /etc/ppp/peers/UCEWP-pptp) silent # (from command line) ipparam UCEWP-pptp # (from /etc/ppp/peers/UCEWP-pptp) nobsdcomp # (from /etc/ppp/options.pptp) nodeflate # (from /etc/ppp/options.pptp) require-mppe # (from /etc/ppp/peers/UCEWP-pptp) using channel 2 Using interface ppp0 Connect: ppp0 <--> /dev/pts/2 rcvd [LCP ConfReq id=0x1 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x425762bd> <auth chap MD5>] sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf47464d3> <pcomp> <accomp>] sent [LCP ConfNak id=0x1 <auth chap MS-v2>] rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xf47464d3> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x2 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x425762bd> <auth chap MS-v2>] sent [LCP ConfAck id=0x2 <accomp> <pcomp> <asyncmap 0x0> <mru 1500> <magic 0x425762bd> <auth chap MS-v2>] rcvd [CHAP Challenge id=0x1 <c78150786b2fb03c70c73551d7c71cb2>, name = ""] sent [CHAP Response id=0x1 <db576df09fd545f84f9496d1f63d3974000000f05f80bf00f30a87845251b17849f54e52243ee2db16e5df470043266800>, name = "punk"] rcvd [CHAP Failure id=0x1 "E=691 R=0 C=C78150786B2FB03C70C73551D7C71CB2 V=3 M=Invalid!\000"] MS-CHAP authentication failed: Invalid! CHAP authentication failed sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"] rcvd [LCP TermReq id=0x3] sent [LCP TermAck id=0x3] Script pptp env.kiev.ua --nolaunchpppd finished (pid 5698), status = 0x0 Modem hangup Connection terminated. [10:40]:hive:~:#:>
well, I'm out of ideas. The only difference that remains comparing with a Windows login is the mru/mtu size (1400 on Windows), but I don't see how mtu could affect authentication. One thing is ceirtain. The pppd's implementation of mschap is working when the peer is using pppd or Redmond's software. Since FreeBSD machine is the one that fails to authenticate you, you should contact FreeBSD developers.
