[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VPN to windows ISA server



Hi
I am trying to use kvpnc to connect to my work VPN. The server is a
Windows ISA server. I have selected the "require MPPE" option.  At
connection time unfortunately, with debug, the log file says:

Nov 29 14:29:35 [pppd] sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic
0x15190f75> <accomp>]
Nov 29 14:29:35 [pppd] MPPE required, but MS-CHAP[v2] auth not performed.
Nov 29 14:29:35 [pppd] sent [LCP TermReq id=0x2 "MPPE required but not
available                         "]
Nov 29 14:29:36 [pppd] rcvd [LCP EchoReq id=0x0 magic=0x15190f75]
Nov 29 14:29:36 [pppd] rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]

I added my CHAP "secret" with pptp-command.  Adding the secret does
not add the "*" for IP address coloum in the  "/etc/ppp/chap-secrets
file, is this normal?

Another question is the format of the domain\username.  In the secret
file for chap, the example was "domain\\username". Should this be the
same for the "user" value in the peer file?

I read online that the NT Domain part must be left blank, but the
domain added as prefix, as described above, to the username.  Is this
still valid?

The kernel module ppp_mppe loads fine, and the modinfo gives

filename:       /lib/modules/2.6.30-tuxonice-r4/kernel/drivers/net/ppp_mppe.ko
version:        1.0.2
alias:          ppp-compress-18
license:        Dual BSD/GPL
description:    Point-to-Point Protocol Microsoft Point-to-Point
Encryption support
author:         Frank Cusack <fcusack@xxxxxxxxxxx>
srcversion:     75D9E5320BB61153D0F4AF5
depends:        ppp_generic
vermagic:       2.6.30-tuxonice-r4 SMP mod_unload modversions 686 4KSTACKS

pppd version is 2.4.4
pptp version is 1.7.2

# lsmod |grep ppp
ppp_deflate             4188  0
ppp_async               7496  0
crc_ccitt               1796  1 ppp_async
ppp_mppe                6088  0
ppp_generic            21568  4 ppp_deflate,bsd_comp,ppp_async,ppp_mppe
slhc                    5156  1 ppp_generic

The peer file is attached as kvpnc.txt, and the secrets file looks like this:
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
myworkdomain\\djh       myworkdomain    *****
myworkdomain    myworkdomain\\djh       *****


Notice that the connection server is called server.myworkdomain.co.za,
but the domain I specified as myworkdomain (without .co.za)

Any help will be much appreciated.
Thanks
Diederik
# generated by kvpnc. Do not edit it.
# profile: myworkdomain.co.za


# name of tunnel, used to select lines in secrets files
remotename myworkdomain.co.za

# name of tunnel, used to name /var/run pid file
linkname kvpc.myworkdomain.co.za

# name of tunnel, passed to ip-up scripts
ipparam kvpnc.myworkdomain.co.za

# data stream for pppd to use
pty "/usr/sbin/pptp --loglevel 1 myworkdomain.co.za --nolaunchpppd"

# domain and username, used to select lines in secrets files
name "myworkdomain\myworkusername"

# use MPPE encryption
require-mppe
nomppe-stateful
require-mppe-128

# we do not require the peer to authenticate itself
noauth

# we want to see what happen
nodetach

# lock the device
lock

# Do not use BSD compression
nobsdcomp

# Do not use deflate method
nodeflate

# replace defaultroute
defaultroute

# default MTU
mtu 1500

# default MRU
mru 1500

# disable Microsoft Point-to-Point Compression (MPPC) (i.e. for compatibility with watchguard firebox)
nopcomp

# kernel level debug
kdebug 0
# refuse EAP
refuse-eap

[Linux Audio Users]     [Hams]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Photo]     [Yosemite Photos]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Linux Resources]     [Fedora Users]

Powered by Linux