troubles with mppe & radius plugin in pptp vpn

Артем Пастухов Thu, 31 May 2007 23:46:58 -0700

Добрый день, обнаружил странный глюк: при подключении по pptp с авторизацией
через радиус (plugin radius.so в опциях ppp) не работает mppe шифрование,
если отключить плагин и авторизоватся через chap-secrets то все ок.
логи:
c radius:
Jun  1 10:18:35 gate pppd[2925]: RADATTR plugin wrote 4 line(s) to file
/var/run/radattr.ppp0.
Jun  1 10:18:35 gate pppd[2925]: sent [CHAP Success id=0xd9
"S=DBCEA18FDDB307F1EA21F8D04406A816B20DD697"]
Jun  1 10:18:35 gate pppd[2925]: sent [LCP TermReq id=0x2 "MPPE required but
not available"]
Jun  1 10:18:35 gate pppd[2925]: rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L
-D +C>]
Jun  1 10:18:35 gate pppd[2925]: Discarded non-LCP packet when LCP not open
Jun  1 10:18:35 gate pppd[2925]: rcvd [IPCP ConfReq id=0x5 <addr 0.0.0.0>
<ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Jun  1 10:18:35 gate pppd[2925]: Discarded non-LCP packet when LCP not open
Jun  1 10:18:35 gate pppd[2925]: rcvd [LCP TermAck id=0x2 "MPPE required but
not available"]
Jun  1 10:18:35 gate pppd[2925]: RADATTR plugin removed file
/var/run/radattr.ppp0.


c chap-secrets:
Jun  1 09:38:25 gate pppd[6785]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MS-v2> <magic 0x36554d26> <pcomp> <accomp>]
Jun  1 09:38:25 gate pppd[6785]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic
0x51370ed8> <pcomp> <accomp> <callback CBCP>]
Jun  1 09:38:25 gate pppd[6785]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Jun  1 09:38:25 gate pppd[6785]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic
0x51370ed8> <pcomp> <accomp>]
Jun  1 09:38:25 gate pppd[6785]: sent [LCP ConfAck id=0x1 <mru 1400> <magic
0x51370ed8> <pcomp> <accomp>]
Jun  1 09:38:28 gate pppd[6785]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MS-v2> <magic 0x36554d26> <pcomp> <accomp>]
Jun  1 09:38:28 gate pppd[6785]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth chap MS-v2> <magic 0x36554d26> <pcomp> <accomp>]
Jun  1 09:38:28 gate pppd[6785]: sent [LCP EchoReq id=0x0 magic=0x36554d26]
Jun  1 09:38:28 gate pppd[6785]: sent [CHAP Challenge id=0x21
<a18e4aadb6d24827ad4b25a485565636>, name = "gate"]
Jun  1 09:38:28 gate pppd[6785]: rcvd [LCP Ident id=0x2 magic=0x51370ed8 "
MSRASV5.10"]
Jun  1 09:38:28 gate pppd[6785]: rcvd [LCP Ident id=0x3 magic=0x51370ed8
"MSRAS-0-JULIA"]
Jun  1 09:38:28 gate pppd[6785]: rcvd [LCP EchoRep id=0x0 magic=0x51370ed8]
Jun  1 09:38:28 gate pppd[6785]: rcvd [CHAP Response id=0x21
<0303dc2928db5c81b0ab583deb5417430000000000000000215f649c77cd8adb57b17023d15a8b
fb1100b2bda82a892b00>, name = "123"]
Jun  1 09:38:28 gate pppd[6785]: RADATTR plugin wrote 4 line(s) to file
/var/run/radattr.ppp0.
Jun  1 09:38:28 gate pppd[6785]: sent [CHAP Success id=0x21
"S=19640EC96068F43C05951FD3206A512CCDCB0A69"]
Jun  1 09:38:28 gate pppd[6785]: sent [CCP ConfReq id=0x1 <deflate 15>
<deflate(old#) 15> <bsd v1 15>]
Jun  1 09:38:28 gate pppd[6785]: sent [IPCP ConfReq id=0x1 <compress VJ 0f
01> <addr 192.168.1.7>]
Jun  1 09:38:28 gate pppd[6785]: rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L
-D +C>]
Jun  1 09:38:28 gate pppd[6785]: sent [CCP ConfRej id=0x4 <mppe +H +M +S +L
-D +C>]
Jun  1 09:38:28 gate pppd[6785]: rcvd [IPCP ConfReq id=0x5 <addr 0.0.0.0>
<ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0
.0.0>]
Jun  1 09:38:28 gate pppd[6785]: sent [IPCP ConfNak id=0x5 <addr
192.168.1.16> <ms-dns1 192.168.1.3> <ms-wins 192.168.1.3> <ms-dns3 192.168.
1.3> <ms-wins 192.168.1.3>]
Jun  1 09:38:28 gate pppd[6785]: rcvd [CCP ConfRej id=0x1 <deflate 15>
<deflate(old#) 15> <bsd v1 15>]
Jun  1 09:38:28 gate pppd[6785]: sent [CCP ConfReq id=0x2]
Jun  1 09:38:28 gate pppd[6785]: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f
01>]
Jun  1 09:38:28 gate pppd[6785]: sent [IPCP ConfReq id=0x2 <addr 192.168.1.7

Jun  1 09:38:28 gate pppd[6785]: rcvd [LCP TermReq id=0x6
"Q7\016\37777777730\000<\37777777715t\000\000\002\37777777746"]
Jun  1 09:38:28 gate pppd[6785]: sent [LCP TermAck id=0x6]


Пришлось пока шифрование отключить, благо что трафик шифруется на уровне
приложения

pptpd.conf:

option /etc/ppp/options.pptpd
bcrelay eth0
localip 192.168.1.7
remoteip 192.168.1.16-31

options.pptpd:
lock
auth
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
proxyarp
debug
ms-dns 192.168.1.3
ms-wins 192.168.1.3
plugin radius.so
plugin radattr.so

без радиуса соответственно options.pptpd:
lock
auth
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe
proxyarp
debug
ms-dns 192.168.1.3
ms-wins 192.168.1.3

Это баг или я маны недокурил?

troubles with mppe & radius plugin in pptp vpn

Ответить