Re: PPPoE connection closing right after authentication?

Thu, 22 Mar 2018 12:21:05 -0700 

On Tue, Mar 20, 2018 at 10:27:16AM +0000, Stuart Henderson wrote:
> 
> It's not clear from your mail, have you tried just using CHAP?

That's what I get for writing e-mails in the middle of the night.

I did try CHAP:

22:34:31.753153 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 21
     LCP: Configure-Request, Max-Rx-Unit=1460, Auth-Prot CHAP/MD5, 
Magic-Number=217270350, Vendor-Ext
22:34:31.763198 :MY_ROUTER: 00:90:1a:a0:91:66 8864 41: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 21
     LCP: Configure-Ack, Max-Rx-Unit=1460, Auth-Prot CHAP/MD5, 
Magic-Number=217270350[|lcp]
22:34:31.763211 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 16
     LCP: Configure-Ack, Magic-Number=1195066301, Max-Rx-Unit=1492, Vendor-Ext
22:34:31.774662 00:90:1a:a0:91:66 :MY_ROUTER: 8864 61: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 41
     CHAP: Challenge, Value=dd3d7a974dad042911fa8a11302ddd441774ec674e04, 
Name=EDTNABXTAR03[|chap]
22:34:31.784711 :MY_ROUTER: 00:90:1a:a0:91:66 8864 65: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 45
     CHAP: Response, Value=82b356cfa2aa9002b8998d4215abdd13, 
Name=myteka...@teksavvy.com[|chap]
22:34:44.392624 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 20
     LCP: Configure-Request, Max-Rx-Unit=1452, Auth-Prot PAP, 
Magic-Number=235537185, Vendor-Ext
22:34:44.402667 :MY_ROUTER: 00:90:1a:a0:91:66 8864 30: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 10
     LCP: Configure-Nak, Auth-Prot CHAP/[|lcp]

I get a challenge, I respond, then the remote asks for PAP, which I Nak
because I'm configured to use CHAP.  Unlike with PAP where it terminates,
my router and the remote system will then continue this argument until I
bring down the interface.

To me this further indicates a "double authentication": a CHAP challenge
followed by PAP authentication.  I have no idea how to set up a config
to answer that though.

Reply via email to