[LUGOS] VPN problem
Rok Krajnc
rok.krajnc at sklab.org
Tue Feb 7 08:24:48 CET 2006
Uros Trebec wrote:
> Hej, you're alive! :)
>
> no, zgleda, da te server ne zna avtenticirat. Sicer ne vem kako deluje
> pptp, a pri ostalih VPN resitvah mas ponavadi certifikate (clienta,
> serverja in CA-ja). Mislim pa, da MS nima tega (toliko o varnosti :).
>
>
Ne boš verjel, tudi windows poznajo certifikate. :)
Certifikati ti pridejo prav pri kakem l2tp (ipsec), pptp jih ne potrebuje.
Iz tvojega debug izpisa pa zgleda, da hoče ena stran uporabljati eap
(Extensible Authentication Protocol), kar pa ne bo šlo.
Najbolje, da na strežniku preveriš, če sploh podpira (oz. ima omogočeno)
MS-CHAP v2. Mislim, da win2003 privzeto nima vključene te opcije.
Drugače ti ostane samo še kakšen l2tp. Tega je na linuxu kar precej,
ziher se najde kakšen, kompatibilen z windows :)
lp, Rok
> On 2/5/06, JAnez Urevc <janez.urevc at siol.net> wrote:
>
>> Oj,
>>
>> iz Linux mašine (Debian unstable, 2.6.15) se poizkušam povezat na VPN
>> server, ki teče na MS Windows server 2003. Uporabil sem pptp-client 1.7
>> in pppd 2.4.4b1. Modul ppp-mppe je prikljopljen. Sledil sem navodilom
>> strani pptp-clenta
>> (http://pptpclient.sourceforge.net/howto-debian.phtml), povezava pa se
>> še zmeraj ne vzpostavi. Najprej sem mislil, da verzija mppe modula in
>> pppd-ja nista kompatibilni, vendar izgleda vse v redu. Dobim naslednji
>> debug output:
>>
>> pppd options in effect:
>> debug # (from command line)
>> nodetach # (from command line)
>> persist # (from /etc/ppp/peers/tunnel)
>> logfd 2 # (from command line)
>> dump # (from command line)
>> noauth # (from /etc/ppp/peers/tunnel)
>> refuse-chap # (from /etc/ppp/options.pptp)
>> refuse-mschap # (from /etc/ppp/options.pptp)
>> refuse-eap # (from /etc/ppp/options.pptp)
>> name janez # (from /etc/ppp/peers/tunnel)
>> remotename sokol # (from /etc/ppp/peers/tunnel)
>> # (from /etc/ppp/options.pptp)
>> pty pptp xxx.xxx.xxx.xxx --nolaunchpppd # (from /etc/ppp/peers/tunnel)
>> crtscts # (from /etc/ppp/options)
>> # (from /etc/ppp/options)
>> asyncmap 0 # (from /etc/ppp/options)
>> lcp-echo-failure 4 # (from /etc/ppp/options)
>> lcp-echo-interval 30 # (from /etc/ppp/options)
>> hide-password # (from /etc/ppp/options)
>> ipparam tunnel # (from /etc/ppp/peers/tunnel)
>> proxyarp # (from /etc/ppp/options)
>> usepeerdns # (from /etc/ppp/peers/tunnel)
>> nobsdcomp # (from /etc/ppp/options.pptp)
>> nodeflate # (from /etc/ppp/options.pptp)
>> require-mppe-128 # (from /etc/ppp/options.pptp)
>> noipx # (from /etc/ppp/options)
>> using channel 14
>> Using interface ppp0
>> Connect: ppp0 <--> /dev/pts/1
>> sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x277f71ce> <pcomp> <accomp>]
>> rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x545457e0>
>> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint
>> [local:7b.23.dc.31.96.be.4d.ab.b2.4b.1c.20.60.72.8a.50.00.00.00.00]> <
>> 17 04 00 c2>]
>> No auth is possible
>> sent [LCP ConfRej id=0x0 <auth eap> <callback CBCP> <mrru 1614> < 17 04
>> 00 c2>]
>> rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x277f71ce> <pcomp> <accomp>]
>> rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x545457e0> <pcomp> <accomp>
>> <endpoint
>> [local:7b.23.dc.31.96.be.4d.ab.b2.4b.1c.20.60.72.8a.50.00.00.00.00]>]
>> sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x545457e0> <pcomp> <accomp>
>> <endpoint
>> [local:7b.23.dc.31.96.be.4d.ab.b2.4b.1c.20.60.72.8a.50.00.00.00.00]>]
>> sent [LCP EchoReq id=0x0 magic=0x277f71ce]
>> MPPE required, but MS-CHAP[v2] auth not performed.
>> sent [LCP TermReq id=0x2 "MPPE required but not available"]
>> rcvd [LCP EchoRep id=0x0 magic=0x545457e0]
>> rcvd [LCP TermAck id=0x2 "MPPE required but not available"]
>> Connection terminated.
>> using channel 15
>> Using interface ppp0
>> Connect: ppp0 <--> /dev/pts/2
>> Script pptp xxx.xxx.xxx.xxx --nolaunchpppd finished (pid 6433), status = 0x0
>>
>> Za vsako pomoč bom zelo hvaležen,
>>
>> JAnez
>> _______________________________________________
>> lugos-list mailing list
>> lugos-list at lugos.si
>> http://liste2.lugos.si/cgi-bin/mailman/listinfo/lugos-list
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> lugos-list mailing list
>> lugos-list at lugos.si
>> http://liste2.lugos.si/cgi-bin/mailman/listinfo/lugos-list
>>
More information about the lugos-list
mailing list