[ previous ] [ next ] [ threads ]
 
 From:  Pete Klein <petek1827 at yahoo dot com>
 To:  "Holmes, Robert" <Robert dot Holmes at agilysys dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Radius & PPTP
 Date:  Thu, 15 Mar 2007 20:19:56 -0700 (PDT)
Hi Robert,

Sorry I haven't had time to respond lately.  Things
have been rather crazy at work and I haven't had time
to look into this matter.

I think the link you pointed to applies only to IPSec
clients and not PPTP clients so I don't think this
will help us.

I think this problem might be an MPD configuration
error but I am not completely sure.  We are both using
completely different Radius Servers and I suspect
different PPTP clients (What PPTP client are you
using?) and are having similar problems.  This means
either we are both missing something completely
obvious (at least in my case this is possible) or
there is a bug in Monowall/pfSense (I'm not familiar
with pfSense but it looks like a clone of Monowall. 
Can someone confirm the relationship?)

MPD is the program that is a part of Monowall and
provides the PPTP service.  MPD.conf is the
configuration file for MPD.  Unfortunately Monowall
does not (unless I am missing something) give us the
ability to directly view or edit this file so this is
something Manuel will have to fix.  

At this point we need to confirm that this is indeed a
bug (and not a mistake on our part) and try to give
Manuel as much info as we can so he can figure out a
solution.  I don't think this is a Radius problem
because according to my log, MPD is properly using my
Radius Server to authenticate me.

Mar 15 21:04:19 	mpd: [pt0] LCP: phase shift ESTABLISH
--> AUTHENTICATE
Mar 15 21:04:19 	mpd: [pt0] LCP: auth: peer wants
nothing, I want CHAP
Mar 15 21:04:19 	mpd: [pt0] CHAP: sending CHALLENGE
Mar 15 21:04:19 	mpd: [pt0] LCP: LayerUp
Mar 15 21:04:19 	mpd: [pt0] CHAP: rec'd RESPONSE #1
Mar 15 21:04:19 	mpd: Name: "FERRETS\Pete"
Mar 15 21:04:19 	mpd: [pt0] RADIUS: RadiusAddServer
Adding 192.168.81.11
Mar 15 21:04:19 	mpd: [pt0] RADIUS: RadiusPutAuth:
RADIUS_CHAP (MSOFTv2) peer name: Pete
Mar 15 21:04:19 	mpd: [pt0] RADIUS: RadiusSendRequest:
RAD_ACCESS_ACCEPT for user Pete
Mar 15 21:04:19 	mpd: [pt0] RADIUS: RadiusGetParams:
RAD_MICROSOFT_MS_CHAP2_SUCCESS:
S=3EB4E813517BD7D615BFDAB3BC82F0EADEB665B6
Mar 15 21:04:19 	mpd: [pt0] RADIUS: RadiusGetParams:
Dropping MPD vendor specific attribute: 26
Mar 15 21:04:19 	mpd: Response is valid
Mar 15 21:04:19 	mpd: [pt0] CHAP: sending SUCCESS
Mar 15 21:04:19 	mpd: [pt0] LCP: authorization
successful
Mar 15 21:04:19 	mpd: [pt0] LCP: phase shift
AUTHENTICATE --> NETWORK

....

The problem starts to occur much later.  
Mar 15 21:04:20 	mpd: MPPC
Mar 15 21:04:20 	mpd: 0x01000020: MPPE, 40 bit,
stateless
Mar 15 21:04:20 	mpd: [pt0] CCP: Checking whether 40
bits are acceptable -> yes
Mar 15 21:04:20 	mpd: [pt0] CCP: SendConfigAck #3
Mar 15 21:04:20 	mpd: MPPC
Mar 15 21:04:20 	mpd: 0x01000020: MPPE, 40 bit,
stateless
Mar 15 21:04:20 	mpd: [pt0] CCP: state change Ack-Rcvd
--> Opened
Mar 15 21:04:20 	mpd: [pt0] CCP: LayerUp
Mar 15 21:04:20 	mpd: Compress using: MPPE, 40 bit,
stateless
Mar 15 21:04:20 	mpd: Decompress using: MPPE, 40 bit,
stateless
Mar 15 21:04:20 	mpd: [pt0] setting interface ng1 MTU
to 1456 bytes
Mar 15 21:04:20 	mpd: [pt0] rec'd unexpected protocol
0xa0bb on link -1, rejecting
Mar 15 21:04:23 	mpd: [pt0] rec'd unexpected protocol
0xb229 on link -1, rejecting
Mar 15 21:04:23 	mpd: [pt0] rec'd unexpected protocol
0x0035 on link -1, rejecting
.... (variations of this last line just keep
repeating)

I have posted more complete logs here

http://ksurveying.homeip.net/download/WithRadius.txt
http://ksurveying.homeip.net/download/NoRadius.txt

Can you examine your Monowall log to see if you are
getting similar entries?  You will need to examine it
almost right after you attempt a pptp login or the
entries will scroll right off the screen.  You may
want to change the "Number of log entries to show"
setting to something like 500 to give you time to see
the entries.  You will mainly be looking for lines
that begin with mpd: .....

Also I noticed you mentioned you cannot see anyone on
your local network.  Can you ping non-local (WAN)
addresses?  I cannot ping anything other than my own
address.  On your client machine, what does ipconfig
say?  Are you getting an IP address on your PPTP
interface?  Mine says I am.

What are you running Monowall on?  Mine is on a pair
of Wrap 1e-2.  Is there anything special about your
settings?  Please provide as much info as possible.

--- "Holmes, Robert" <Robert dot Holmes at agilysys dot com>
wrote:

> I found this which may be necessary to patching
> Radius to work with MS
> PPTP clients.
> http://www.debian-administration.org/articles/245
> 
>  
> 
> -----Original Message-----
> From: Holmes, Robert 
> Sent: Thursday, March 15, 2007 6:11 AM
> To: 'm0n0wall at lists dot m0n0 dot ch'
> Subject: RE: [m0n0wall] Radius & PPTP
> 
> Any more movement on this issue?  It's a bug that is
> confirmed by both
> monowall and pfsense users.
> 
> Thanks, Robert
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail:
> m0n0wall dash help at lists dot m0n0 dot ch
> 
> 



 
____________________________________________________________________________________
Be a PS3 game guru.
Get your game face on with the latest PS3 news and previews at Yahoo! Games.
http://videogames.yahoo.com/platform?platform=120121