|
||||||||
My settings, platform and problems are the same as yours Pete. I have a WRAP, but I also tried it on a CDROM image under Vmware. I won't post the log because its identical. Yes, I can ping myself, but no one else. I'll just confirm the same issue as you. I tried pfSense thinking that maybe FreeBSD 6 would fix it, but the devs over there said they just sync the code from m0n0wall. I am using a Windows PPTP client under XP. The same settings work to a Microsoft PPTP server as well as m0n0wall with a local user list, so it is something inherent in the Radius settings preventing it from working. Can anyone else also confirm this problem? -Robert -----Original Message----- From: Pete Klein [mailto:petek1827 at yahoo dot com] Sent: Thursday, March 15, 2007 11:20 PM To: Holmes, Robert; m0n0wall at lists dot m0n0 dot ch Subject: RE: [m0n0wall] Radius & PPTP Hi Robert, Sorry I haven't had time to respond lately. Things have been rather crazy at work and I haven't had time to look into this matter. I think the link you pointed to applies only to IPSec clients and not PPTP clients so I don't think this will help us. I think this problem might be an MPD configuration error but I am not completely sure. We are both using completely different Radius Servers and I suspect different PPTP clients (What PPTP client are you using?) and are having similar problems. This means either we are both missing something completely obvious (at least in my case this is possible) or there is a bug in Monowall/pfSense (I'm not familiar with pfSense but it looks like a clone of Monowall. Can someone confirm the relationship?) MPD is the program that is a part of Monowall and provides the PPTP service. MPD.conf is the configuration file for MPD. Unfortunately Monowall does not (unless I am missing something) give us the ability to directly view or edit this file so this is something Manuel will have to fix. At this point we need to confirm that this is indeed a bug (and not a mistake on our part) and try to give Manuel as much info as we can so he can figure out a solution. I don't think this is a Radius problem because according to my log, MPD is properly using my Radius Server to authenticate me. Mar 15 21:04:19 mpd: [pt0] LCP: phase shift ESTABLISH --> AUTHENTICATE Mar 15 21:04:19 mpd: [pt0] LCP: auth: peer wants nothing, I want CHAP Mar 15 21:04:19 mpd: [pt0] CHAP: sending CHALLENGE Mar 15 21:04:19 mpd: [pt0] LCP: LayerUp Mar 15 21:04:19 mpd: [pt0] CHAP: rec'd RESPONSE #1 Mar 15 21:04:19 mpd: Name: "FERRETS\Pete" Mar 15 21:04:19 mpd: [pt0] RADIUS: RadiusAddServer Adding 192.168.81.11 Mar 15 21:04:19 mpd: [pt0] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv2) peer name: Pete Mar 15 21:04:19 mpd: [pt0] RADIUS: RadiusSendRequest: RAD_ACCESS_ACCEPT for user Pete Mar 15 21:04:19 mpd: [pt0] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_CHAP2_SUCCESS: S=3EB4E813517BD7D615BFDAB3BC82F0EADEB665B6 Mar 15 21:04:19 mpd: [pt0] RADIUS: RadiusGetParams: Dropping MPD vendor specific attribute: 26 Mar 15 21:04:19 mpd: Response is valid Mar 15 21:04:19 mpd: [pt0] CHAP: sending SUCCESS Mar 15 21:04:19 mpd: [pt0] LCP: authorization successful Mar 15 21:04:19 mpd: [pt0] LCP: phase shift AUTHENTICATE --> NETWORK .... The problem starts to occur much later. Mar 15 21:04:20 mpd: MPPC Mar 15 21:04:20 mpd: 0x01000020: MPPE, 40 bit, stateless Mar 15 21:04:20 mpd: [pt0] CCP: Checking whether 40 bits are acceptable -> yes Mar 15 21:04:20 mpd: [pt0] CCP: SendConfigAck #3 Mar 15 21:04:20 mpd: MPPC Mar 15 21:04:20 mpd: 0x01000020: MPPE, 40 bit, stateless Mar 15 21:04:20 mpd: [pt0] CCP: state change Ack-Rcvd --> Opened Mar 15 21:04:20 mpd: [pt0] CCP: LayerUp Mar 15 21:04:20 mpd: Compress using: MPPE, 40 bit, stateless Mar 15 21:04:20 mpd: Decompress using: MPPE, 40 bit, stateless Mar 15 21:04:20 mpd: [pt0] setting interface ng1 MTU to 1456 bytes Mar 15 21:04:20 mpd: [pt0] rec'd unexpected protocol 0xa0bb on link -1, rejecting Mar 15 21:04:23 mpd: [pt0] rec'd unexpected protocol 0xb229 on link -1, rejecting Mar 15 21:04:23 mpd: [pt0] rec'd unexpected protocol 0x0035 on link -1, rejecting .... (variations of this last line just keep repeating) I have posted more complete logs here http://ksurveying.homeip.net/download/WithRadius.txt http://ksurveying.homeip.net/download/NoRadius.txt Can you examine your Monowall log to see if you are getting similar entries? You will need to examine it almost right after you attempt a pptp login or the entries will scroll right off the screen. You may want to change the "Number of log entries to show" setting to something like 500 to give you time to see the entries. You will mainly be looking for lines that begin with mpd: ..... Also I noticed you mentioned you cannot see anyone on your local network. Can you ping non-local (WAN) addresses? I cannot ping anything other than my own address. On your client machine, what does ipconfig say? Are you getting an IP address on your PPTP interface? Mine says I am. What are you running Monowall on? Mine is on a pair of Wrap 1e-2. Is there anything special about your settings? Please provide as much info as possible. --- "Holmes, Robert" <Robert dot Holmes at agilysys dot com> wrote: > I found this which may be necessary to patching Radius to work with MS > PPTP clients. > http://www.debian-administration.org/articles/245 > > > > -----Original Message----- > From: Holmes, Robert > Sent: Thursday, March 15, 2007 6:11 AM > To: 'm0n0wall at lists dot m0n0 dot ch' > Subject: RE: [m0n0wall] Radius & PPTP > > Any more movement on this issue? It's a bug that is confirmed by both > monowall and pfsense users. > > Thanks, Robert > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: > m0n0wall dash help at lists dot m0n0 dot ch > > ________________________________________________________________________ ____________ Be a PS3 game guru. Get your game face on with the latest PS3 news and previews at Yahoo! Games. http://videogames.yahoo.com/platform?platform=120121 |