pppd "peer refused to authenticate"

linux authentication pptp point-to-point-protocol
14,931

Figured it out.

The problem was giving the "auth" and "require-mschap-v2" options to pppd on the client end. Evidently only the server end must be configured to request authentication with the client configured to not request any kind of auth. What was happening was that the client asked the server to authenticate itself, which failed.

Share:
14,931

Related videos on Youtube

Moshev
Author by

Moshev

Updated on September 18, 2022

Comments

  • Moshev
    Moshev almost 2 years

    I have a working pptpd+pppd server configured which currently has two Windows 7 clients successfully connecting. However, when I try to connect a linux client I'm getting a really weird exchange that ends with "peer refused to authenticate" on both the server and client end.

    This is the log from the server:

    pppd[8205]: using channel 51
pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>]
pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP EchoReq id=0x0 magic=0x20b0750f]
pppd[8205]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[8205]: rcvd [LCP EchoReq id=0x0 magic=0x23d6bed3]
pppd[8205]: rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[8205]: sent [LCP TermAck id=0x3]
pppd[8205]: rcvd [LCP TermAck id=0x3]
pptpd[8204]: CTRL: Reaping child PPP[8205]

    And this is the log from the client:

    pppd[12077]: pppd options in effect:
pppd[12077]: debug               # (from command line)
pppd[12077]: holdoff 10          # (from /etc/ppp/peers/home1)
pppd[12077]: persist             # (from /etc/ppp/peers/home1)
pppd[12077]: dump                # (from command line)
pppd[12077]: require-mschap-v2           # (from /etc/ppp/peers/home1)
pppd[12077]: refuse-pap          # (from /etc/ppp/peers/home1)
pppd[12077]: refuse-mschap               # (from /etc/ppp/peers/home1)
pppd[12077]: name <redacted>          # (from /etc/ppp/peers/home1)
pppd[12077]: remotename <redacted>             # (from /etc/ppp/peers/home1)
pppd[12077]:             # (from /etc/ppp/options)
pppd[12077]: pty pptp <redacted> --nolaunchpppd                # (from /etc/ppp/peers/home1)
pppd[12077]: crtscts             # (from /etc/ppp/options)
pppd[12077]:             # (from /etc/ppp/options)
pppd[12077]: asyncmap 0          # (from /etc/ppp/options)
pppd[12077]: lcp-echo-failure 4          # (from /etc/ppp/options)
pppd[12077]: lcp-echo-interval 30                # (from /etc/ppp/options)
pppd[12077]: hide-password               # (from /etc/ppp/options)
pppd[12077]: proxyarp            # (from /etc/ppp/options)
pppd[12077]: nobsdcomp           # (from /etc/ppp/peers/home1)
pppd[12077]: nodeflate           # (from /etc/ppp/peers/home1)
pppd[12077]: nomppe              # (from /etc/ppp/peers/home1)
pppd[12077]: noipx               # (from /etc/ppp/options)
pppd[12078]: pppd 2.4.5 started by <redacted>, uid 0
pppd[12078]: using channel 12
pppd[12078]: Using interface ppp0
pppd[12078]: Connect: ppp0 <--> /dev/pts/14
pptp[12079]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
pptp[12086]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
pppd[12078]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pptp[12086]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 1920).
pppd[12078]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[12078]: No auth is possible
pppd[12078]: sent [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[12078]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[12078]: sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[12078]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[12078]: rcvd [LCP ConfNak id=0x1 <auth pap>]
pppd[12078]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[12078]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[12078]: sent [LCP EchoReq id=0x0 magic=0x23d6bed3]
pppd[12078]: peer refused to authenticate: terminating link
pppd[12078]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[12078]: rcvd [LCP EchoReq id=0x0 magic=0x20b0750f]
pppd[12078]: rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[12078]: sent [LCP TermAck id=0x3]
pppd[12078]: rcvd [LCP TermAck id=0x3]
pppd[12078]: Connection terminated.

    I'm really puzzled by these lines (from the server log):

    pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>]
pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]

    If I'm reading right, server requests mschap-v2 auth, then the client rejects that (why?); after that the client requests mschap-v2 auth, then the server rejects pap (wtf?) leading to both peers settling on no auth and the connection failing.

    Can someone shed some light on what's happening here?

    • dave_thompson_085
      dave_thompson_085 over 8 years
      Re 'wtf': ConfRej states items that are unacceptable, but ConfNak states those that would be acceptable.
  • moioi
    moioi about 10 years
    you explain the reason, how do you resolve this problem?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SQUID: How to disable authentication?
Kafka Console consumer with kerberos authentication
Difference between host based authentication and key based authentication
Is it possible to change password database file(/etc/passwd) in linux?
How to open VPN connection inside other VPN connection under Linux/Ubuntu
Setting Up a Keytab for a User Fails: "kinit: Password incorrect while getting initial credentials"
su not working when non-root (authentification failure)
command OR script to detect vpn connection status
Changing AuthorizedKeysFile in `sshd_config` not solving public key auth failure with encrypted home
Problem connecting to PPTP VPN in Ubuntu 9.10