Страница 1 из 1
Проблема с MPPE
Добавлено: Пн апр 30, 2007 11:12 am
Xanf
Использую конфиги радиуса и мпд, выложенные на сайте.
При авторизации из mpd.secret все ок.
При авторизации по радиусу, авторизация проходит, но мпд не понимает, что идет шифрованный MPPE траффик. Если отключить шифрование - все работает, но это ж не дело.
В логах МПД смущают следующие строчки
Код: Выделить всё
[pptp1] RADIUS: using /etc/radius.conf
[pptp1] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv2) peer name: test
[pptp1] RADIUS: RadiusSendRequest: RAD_ACCESS_ACCEPT for user test
[pptp1] RADIUS: RadiusGetParams: RAD_SESSION_TIMEOUT: 38911
[pptp1] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: 6 (40 128 bit)
[pptp1] RADIUS: RadiusGetParams: Dropping MPD vendor specific attribute: 8
[pptp1] RADIUS: RadiusGetParams: RAD_FRAMED_IP_ADDRESS: 10.38.0.1
[pptp1] RADIUS: RadiusGetParams: RAD_FRAMED_IP_NETMASK: 255.255.255.255
[pptp1] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_CHAP2_SUCCESS: S=9544903DE45BA43D7713FFEF8F2B84DA5FE68420
[pptp1] RADIUS: RadiusGetParams: Dropping MPD vendor specific attribute: 26
[pptp1] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: 1 (Allowed)
[pptp1] RADIUS: RadiusGetParams: Dropping MPD vendor specific attribute: 7
[pptp1] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
а конкретно - последняя. Как побороть?
Добавлено: Пн апр 30, 2007 1:21 pm
~AsmodeuS~
Добавлено: Пт ноя 30, 2007 4:24 pm
SLIP
Предложенный по ссылке апроач не помог. Какие мои дальнейшие шаги?
Код: Выделить всё
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: SendConfigReq #2
Nov 30 22:05:19 localhost mpd: ACFCOMP
Nov 30 22:05:19 localhost mpd: PROTOCOMP
Nov 30 22:05:19 localhost mpd: MRU 1500
Nov 30 22:05:19 localhost mpd: MAGICNUM c957f8eb
Nov 30 22:05:19 localhost mpd: AUTHPROTO CHAP MSOFTv2
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
Nov 30 22:05:19 localhost mpd: ACFCOMP
Nov 30 22:05:19 localhost mpd: PROTOCOMP
Nov 30 22:05:19 localhost mpd: MRU 1500
Nov 30 22:05:19 localhost mpd: MAGICNUM c957f8eb
Nov 30 22:05:19 localhost mpd: AUTHPROTO CHAP MSOFTv2
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: state change Ack-Sent --> Opened
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: phase shift ESTABLISH --> AUTHENTICATE
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: auth: peer wants nothing, I want CHAP
Nov 30 22:05:19 localhost mpd: [pptp0] CHAP: sending CHALLENGE
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: LayerUp
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: rec'd Ident #2 link 0 (Opened)
Nov 30 22:05:19 localhost mpd: MESG: MSRASV5.10
Nov 30 22:05:19 localhost mpd: pptp0-0: ignoring SetLinkInfo
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: rec'd Ident #3 link 0 (Opened)
Nov 30 22:05:19 localhost mpd: MESG: MSRAS-0-SYSTEM
Nov 30 22:05:19 localhost mpd: [pptp0] CHAP: rec'd RESPONSE #1
Nov 30 22:05:19 localhost mpd: Name: "testuser"
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv2) peer name: testuser
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusSendRequest: RAD_ACCESS_ACCEPT for user testuser
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_CHAP2_SUCCESS: S=0EEAC1B80F6F74DCAF40D52C15CF16D60AC55E7C
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: Dropping MPD vendor specific attribute: 26
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: RAD_SESSION_TIMEOUT: 65000
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: 6 (40 128 bit)
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: Dropping MPD vendor specific attribute: 8
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: RAD_FRAMED_IP_ADDRESS: 172.25.51.66
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: RAD_FRAMED_IP_NETMASK: 255.255.255.255
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: 1 (Allowed)
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: Dropping MPD vendor specific attribute: 7
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusGetParams: WARNING no MPPE-Keys received, MPPE will not work
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusSetAuth: Trying to use IP-address from radius-server
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusSetAuth: using this IP: 172.25.51.66
Nov 30 22:05:19 localhost mpd: Response is valid
Nov 30 22:05:19 localhost mpd: [pptp0] CHAP: sending SUCCESS
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: authorization successful
Nov 30 22:05:19 localhost mpd: [pptp0] LCP: phase shift AUTHENTICATE --> NETWORK
Nov 30 22:05:19 localhost mpd: [pptp0] setting interface ng0 MTU to 1400 bytes
Nov 30 22:05:19 localhost mpd: [pptp0] up: 1 link, total bandwidth 64000 bps
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: Up event
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: state change Starting --> Req-Sent
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: SendConfigReq #1
Nov 30 22:05:19 localhost mpd: IPADDR 172.25.44.1
Nov 30 22:05:19 localhost mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 30 22:05:19 localhost mpd: [pptp0] error writing len 20 frame to bypass: Network is down
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: Open event
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: state change Initial --> Starting
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: LayerStart
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: Up event
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: state change Starting --> Req-Sent
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: SendConfigReq #1
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> yes
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes
Nov 30 22:05:19 localhost mpd: MPPC
Nov 30 22:05:19 localhost mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless
Nov 30 22:05:19 localhost mpd: [pptp0] error writing len 14 frame to bypass: Network is down
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusAccount for: testuser
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusAddServer Adding 127.0.0.1
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusAccount: Sending accounting data (Type: 1)
Nov 30 22:05:19 localhost mpd: [pptp0] RADIUS: RadiusSendRequest: RAD_ACCOUNTING_RESPONSE for user testuser
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: rec'd Configure Request #4 link 0 (Req-Sent)
Nov 30 22:05:19 localhost mpd: MPPC
Nov 30 22:05:19 localhost mpd: 0x01000001: MPPC
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> yes
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: SendConfigNak #4
Nov 30 22:05:19 localhost mpd: MPPC
Nov 30 22:05:19 localhost mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: rec'd Configure Request #5 link 0 (Req-Sent)
Nov 30 22:05:19 localhost mpd: IPADDR 0.0.0.0
Nov 30 22:05:19 localhost mpd: NAKing with 172.25.51.66
Nov 30 22:05:19 localhost mpd: PRIDNS 0.0.0.0
Nov 30 22:05:19 localhost mpd: NAKing with 192.168.1.249
Nov 30 22:05:19 localhost mpd: PRINBNS 0.0.0.0
Nov 30 22:05:19 localhost mpd: SECDNS 0.0.0.0
Nov 30 22:05:19 localhost mpd: SECNBNS 0.0.0.0
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: SendConfigRej #5
Nov 30 22:05:19 localhost mpd: PRINBNS 0.0.0.0
Nov 30 22:05:19 localhost mpd: SECDNS 0.0.0.0
Nov 30 22:05:19 localhost mpd: SECNBNS 0.0.0.0
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: rec'd Configure Request #6 link 0 (Req-Sent)
Nov 30 22:05:19 localhost mpd: MPPC
Nov 30 22:05:19 localhost mpd: 0x01000040: MPPE, 128 bit, stateless
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: Checking whether 128 bits are acceptable -> yes
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: SendConfigAck #6
Nov 30 22:05:19 localhost mpd: MPPC
Nov 30 22:05:19 localhost mpd: 0x01000040: MPPE, 128 bit, stateless
Nov 30 22:05:19 localhost mpd: [pptp0] CCP: state change Req-Sent --> Ack-Sent
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: rec'd Configure Request #7 link 0 (Req-Sent)
Nov 30 22:05:19 localhost mpd: IPADDR 0.0.0.0
Nov 30 22:05:19 localhost mpd: NAKing with 172.25.51.66
Nov 30 22:05:19 localhost mpd: PRIDNS 0.0.0.0
Nov 30 22:05:19 localhost mpd: NAKing with 192.168.1.249
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: SendConfigNak #7
Nov 30 22:05:19 localhost mpd: IPADDR 172.25.51.66
Nov 30 22:05:19 localhost mpd: PRIDNS 192.168.1.249
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: rec'd Configure Request #8 link 0 (Req-Sent)
Nov 30 22:05:19 localhost mpd: IPADDR 172.25.51.66
Nov 30 22:05:19 localhost mpd: 172.25.51.66 is OK
Nov 30 22:05:19 localhost mpd: PRIDNS 192.168.1.249
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: SendConfigAck #8
Nov 30 22:05:19 localhost mpd: IPADDR 172.25.51.66
Nov 30 22:05:19 localhost mpd: PRIDNS 192.168.1.249
Nov 30 22:05:19 localhost mpd: [pptp0] IPCP: state change Req-Sent --> Ack-Sent
Nov 30 22:05:21 localhost mpd: [pptp0] IPCP: SendConfigReq #2
Nov 30 22:05:21 localhost mpd: IPADDR 172.25.44.1
Nov 30 22:05:21 localhost mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: SendConfigReq #2
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> yes
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes
Nov 30 22:05:21 localhost mpd: MPPC
Nov 30 22:05:21 localhost mpd: 0x01000060: MPPE, 40 bit, 128 bit, stateless
Nov 30 22:05:21 localhost mpd: [pptp0] IPCP: rec'd Configure Reject #2 link 0 (Ack-Sent)
Nov 30 22:05:21 localhost mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov 30 22:05:21 localhost mpd: [pptp0] IPCP: SendConfigReq #3
Nov 30 22:05:21 localhost mpd: IPADDR 172.25.44.1
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: rec'd Configure Nak #2 link 0 (Ack-Sent)
Nov 30 22:05:21 localhost mpd: MPPC
Nov 30 22:05:21 localhost mpd: 0x01000040: MPPE, 128 bit, stateless
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: SendConfigReq #3
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: Checking whether 40 bits are enabled -> no
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: Checking whether 56 bits are enabled -> no
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: Checking whether 128 bits are enabled -> yes
Nov 30 22:05:21 localhost mpd: MPPC
Nov 30 22:05:21 localhost mpd: 0x01000040: MPPE, 128 bit, stateless
Nov 30 22:05:21 localhost mpd: [pptp0] IPCP: rec'd Configure Ack #3 link 0 (Ack-Sent)
Nov 30 22:05:21 localhost mpd: IPADDR 172.25.44.1
Nov 30 22:05:21 localhost mpd: [pptp0] IPCP: state change Ack-Sent --> Opened
Nov 30 22:05:21 localhost mpd: [pptp0] IPCP: LayerUp
Nov 30 22:05:21 localhost mpd: 172.25.44.1 -> 172.25.51.66
Nov 30 22:05:21 localhost mpd: [pptp0] IFACE: Up event
Nov 30 22:05:21 localhost mpd: [pptp0] setting interface ng0 MTU to 1396 bytes
Nov 30 22:05:21 localhost mpd: [pptp0] exec: /sbin/ifconfig ng0 172.25.44.1 172.25.51.66 netmask 0xffffffff -link0
Nov 30 22:05:21 localhost mpd: [pptp0] exec: /sbin/route add 172.25.44.1 -iface lo0
Nov 30 22:05:21 localhost mpd: [pptp0] exec: /usr/local/abills/libexec/linkupdown mpd up ng0 inet 172.25.44.1 172.25.51.66 testuser
Nov 30 22:05:21 localhost mpd: [pptp0] exec: command returned 32512
Nov 30 22:05:21 localhost mpd: [pptp0] IFACE: Up event
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: rec'd Configure Ack #3 link 0 (Ack-Sent)
Nov 30 22:05:21 localhost mpd: MPPC
Nov 30 22:05:21 localhost mpd: 0x01000040: MPPE, 128 bit, stateless
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: state change Ack-Sent --> Opened
Nov 30 22:05:21 localhost mpd: [pptp0] CCP: LayerUp
Nov 30 22:05:21 localhost mpd: Compress using: MPPE, 128 bit, stateless
Nov 30 22:05:21 localhost mpd: Decompress using: MPPE, 128 bit, stateless
Nov 30 22:05:21 localhost mpd: [pptp0] setting interface ng0 MTU to 1396 bytes
Nov 30 22:05:21 localhost mpd: [pptp0] rec'd unexpected protocol 0x0027 on link -1, rejecting
Nov 30 22:05:21 localhost mpd: [pptp0] rec'd unexpected protocol 0x0019 on link -1, rejecting
Nov 30 22:05:21 localhost mpd: [pptp0] rec'd unexpected protocol 0x00a9 on link -1, rejecting
Nov 30 22:05:22 localhost mpd: [pptp0] rec'd unexpected protocol 0x0083 on link -1, rejecting
Nov 30 22:05:22 localhost mpd: [pptp0] rec'd unexpected protocol 0xa2b1 on link -1, rejecting
Nov 30 22:05:22 localhost mpd: [pptp0] rec'd unexpected protocol 0x0069 on link -1, rejecting
Nov 30 22:05:23 localhost mpd: [pptp0] rec'd unexpected protocol 0x0031 on link -1, rejecting
Nov 30 22:05:23 localhost mpd: [pptp0] rec'd unexpected protocol 0x486b on link -1, rejecting
Nov 30 22:05:25 localhost mpd: [pptp0] rec'd unexpected protocol 0x00d1 on link -1, rejecting
Nov 30 22:05:26 localhost mpd: [pptp0] rec'd unexpected protocol 0x0061 on link -1, rejecting
Nov 30 22:05:27 localhost mpd: [pptp0] rec'd unexpected protocol VJUNCOMP on link -1
Nov 30 22:05:27 localhost mpd: [pptp0] rec'd proto 0xf6a7 on MP link! (ignoring)
Nov 30 22:05:27 localhost mpd: [pptp0] rec'd unexpected protocol 0x0011 on link -1, rejecting
Nov 30 22:05:28 localhost mpd: [pptp0] rec'd unexpected protocol 0x0017 on link -1, rejecting
Nov 30 22:05:28 localhost mpd: [pptp0] rec'd unexpected protocol 0x0847 on link -1, rejecting
Nov 30 22:05:29 localhost mpd: [pptp0] rec'd unexpected protocol 0x00cd on link -1, rejecting
Nov 30 22:05:29 localhost mpd: [pptp0] rec'd unexpected protocol 0x00f7 on link -1, rejecting
Nov 30 22:05:29 localhost mpd: [pptp0] rec'd unexpected protocol 0x0063 on link -1, rejecting
Nov 30 22:05:30 localhost mpd: [pptp0] rec'd unexpected protocol 0x0035 on link -1, rejecting
Nov 30 22:05:32 localhost mpd: [pptp0] rec'd unexpected protocol 0x9c53 on link -1, rejecting
Nov 30 22:05:33 localhost mpd: [pptp0] rec'd unexpected protocol 0x00cb on link -1, rejecting
Nov 30 22:05:35 localhost mpd: [pptp0] rec'd unexpected protocol 0x5e13 on link -1, rejecting
Nov 30 22:05:38 localhost mpd: [pptp0] rec'd unexpected protocol MP on link -1, rejecting
Добавлено: Пт ноя 30, 2007 9:41 pm
~AsmodeuS~
Возьмите конфиг для MPD с сайта и MPPE для радиуса и все заработает
Добавлено: Пт ноя 30, 2007 9:56 pm
SLIP
~AsmodeuS~ писал(а):Возьмите конфиг для MPD с сайта и MPPE для радиуса и все заработает
Там и брал. Только мпд у меня не патченный. пробовал и 3-й и 4-й. На третем коннектится но ничего не работает, на 4-м при коннекте вылетает с ошибкой.