Subject: Re: MSCHAP support in pppd
To: John Klos <john@sixgirls.org>
From: None <dokas@cs.umn.edu>
List: tech-net
Date: 02/22/2001 10:10:30
On Wed, Feb 21, 2001 at 04:12:42PM -0500, John Klos wrote:
> I am trying to get pptpd (poptop) running on a NetBSD 1.5 system. It works
> by using pppd to connect two machines over a sort of vpn.
>
> The built-in pppd appears to work, but it seems I cannot authenticate
> a Windows client.
>
> There are some docs amongst the poptop files that talk about patching pppd
> for Linux in order to support MSCHAP.
>
> Does NetBSD's pppd support MSCHAP? If not, are there patches or something?
Yes, via the ppp-mppe package. I've recently been through this whole
process, here's how I got mine (mostly) working:
+ build and install the net/poptop package
+ build and install the net/ppp-mppe package
+ add the following line to /etc/lkm.conf:
/usr/pkg/lkm/mppe.o - - - - AFTERMOUNT
+ add the following line to /etc/rc.conf:
lkm=YES
+ create /etc/pptp.conf:
debug
speed 115200
localip 10.100.0.199
remoteip 10.100.0.200-253
+ create /etc/ppp/chap-secrets:
user servername password *
+ create /etc/ppp/options:
## turn pppd syslog debugging on
debug
## change 'servername' to whatever you specify as your server name in chap-secrets
name servername
auth
#require-chap
proxyarp
## MPPE support
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
ms-wins 10.100.0.23
+ add pptpd to /etc/rc.local:
/usr/pkg/sbin/pptpd -d
+ reboot (or add the LKM and run pptpd by hand)
Now, a little background. The machine that I'm running this on is fully pulled to -current.
And I had to make a small change to the kernel:
*** /sys/net/ppp-comp.h Tue Feb 20 13:36:36 2001
--- /sys/net/ppp-comp.h.orig Thu Feb 22 10:05:43 2001
***************
*** 111,117 ****
/*
* Max # bytes for a CCP option
*/
! #define CCP_MAX_OPTION_LENGTH 64
/*
* Parts of a CCP packet.
--- 111,117 ----
/*
* Max # bytes for a CCP option
*/
! #define CCP_MAX_OPTION_LENGTH 32
/*
* Parts of a CCP packet.
Otherwise the "compress" (really encryption) negotiation would not work
since NetBSD's if_ppp.c was truncating the CCP options to 32 bytes.
And finally, although I can use Win98/2K to VPN in via PPTP, I still can't
browse my internal network (10.100.0.0/24). If anyone knows how to get
browsing working, I'd really appreciate the help. I've got a hunch that
I'm having IP routing issues due to the fact that the local and remote
PPTP IP addresses are on the internal network.
Paul
--
Paul Dokas dokas@cs.umn.edu
======================================================================
Don Juan Matus: "an enigma wrapped in mystery wrapped in a tortilla."