stefan_tech
25th August 2005, 06:12 AM
Sorry if this was beaten to death somewhere else. Tried searching and can't find anything definite.
I'm trying to connect a FC3 box at home to our PIX VPN at work. I've followed the instructions at http://pptpclient.sourceforge.net/howto-fedora-core-3.phtml verbatim. Everything seems to load alright, but whenever I try to connect I get this error in the status window:
LCP: timeout sending Config-Requests
Connection terminated.
At http://pptpclient.sourceforge.net/howto-diagnosis.phtml#lcp_timeout they listed possible reasons relating to GRE packets. I did a tcpdump/grep while trying to connect. There are numerous gre-ppp-payload packets going to and from the server; Followed by 10 gre-ppp-payload going to the server with no response. Don't have a clue on what to check from there.
Now I do have access to the PIX config (cannot change anything.) The relevant config lines would be:
vpdn group VPN_USER accept dialin pptp
vpdn group VPN_USER ppp authentication pap
vpdn group VPN_USER ppp authentication chap
vpdn group VPN_USER ppp authentication mschap
vpdn group VPN_USER ppp encryption mppe 40 (I guess there is a license problem for 128?)
...
My options.pptp looks like this:
lock
noauth
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
require-mppe
I don't know what to try now... Any help would be greatly appreciated!
Update:
I allowed mschap auth in the config and I get this error while connecting:
CHAP authentication succeeded
Disabling 40-bit MPPE; MS-CHAP LM not supported
MPPE required but peer negotiation failed
Connection terminated.
So, I need to use mschap instead of v2; But what gives with the encryption? Do I not have 40bit capability? How do I check and fix?
(It's getting late btw, my brain is melting ;-)
I'm trying to connect a FC3 box at home to our PIX VPN at work. I've followed the instructions at http://pptpclient.sourceforge.net/howto-fedora-core-3.phtml verbatim. Everything seems to load alright, but whenever I try to connect I get this error in the status window:
LCP: timeout sending Config-Requests
Connection terminated.
At http://pptpclient.sourceforge.net/howto-diagnosis.phtml#lcp_timeout they listed possible reasons relating to GRE packets. I did a tcpdump/grep while trying to connect. There are numerous gre-ppp-payload packets going to and from the server; Followed by 10 gre-ppp-payload going to the server with no response. Don't have a clue on what to check from there.
Now I do have access to the PIX config (cannot change anything.) The relevant config lines would be:
vpdn group VPN_USER accept dialin pptp
vpdn group VPN_USER ppp authentication pap
vpdn group VPN_USER ppp authentication chap
vpdn group VPN_USER ppp authentication mschap
vpdn group VPN_USER ppp encryption mppe 40 (I guess there is a license problem for 128?)
...
My options.pptp looks like this:
lock
noauth
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
require-mppe
I don't know what to try now... Any help would be greatly appreciated!
Update:
I allowed mschap auth in the config and I get this error while connecting:
CHAP authentication succeeded
Disabling 40-bit MPPE; MS-CHAP LM not supported
MPPE required but peer negotiation failed
Connection terminated.
So, I need to use mschap instead of v2; But what gives with the encryption? Do I not have 40bit capability? How do I check and fix?
(It's getting late btw, my brain is melting ;-)
