tech-net: Re: MSCHAP support in pppd

Subject: Re: MSCHAP support in pppd
To: John Klos <john@sixgirls.org>
From: None <dokas@cs.umn.edu>
List: tech-net
Date: 02/22/2001 10:10:30
On Wed, Feb 21, 2001 at 04:12:42PM -0500, John Klos wrote:
> I am trying to get pptpd (poptop) running on a NetBSD 1.5 system. It works
> by using pppd to connect two machines over a sort of vpn.
> 
> The built-in pppd appears to work, but it seems I cannot authenticate
> a Windows client.
> 
> There are some docs amongst the poptop files that talk about patching pppd
> for Linux in order to support MSCHAP.
> 
> Does NetBSD's pppd support MSCHAP? If not, are there patches or something?

Yes, via the ppp-mppe package.  I've recently been through this whole
process, here's how I got mine (mostly) working:


  + build and install the net/poptop package
  + build and install the net/ppp-mppe package
  + add the following line to /etc/lkm.conf:

        /usr/pkg/lkm/mppe.o  -  -  -  -  AFTERMOUNT

  + add the following line to /etc/rc.conf:

        lkm=YES

  + create /etc/pptp.conf:

        debug
        speed 115200
        localip 10.100.0.199
        remoteip 10.100.0.200-253

  + create /etc/ppp/chap-secrets:

        user   servername   password   *

  + create /etc/ppp/options:

        ## turn pppd syslog debugging on
        debug

        ## change 'servername' to whatever you specify as your server name in chap-secrets
        name servername

        auth
        #require-chap
        proxyarp

        ## MPPE support
        +chapms
        +chapms-v2
        mppe-40
        mppe-128
        mppe-stateless

        ms-wins 10.100.0.23

  + add pptpd to /etc/rc.local:

        /usr/pkg/sbin/pptpd -d

  + reboot (or add the LKM and run pptpd by hand)



Now, a little background.  The machine that I'm running this on is fully pulled to -current.
And I had to make a small change to the kernel:

  *** /sys/net/ppp-comp.h Tue Feb 20 13:36:36 2001
  --- /sys/net/ppp-comp.h.orig    Thu Feb 22 10:05:43 2001
  ***************
  *** 111,117 ****
    /*
     * Max # bytes for a CCP option
     */
  ! #define CCP_MAX_OPTION_LENGTH 64
  
    /*
     * Parts of a CCP packet.
  --- 111,117 ----
    /*
     * Max # bytes for a CCP option
     */
  ! #define CCP_MAX_OPTION_LENGTH 32
  
    /*
     * Parts of a CCP packet.


Otherwise the "compress" (really encryption) negotiation would not work
since NetBSD's if_ppp.c was truncating the CCP options to 32 bytes.



And finally, although I can use Win98/2K to VPN in via PPTP, I still can't
browse my internal network (10.100.0.0/24).  If anyone knows how to get
browsing working, I'd really appreciate the help.  I've got a hunch that
I'm having IP routing issues due to the fact that the local and remote
PPTP IP addresses are on the internal network.


Paul
-- 
Paul Dokas                                            dokas@cs.umn.edu
======================================================================
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."