[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Issues with pptpd


First idea: Is it an authentication problem? As far as I know, different
versions of MS Windows use different authentication methods by default (PAP,
CHAP, CHAP2 etc.). To figure out the exact source of the problem, you might
try to configure the clients and the server to use only PAP for
authentication and then step by step try the other authentication methods. Of
course, you should finally disable PAP authentication again, as it uses
cleartext passwords and therefore is rather insecure.

CHAP is considered insecure, too, but CHAP2 needs a special kernel patch,
being based on a patented algorithm. That could be another source of your

Are there any errors reported in /var/log/messages?

Best regards,

Am Freitag, 10. September 2004 16:34 schrieb Joebstl Thomas:
> Hi,
> I'm experiencing some weird issues with pptpd:
> The pptp server has an external interface with a routeable IP and an
> internal interface with 10.x.x.x IP where clients should connect to from
> our wlan and get assigned routeable IP's as well.
> pptpd is configured to listen on the internal 10.x.x.x address and
> accepts incoming calls fine, but some clients can never successfully
> establish a connection.
> I cant isolate the problem to a specific group of clients though - after
> a reboot (rcpptpd restart doesn't change anything) win98/ME/XP clients
> can connect, after the next restart only 98/XP, then only ME and so forth.
> I'm really getting annoyed with that stuff - latest version which works
> for me now is the one in Debian 3.0 which is ancient.
> I've had a tcpdump running and it showed some really weird traffic from
> pppd. Everytime a client couldnt establish a connection pppd used the
> external routeable IP as source IP for its packets - although ps awx and
> debug/dump show that it gets the proper local (10.x.x.x) IP address
> specified on the command line.
> The system is running 9.1 Pro with the latest updates as of 2 hours ago.
> I think I had it working before on a system running either 9.0 or 9.1
> without any updates, but I cant remember exactly and thanks to maxtors
> QA department I cant check it anymore since the hdd is dead....
> Would be nice to get some clues how to get it working reliable again.
> Regards,
> Thomas

Dipl.-Vw. Johannes Becker
Alfred-Weber-Institut für Wirtschaftswissenschaften
der Universität Heidelberg
Lehrstuhl für Statistik
Hauptstraße 126
D-69117 Heidelberg

Telefon: +49-(0)6221-54 2931
Telefax: +49-(0)6221-54 3589
e-Mail: Johannes.Becker@xxxxxxxxxxxxxxxxxxxxx
WWW: http://wss.uni-hd.de

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here