[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Issues with pptpd



Hi,

nope, it's not an authentication problem - if I play around with authentication methods I get login errors but not such behaviour.

I put tcpdump, pp(t)pd logs and the config files up on http://members.easyline.at/~joebstl/pptpd/ to check it out.
And as I said, that behaviour changes with each reboot.
Clients are Win98SE, WinME, W2k3 - all inside vmware and WinXP as host os - and they work at random.

Regards,
Thomas



Johannes Becker (by way of Johannes Becker <johannes.becker@xxxxxxxxxxxxxxxxxxxxx>) wrote:

Hi!

First idea: Is it an authentication problem? As far as I know, different
versions of MS Windows use different authentication methods by default (PAP,
CHAP, CHAP2 etc.). To figure out the exact source of the problem, you might
try to configure the clients and the server to use only PAP for
authentication and then step by step try the other authentication methods. Of
course, you should finally disable PAP authentication again, as it uses
cleartext passwords and therefore is rather insecure.

CHAP is considered insecure, too, but CHAP2 needs a special kernel patch,
being based on a patented algorithm. That could be another source of your
problems.

Are there any errors reported in /var/log/messages?

Best regards,
Johannes

Am Freitag, 10. September 2004 16:34 schrieb Joebstl Thomas:
Hi,

I'm experiencing some weird issues with pptpd:
The pptp server has an external interface with a routeable IP and an
internal interface with 10.x.x.x IP where clients should connect to from
our wlan and get assigned routeable IP's as well.
pptpd is configured to listen on the internal 10.x.x.x address and
accepts incoming calls fine, but some clients can never successfully
establish a connection.
I cant isolate the problem to a specific group of clients though - after
a reboot (rcpptpd restart doesn't change anything) win98/ME/XP clients
can connect, after the next restart only 98/XP, then only ME and so forth.
I'm really getting annoyed with that stuff - latest version which works
for me now is the one in Debian 3.0 which is ancient.

I've had a tcpdump running and it showed some really weird traffic from
pppd. Everytime a client couldnt establish a connection pppd used the
external routeable IP as source IP for its packets - although ps awx and
debug/dump show that it gets the proper local (10.x.x.x) IP address
specified on the command line.

The system is running 9.1 Pro with the latest updates as of 2 hours ago.
I think I had it working before on a system running either 9.0 or 9.1
without any updates, but I cant remember exactly and thanks to maxtors
QA department I cant check it anymore since the hdd is dead....

Would be nice to get some clues how to get it working reliable again.

Regards,

Thomas

--
Dipl.-Vw. Johannes Becker
Alfred-Weber-Institut für Wirtschaftswissenschaften
der Universität Heidelberg
Lehrstuhl für Statistik
Hauptstraße 126
D-69117 Heidelberg

Telefon: +49-(0)6221-54 2931
Telefax: +49-(0)6221-54 3589
e-Mail: Johannes.Becker@xxxxxxxxxxxxxxxxxxxxx
WWW: http://wss.uni-hd.de





--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here