LinuxQuestions.org - [SOLVED] PPTPD not working MS-CHAP[v2] auth not performed

Greetings, I'm trying to run a pptp daemon on my server, however as you can see from the title I'm not working it out. Here are the configs and logs, hope someone will give me a hand with this.

pptpd.conf:

Code:

###############################################################################

# $Id: pptpd.conf 4255 2004-10-03 18:44:00Z rene $

#

# Sample Poptop configuration file /etc/pptpd.conf

#

# Changes are effective when pptpd is restarted.

###############################################################################



# TAG: ppp

#      Path to the pppd program, default '/usr/sbin/pppd' on Linux

#

#ppp /usr/sbin/pppd



# TAG: option

#      Specifies the location of the PPP options file.

#      By default PPP looks in '/etc/ppp/options'

#

option /etc/ppp/pptpd-options



# TAG: debug

#      Turns on (more) debugging to syslog

#

#debug



# TAG: stimeout

#      Specifies timeout (in seconds) on starting ctrl connection

#

# stimeout 10



# TAG: noipparam

#      Suppress the passing of the client's IP address to PPP, which is

#      done by default otherwise.

#

#noipparam



# TAG: logwtmp

#      Use wtmp(5) to record client connections and disconnections.

#

logwtmp



# TAG: bcrelay <if>

#      Turns on broadcast relay to clients from interface <if>

#

#bcrelay eth1



# TAG: localip

# TAG: remoteip

#      Specifies the local and remote IP address ranges.

#

#      Any addresses work as long as the local machine takes care of the

#      routing.  But if you want to use MS-Windows networking, you should

#      use IP addresses out of the LAN address space and use the proxyarp

#      option in the pppd options file, or run bcrelay.

#

#      You can specify single IP addresses seperated by commas or you can

#      specify ranges, or both. For example:

#

#              192.168.0.234,192.168.0.245-249,192.168.0.254

#

#      IMPORTANT RESTRICTIONS:

#

#      1. No spaces are permitted between commas or within addresses.

#

#      2. If you give more IP addresses than MAX_CONNECTIONS, it will

#          start at the beginning of the list and go until it gets

#          MAX_CONNECTIONS IPs. Others will be ignored.

#

#      3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,

#          you must type 234-238 if you mean this.

#

#      4. If you give a single localIP, that's ok - all local IPs will

#          be set to the given one. You MUST still give at least one remote

#          IP for each simultaneous client.

#

# (Recommended)

#localip 192.168.0.1

#remoteip 192.168.0.234-238,192.168.0.245

# or

#localip 192.168.0.234-238,192.168.0.245

#remoteip 192.168.1.234-238,192.168.1.245

localip 192.168.1.1

remoteip 192.168.1.100-200

pptp-options:

Code:

###############################################################################

# $Id: pptpd-options 4643 2006-11-06 18:42:43Z rene $

#

# Sample Poptop PPP options file /etc/ppp/pptpd-options

# Options used by PPP when a connection arrives from a client.

# This file is pointed to by /etc/pptpd.conf option keyword.

# Changes are effective on the next connection.  See "man pppd".

#

# You are expected to change this file to suit your system.  As

# packaged, it requires PPP 2.4.2 and the kernel MPPE module.

###############################################################################





# Authentication



# Name of the local system for authentication purposes

# (must match the second field in /etc/ppp/chap-secrets entries)

name pptpd



# Optional: domain name to use for authentication

# domain mydomain.net



# Strip the domain prefix from the username before authentication.

# (applies if you use pppd with chapms-strip-domain patch)

#chapms-strip-domain





# Encryption

# Debian: on systems with a kernel built with the package

# kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ...

# {{{

refuse-pap

refuse-chap

refuse-mschap

# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft

# Challenge Handshake Authentication Protocol, Version 2] authentication.

require-mschap-v2

# Require MPPE 128-bit encryption

# (note that MPPE requires the use of MSCHAP-V2 during authentication)

require-mppe-128

# }}}









# Network and Routing



# If pppd is acting as a server for Microsoft Windows clients, this

# option allows pppd to supply one or two DNS (Domain Name Server)

# addresses to the clients.  The first instance of this option

# specifies the primary DNS address; the second instance (if given)

# specifies the secondary DNS address.

# Attention! This information may not be taken into account by a Windows

# client. See KB311218 in Microsoft's knowledge base for more information.

#ms-dns 10.0.0.1

#ms-dns 10.0.0.2



# If pppd is acting as a server for Microsoft Windows or "Samba"

# clients, this option allows pppd to supply one or two WINS (Windows

# Internet Name Services) server addresses to the clients.  The first

# instance of this option specifies the primary WINS address; the

# second instance (if given) specifies the secondary WINS address.

#ms-wins 10.0.0.3

#ms-wins 10.0.0.4



# Add an entry to this system's ARP [Address Resolution Protocol]

# table with the IP address of the peer and the Ethernet address of this

# system.  This will have the effect of making the peer appear to other

# systems to be on the local ethernet.

# (you do not need this if your PPTP server is responsible for routing

# packets to the clients -- James Cameron)

proxyarp



# Debian: do not replace the default route

nodefaultroute





# Logging



# Enable connection debugging facilities.

# (see your syslog configuration for where pppd sends to)

#debug



# Print out all the option values which have been set.

# (often requested by mailing list to verify options)

#dump





# Miscellaneous



# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive

# access.

lock



# Disable BSD-Compress compression

nobsdcomp



# extra

ms-dns 192.168.1.1

nobsdcomp

noipx

mtu 1490

mru 1490

noauth

syslog:

Code:

Jan 15 12:35:31 tinchev pptpd[14928]: CTRL: Client 2.121.242.48 control connection started

Jan 15 12:35:32 tinchev pptpd[14928]: CTRL: Starting call (launching pppd, opening GRE)

Jan 15 12:35:32 tinchev pppd[14929]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.

Jan 15 12:35:32 tinchev pppd[14929]: pppd 2.4.5 started by root, uid 0

Jan 15 12:35:32 tinchev pppd[14929]: Using interface ppp1

Jan 15 12:35:32 tinchev pppd[14929]: Connect: ppp1 <--> /dev/pts/3

Jan 15 12:35:32 tinchev pptpd[14928]: GRE: Bad checksum from pppd.

Jan 15 12:35:35 tinchev pptpd[14928]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

Jan 15 12:35:35 tinchev pppd[14929]: MPPE required, but MS-CHAP[v2] auth not performed.

Jan 15 12:35:35 tinchev pppd[14929]: Connection terminated.

Jan 15 12:35:35 tinchev pptpd[14928]: CTRL: Reaping child PPP[14929]

Jan 15 12:35:35 tinchev pppd[14929]: Exit.

Jan 15 12:35:35 tinchev pptpd[14928]: CTRL: Client 2.121.242.48 control connection finished

P.S. If I comment out the require and refuse params in pptp-options.conf i managed to get pass this error, but bad checksum still appears.

P.S.2 Thank you for yor time!