PPTP issue

Pascal Hambourg pascal.mail at plouf.fr.eu.org
Wed Nov 8 01:08:34 CET 2006


Jason Neurohr a écrit :
> Hello, trying to connect to pptp server through linux iptables firewall.
> I have the ip_conntrack_pptp and ip_nat_pptp modules loaded. Anyone know
> what the below means and how to fix it?
> 20:10:31.180676 IP pptpserver > xxxxxxxx: GREv1, call 4131, seq 3,
> length 48: CHAP, Challenge (0x01), id 2, Value
> bf1e69be064b99fd81c1810a9d05b0e5, Name

The server asks for authentication using CHAP.

> 20:10:31.219988 IP xxxxxxxx > pptpserver: GREv1, call 0, seq 3, ack 3,
> length 55: CHAP, Response (0x02), id 2, Value
> 50e507db3f5f8330dc3622846e7ffbb3, Name aaa__aaaaaaa

The client sends the authentication using CHAP, name aaa__aaaaaaa.

> 20:10:31.249508 IP pptpserver > xxxxxxxx: GREv1, call 4131, seq 4, ack
> 3, length 64: CHAP, Fail (0x04), id 2, Msg CHAP authentication failure,
> unit 578938[|chap]

"CHAP authentication failure" means that the PPTP client failed to 
authenticate itself on the server. Probably wrong login/password. The 
TCP connection and GRE tunnel communications seem OK so I don't think 
this has anything to do with Netfilter/iptables.

More information about the netfilter mailing list