FR 2.0.5 MPPE problem - worked in 2.0.4

John Horne john.horne at plymouth.ac.uk
Fri Jul 4 19:06:19 CEST 2008 

Hello,

We are running Freeradius on some VPN servers using MPPE and PPTP. I
have upgraded one server this afternoon from FR 2.0.4 to 2.0.5. We are
now seeing the old (?!) error messages of MPPE not being available:

======================================================================
   Jul  4 17:40:01 betty pppd[23739]: rcvd [CHAP Response id=0x37
   <20f649170924934c
aea705692a84956100000000000000005000d7a07dae438cc630dfe93a6f147c9a031d758b8cf2d300>,
   name = "jhorne"]
   Jul  4 17:40:01 betty pppd[23739]: sent [CHAP Success id=0x37 
   "S=2A085F4D0A91C6832D347AF4305ED84C2ACF32E0"]
   Jul  4 17:40:01 betty pppd[23739]: MPPE required, but keys are not 
   available.  Possible plugin problem?
   Jul  4 17:40:01 betty pppd[23739]: sent [LCP TermReq id=0x2 "MPPE
   required but not available"]
   Jul  4 17:40:01 betty pppd[23739]: rcvd [CCP ConfReq id=0x4 <mppe +H
   +M +S +L -D +C>]
======================================================================


None of the configuration files were changed. Our 'users' file contains
a DEFAULT entry of:

     DEFAULT         Service-Type == Framed-User
                     MS-MPPE-Encryption-Policy = 0x00000002,
                     MS-MPPE-Encryption-Types = 0x00000006


When running FR 2.0.4 using 'radiusd -X' we can see the MPPE reply items
present (and FR then passes them on to the PPP daemon):

==================================================================
Login OK: [jhorne/<via Auth-Type = mschap>] (from client localhost port
0 cli 141.163.60.7)
Sending Access-Accept of id 141 to 127.0.0.1 port 32769
        MS-CHAP2-Success =
0x9c533d43393244394538333244413042433745324241443135463241354437354233443034394544313230
        Reply-Message = "Yes"
        MS-MPPE-Recv-Key = 0x0e7596f28778d7d71a7553aadfa57e92
        MS-MPPE-Send-Key = 0x41496804da30ffb8550fa9437ee6ae5e
        MS-MPPE-Encryption-Policy = 0x00000002
        MS-MPPE-Encryption-Types = 0x00000006
Finished request 0.
==================================================================


However, with FR 2.0.5 the MPPE reply items are missing:

==================================================================
Login OK: [jhorne] (from client localhost port 0 cli 141.163.60.7)
Sending Access-Accept of id 144 to 127.0.0.1 port 32769
        MS-CHAP2-Success =
0x37533d32413038354634443041393143363833324433343741463433303545443834433241434633324530
        Reply-Message = "Yes"
        MS-MPPE-Recv-Key = 0x00fbe23240bfd5a27fa70a2e32b581b3
        MS-MPPE-Send-Key = 0xff5da890119101d1c08693d65bc3fc5b
Finished request 0.
==================================================================


As said, none of the configuration files have changed at all. It seems
that FR 2.0.5 is dropping the reply items from the 'users' file after
proxying, rather than passing them on.


Has anyone else noticed this? I cannot really see anything relevant in
the Changelog that would explain this. I'm a little stumped as to how to
proceed with this (other than going back to 2.0.4), and it's late on a
Friday afternoon so I'm going home to think :-)



Thanks,

John.

-- 
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 587287
E-mail: John.Horne at plymouth.ac.uk       Fax: +44 (0)1752 587001

More information about the Freeradius-Users mailing list