Trouble with PPTP & FreeRadius

Mike Diggins mike.diggins at mcmaster.ca
Sun Mar 29 19:12:16 CEST 2009


On Sat, 28 Mar 2009, Alan DeKok wrote:

> Mike Diggins wrote:
>> I have a cisco vpn3030 concentrator with both IPSec and PPTP clients.
>> IPSec clients can successfully connect using my FreeRadius 2.1.3 server.
>> They use PAP, I believe. My PPTP clients are failing to connect. Every
>> indication on the Radius server is they have authenticated successfully,
>> although the client says no (both Macintosh and Windows XP clients).
>> When I point my cisco vpn3030 back to the CiscoSecure Radius server they
>> use now (what I'm migrating from), the clients work again. There must be
>> something different about the reply from each server. Any idea what
>> might be happening?
>
>  The replies are different, and the VPN3030 doesn't like the replies.
>
>  So... run "tcpdump", or "radsniff" on the packets from your old
> server.  See what is in the packets, and then make FreeRADIUS respond
> with the same content.  That's it.
>

I used wireshark to capture the working and non-working PPTP 
authentication. There is a difference, but I don't know how to interpret 
what's missing on the failed reply. Anyone want to have a look? Files are 
attached (I hope).

-Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pptp.working.pcap
Type: application/octet-stream
Size: 19402 bytes
Desc: 
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090329/49558fbb/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pptp.notworking.pcap
Type: application/octet-stream
Size: 4218 bytes
Desc: 
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090329/49558fbb/attachment-0001.obj>


More information about the Freeradius-Users mailing list