MPPE with PPTP - external module

P K getpkme at gmail.com
Tue Apr 1 18:07:32 CEST 2014


Hi,

I'm using multiotp with freeradius for VPN. Since multiotp supports
CHAP/MSCHAP, I have the AuthType set to multiotp. The multiotp module
has the following:

exec multiotp {
        wait = yes
        input_pairs = request
        output_pairs = reply
        program = "/path/to/multiotp.php %{User-Name} %{User-Password}
-src=%{Packet-Src-IP-Address} -chap-challenge=%{CHAP-Challenge}
-chap-password=%{CHAP-Password}
-ms-chap-challenge=%{MS-CHAP-Challenge}
-ms-chap-response=%{MS-CHAP-Response}
-ms-chap2-response=%{MS-CHAP2-Response}"
        shell_escape = yes
}

VPN works fine with CHAP & MSCHAP with multiotp. The trouble is
encryption (PPTP with MPPE). When encryption is selected by the user,
VPN fails. The problem is that radius will not send the required MPPE
responses(MS-MPPE-Recv-Key, MS-MPPE-Send-Key etc.) to NAS.

I note that mschap module has options like use_mppe,
require_encryption etc.. How can I get radius to send those when I'm
using multiotp module to perform chap/mschap so that PPTP with MPPE
works?

Thanks.


More information about the Freeradius-Users mailing list