MPPE with PPTP - external module

Alan DeKok aland at deployingradius.com
Tue Apr 1 20:35:39 CEST 2014


P K wrote:

> VPN works fine with CHAP & MSCHAP with multiotp. The trouble is
> encryption (PPTP with MPPE). When encryption is selected by the user,
> VPN fails. The problem is that radius will not send the required MPPE
> responses(MS-MPPE-Recv-Key, MS-MPPE-Send-Key etc.) to NAS.

  Because the multiotp program isn't supplying them to FreeRADIUS.

> I note that mschap module has options like use_mppe,
> require_encryption etc.. How can I get radius to send those when I'm
> using multiotp module to perform chap/mschap so that PPTP with MPPE
> works?

  Make the multiotp program supply them to FreeRADIUS.

  The keys are derived from the NT-Password, and the MS-CHAP
information.  Since FreeRADIUS doesn't have the NT-Password, it can't
derive the keys.

  Alan DeKok.


More information about the Freeradius-Users mailing list