Trouble with PPTP & FreeRadius
Mike Diggins
mike.diggins at mcmaster.ca
Sun Mar 29 19:12:16 CEST 2009
On Sat, 28 Mar 2009, Alan DeKok wrote:
> Mike Diggins wrote:
>> I have a cisco vpn3030 concentrator with both IPSec and PPTP clients.
>> IPSec clients can successfully connect using my FreeRadius 2.1.3 server.
>> They use PAP, I believe. My PPTP clients are failing to connect. Every
>> indication on the Radius server is they have authenticated successfully,
>> although the client says no (both Macintosh and Windows XP clients).
>> When I point my cisco vpn3030 back to the CiscoSecure Radius server they
>> use now (what I'm migrating from), the clients work again. There must be
>> something different about the reply from each server. Any idea what
>> might be happening?
>
> The replies are different, and the VPN3030 doesn't like the replies.
>
> So... run "tcpdump", or "radsniff" on the packets from your old
> server. See what is in the packets, and then make FreeRADIUS respond
> with the same content. That's it.
>
I used wireshark to capture the working and non-working PPTP
authentication. There is a difference, but I don't know how to interpret
what's missing on the failed reply. Anyone want to have a look? Files are
attached (I hope).
-Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pptp.working.pcap
Type: application/octet-stream
Size: 19402 bytes
Desc:
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090329/49558fbb/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pptp.notworking.pcap
Type: application/octet-stream
Size: 4218 bytes
Desc:
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090329/49558fbb/attachment-0001.obj>
More information about the Freeradius-Users
mailing list