Having two MS-MPPE key pairs...

Panagiotis Georgopoulos panos at comp.lancs.ac.uk
Wed Nov 17 14:29:57 CET 2010

Hello all,


                I am using EAP-TTLS/EAP-MSCHAPv2 to authenticate clients
with a FR 2.1.10 backend AAA server. Requests go over an Access Point
(playing the role of the NAS), then get forwarded to a Proxy AAA FR 2.1.10
server and finally get routed to my backend server. My client is using
wpa_supplicant with "EAP=TTLS" and "Phase2="autheap=mschapv2"" options in
the configuration file.


                The problem I am having is that when the FR sends the final
Accept-Accept to the client, I end up having two MS-MPPE-Send-Key and
MS-MPPE-Recv-Key keys of different length, one added by the mschap module
and one added by the eap module, as seen here : 


Sending Access-Accept of id 52 to 2001:db95::100 port 1814

      Reply-Message = "Hello, bob-mr1"

      MS-MPPE-Encryption-Policy = 0x00000001

      MS-MPPE-Encryption-Types = 0x00000006

      MS-MPPE-Send-Key = 0x8566119a6066e8eb7c1663dea8d1629b

      MS-MPPE-Recv-Key = 0xc1f99bac753248c48db73fd5585bf810

      Message-Authenticator = 0x00000000000000000000000000000000

      User-Name = "bob-mr1"

      MS-MPPE-Recv-Key =

      MS-MPPE-Send-Key =

      EAP-Message = 0x03cf0004

      Proxy-State = 0x3130


                (if someone wants a full debug output of the server it is
posted here : http://pastebin.com/aXFMXXbT )


                Having two MS-MPPE key pairs is wrong and does not allow the
end-client to properly finish its key exchange with the Access Point, but
restarts the EAP-TTLS communication.  I figured out that I could remove one
pair of keys, by either doing this at the end of my post-auth section of my
inner-tunnel : 

update reply {

MS-MPPE-Send-Key !* 0x00

MS-MPPE-Recv-Key !* 0x00



                ..or if I set "use_mppe=no" to the mschap module although
this means that I will be loosing the MS-MPPE-Encryption-Policy and
MS-MPPE-Encryption-Types attributes as well. Which one do you think is the
best approach and has less impact for other authentication methods (e.g.
straightforward mschapv2 or others)?


                By the way, I also tried using PEAP and mschapv2 for phase 2
but it didn't have the above problem (it had just one pair of MS-MPPE keys).
Isn't that weird since mschapv2 in PEAP is also eap-mschapv2 so it would
expect to get exactly the same phase 2 with EAP-TTLS.. What am I missing


                Thanks a lot in advance,




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101117/8195db5c/attachment.html>

More information about the Freeradius-Users mailing list