MPPE with PPTP - external module
Alan DeKok
aland at deployingradius.com
Tue Apr 1 20:35:39 CEST 2014
P K wrote:
> VPN works fine with CHAP & MSCHAP with multiotp. The trouble is
> encryption (PPTP with MPPE). When encryption is selected by the user,
> VPN fails. The problem is that radius will not send the required MPPE
> responses(MS-MPPE-Recv-Key, MS-MPPE-Send-Key etc.) to NAS.
Because the multiotp program isn't supplying them to FreeRADIUS.
> I note that mschap module has options like use_mppe,
> require_encryption etc.. How can I get radius to send those when I'm
> using multiotp module to perform chap/mschap so that PPTP with MPPE
> works?
Make the multiotp program supply them to FreeRADIUS.
The keys are derived from the NT-Password, and the MS-CHAP
information. Since FreeRADIUS doesn't have the NT-Password, it can't
derive the keys.
Alan DeKok.
More information about the Freeradius-Users
mailing list