# PPTP VPN connection failed: chap MS-v2 rejected [SOLVED]

## PhiJ

I'm trying to set up a PPTP VPN connection to my uni.  I've finally got to the stage when I 

```
pon UOB debug dump logfd 2 nodetach
```

 it, but I get this output:

```
pppd options in effect:

debug      # (from command line)

nodetach      # (from command line)

logfd 2      # (from command line)

dump      # (from command line)

noauth      # (from /etc/ppp/options.pptp)

refuse-chap      # (from /etc/ppp/options.pptp)

refuse-mschap      # (from /etc/ppp/options.pptp)

refuse-eap      # (from /etc/ppp/options.pptp)

name UOB\\JP6877      # (from /etc/ppp/peers/UOB)

remotename PPTP      # (from /etc/ppp/peers/UOB)

      # (from /etc/ppp/options.pptp)

pty pptp student-vpn.bris.ac.uk --nolaunchpppd      # (from /etc/ppp/peers/UOB)

ipparam UOB      # (from /etc/ppp/peers/UOB)

nobsdcomp      # (from /etc/ppp/options.pptp)

nodeflate      # (from /etc/ppp/options.pptp)

require-mppe-128      # (from /etc/ppp/peers/UOB)

using channel 2

Using interface ppp0

Connect: ppp0 <--> /dev/pts/2

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x5a5e3bad> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8cb5e596> <pcomp> <accomp>]

No auth is possible

sent [LCP ConfRej id=0x1 <auth chap MS-v2>]

rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x5a5e3bad> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x2 <mru 1450> <asyncmap 0x0> <magic 0x8cb5e596> <pcomp> <accomp>]

sent [LCP ConfAck id=0x2 <mru 1450> <asyncmap 0x0> <magic 0x8cb5e596> <pcomp> <accomp>]

MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed.

sent [LCP TermReq id=0x2 "MPPE required but not available"]

rcvd [LCP EchoReq id=0x0 magic=0x8cb5e596]

rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]

sent [LCP TermAck id=0x3]

rcvd [LCP TermAck id=0x2]

Connection terminated.

Script pptp student-vpn.bris.ac.uk --nolaunchpppd finished (pid 9827), status = 0x0
```

My 'peers' file is

```
pty "pptp student-vpn.bris.ac.uk --nolaunchpppd"

name UOB\\JP6877

remotename PPTP

require-mppe-128

require-mschap-v2

file /etc/ppp/options.pptp

ipparam UOB
```

my chap-secrets file is

```
domain\\username        PPTP       "psswd"       *
```

and my ppp use flags are 

```
activefilter dhcp eap-tls gtk ipv6 pam radius -atm -mppe-mppc
```

Last edited by PhiJ on Tue Feb 24, 2009 6:20 pm; edited 1 time in total

----------

## Will Scarlet

In your peers file take out the line of 

```
require-mppe-128
```

Hope this helps...   :Wink: 

----------

## PhiJ

It seems to be giving the same error message.    :Sad: 

----------

## Will Scarlet

Do you have ppp_mppe enable as a module or compiled in your kernel?  In your .config file for your kernel you would see something like 

```
CONFIG_PPP_MPPE=m 

or

CONFIG_PPP_MPPE=y
```

If it's a module, is it loading when you start your pptp session?

Also, here is my options.pptp file:

```
# Lock the port

lock

# Authentication

# We don't need the tunnel server to authenticate itself

noauth

# We won't do EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2

refuse-eap

refuse-chap

refuse-mschap

# Compression

# Turn off compression protocols we know won't be used

nobsdcomp

nodeflate

# Encryption

# (There have been multiple versions of PPP with encryption support,

# choose with of the following sections you will use.  Note that MPPE

# requires the use of MSCHAP-V2 during authentication)

# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras

# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o

# {{{

# Require MPPE 128-bit encryption

require-mppe-128

# }}}

# http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec

# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o

# {{{

# Require MPPE 128-bit encryption

#mppe stateless

# }}}
```

Make sure that in your file that the "require-mppe-128" is not commented and "mppe stateless" is commented.

Hope this helps...  :Wink: 

----------

## PhiJ

CONFIG_PPP_MPPE=y (I don't do anything as modules except ALSA as I don't know enough about kernel stuff to know when I'd want to, and it all works fine for me compiled in anyway)

Well, require-mppe-128 was commented, but uncommenting it (on peers and/or options.pptp) didn't change the output

----------

## Will Scarlet

After doing more research, I ran across http://pptpclient.sourceforge.net/howto-diagnosis.phtml and found this:

 *Quote:*   

> No auth is possible
> 
> Symptom: you are using PPP 2.4.2 or later and logs contain this sequence:
> 
> rcvd [LCP ConfReq id=0x0 <auth chap MS-v2> <magic 0x7a73> <pcomp> <accomp>]
> ...

 

It appears that something in your chap-secrets may be incorrect.  Maybe your password.

Also, looking at http://www.bristol.ac.uk/is/computing/advice/homeusers/uobvpn/howto/linux/ I found this:

 *Quote:*   

> You will need the following details to configure your connection:
> 
>     * Your UOB username and password.
> 
>     * The address of the server you are trying to connect to. (staff-vpn.bris.ac.uk for staff and student-vpn.bris.ac.uk for students)
> ...

 

So it appears that you can remove "UOB\\" from your username in both your peers and chap-secrets files.  Who knows, maybe that's the problem.

Hope this helps...  :Wink: 

----------

## gentoo_ram

I have the PPTP server working to my Mac and iPod Touch.  My chap-secrets contains:

```

username               pptpd      PaSsWoRd            *

```

It's a little different than the O.P.  No domain, password is not in double-quotes, and the service name is 'pptpd'.

----------

## PhiJ

Had to be an embarrassing error didn't it.  My username was in all-caps in the peers file and in lowercase in chap-secrets.  Shame

Thanks for the help.

----------

