Boobix DD-WRT User
Joined: 07 Jun 2006 Posts: 222 Location: FRANCE - PARIS
|
Posted: Thu Jun 08, 2006 1:11 Post subject: PPTP client - MPPE required but peer negotiation failed |
|
MPPE required but peer negotiation failed
Quote: | using channel 67
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <mru 1492> <asyncmap 0x0> <magic 0x702dbe31> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6f138de> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6f138de> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <mru 1492> <asyncmap 0x0> <magic 0x702dbe31> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=***********]
rcvd [CHAP Challenge id=0xe7 <******************>, name = "pptpserv"]
sent [CHAP Response id=0xe7 <*******************>, name = "user"
rcvd [LCP EchoRep id=0x0 magic=0x6f138de]
rcvd [CHAP Success id=0xe7 "S=***************** M=Access granted"]
sent [CCP ConfReq id=0x1 <mppe -H +M +S +L -D +C>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]
rcvd [LCP TermReq id=0x2 "MPPE required but peer negotiation failed"]
LCP terminated by peer (MPPE required but peer negotiation failed)
sent [LCP TermAck id=0x2]
rcvd [CCP ConfRej id=0x1 <mppe -H +M +S +L -D +C>]
Discarded non-LCP packet when LCP not open
Terminating on signal 15
Connection terminated.
Modem hangup |
Here you can find some infos
http://pptpclient.sourceforge.net/howto-diagnosis.phtml#mppe_rbpnf
Quote: | MPPE required but peer negotiation failed
Symptom: require-mppe-128 option is set, and debug logs contain this sequence:
sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
rcvd [CCP ConfReq id=0x4 <mppe +H -M -S -L -D +C>]
MPPE required but peer negotiation failed
sent [LCP TermReq id=0x4 "MPPE required but peer negotiation failed"]
with the essential component being the immediate termination by the local host on receipt of a CCP ConfReq that has the encryption bits turned off (-M -S -L).
Diagnosis: this is a defect of pppd on your system. It is terminating the connection on the basis that the peer started to suggest no encryption. Your pppd is not first negotiating to achieve encryption. The version of pppd you are using takes the require-mppe-128 option pedantically; refusing to connect if the peer is configured to allow no encryption, even if the peer may allow encryption after negotiation.
2005-01-19
Solution: you may fix this by (either);
using a later version of pppd that is not so pedantic, and will negotiate further to achieve encryption (a fix was made in revision 1.49 of file pppd/ccp.c in PPP CVS as the solution to closed Debian bug 294232 but is not yet released by the PPP project ... so you can upgrade to PPP CVS or apply the patch in the bug report), or
2006-03-09
removing the require-mppe-128 option from the file /etc/ppp/options.pptp and any other options given to pppd, if you are content with not using encryption (which can be risky),
configuring the peer to require encryption.
If the peer is a server is on the public internet, you may wish to warn the administrator that it is not set to require encryption, and so tunnels may be established in the clear, which is an information security risk. If they change the configuration to require encryption, this seems to fix this problem, because the initial negotiation attempt includes MPPE.
2005-01-19
(If the peer is Microsoft Windows 2000 acting as a server, check that the No Encryption option in Remote Access Policies is disabled. Rob Gamble provided us with instructions to fix this.)
2003-08-12
Symptom: debug logs contain this sequence:
Disabling 40-bit MPPE; MS-CHAP LM not supported
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfNak id=0x1 <mppe -H -M -S +L -D +C>]
MPPE required but peer negotiation failed
sent [LCP TermReq id=0x3 "MPPE required but peer negotiation failed"]
Diagnosis: You have directed the local pppd to require MPPE, but the negotiation with the peer failed to find a compatible encryption level and method.
In the case above, the local pppd has proposed stateless 128-bit encryption and compression, but the peer has requested stateless 40-bit encryption and no compression. The local pppd was built without 40-bit MPPE support, or 40-bit MPPE was disabled, and so it decided it could not proceed.
Depending on the debug messages that appear prior to the "MPPE required but peer negotiation failed" message, there may be other causes. Please write to the mailing list if you've found one that we haven't documented, and include the debug messages.
Solution: Rebuild pppd for 40-bit MPPE support, enable 40-bit MPPE support, or change the peer to accept 128-bit MPPE.
(If the peer is Microsoft Windows XP acting as a client, change properties for the VPN connection, select the security tab, then the settings button next to advanced. Under Data encryption, select "Maximum strength encryption". Contributed by Bob Elzer.)
2003-06-16
(If the peer is Microsoft Windows 2000 acting as a server, try adding the pppd options nomppe-stateful, nobsdcomp and novj. Contributed by Andrew Cilia.) |
|
|