Cannot connect to PIX VPN with FC3
From: Stefan (stefan_at_mailinator.com)
Date: 08/26/05
- Next message: David Dumas: "dropped packets"
- Previous message: Simon Lee: "Re: POP SERVER PROBLEM IN REDHAT"
- Next in thread: Jim Cochrane: "Re: Cannot connect to PIX VPN with FC3"
- Reply: Jim Cochrane: "Re: Cannot connect to PIX VPN with FC3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 25 Aug 2005 19:13:20 -0700
Sorry if this was beaten to death somewhere else. Tried searching and
can't find anything definite.
I'm trying to connect a FC3 box at home to our PIX VPN at work. I've
followed the instructions at
http://pptpclient.sourceforge.net/howto-fedora-core-3.phtml verbatim.
Everything seems to load alright, but whenever I try to connect I get
this error in the status window:
LCP: timeout sending Config-Requests
Connection terminated.
At http://pptpclient.sourceforge.net/howto-diagnosis.phtml#lcp_timeout
they listed possible reasons relating to GRE packets. I did a
tcpdump/grep while trying to connect. There are numerous
gre-ppp-payload packets going to and from the server; Followed by 10
gre-ppp-payload going to the server with no response. Don't have a
clue on what to check from there.
Now I do have access to the PIX config (cannot change anything.) The
relevant config lines would be:
vpdn group VPN_USER accept dialin pptp
vpdn group VPN_USER ppp authentication pap
vpdn group VPN_USER ppp authentication chap
vpdn group VPN_USER ppp authentication mschap
vpdn group VPN_USER ppp encryption mppe 40 (I guess there is a license
problem for 128?)
...
My options.pptp looks like this:
lock
noauth
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
require-mppe
I also allowed mschap auth in the config and I got this error while
connecting:
CHAP authentication succeeded
Disabling 40-bit MPPE; MS-CHAP LM not supported
MPPE required but peer negotiation failed
Connection terminated.
So, do I need to use mschap instead of v2? But what gives with the
encryption? Do I not have 40bit capability? How do I check and fix?
I don't know what to try now... Any help would be greatly appreciated!
- Next message: David Dumas: "dropped packets"
- Previous message: Simon Lee: "Re: POP SERVER PROBLEM IN REDHAT"
- Next in thread: Jim Cochrane: "Re: Cannot connect to PIX VPN with FC3"
- Reply: Jim Cochrane: "Re: Cannot connect to PIX VPN with FC3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
