• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 869
  • Last Modified:

MS-CHAPv2 Success packet is badly formed.

Hello, we have a 3300v+ Router
Hardware Version : 1.0
Firmware Version : 2.6.3 (EN)
Build Date&Time : 2010-08-17 14:31:01

When PPTP authenticates via local accounts on the router things work fine with Windows, Mac and Linux.

However when we introduce a Windows 2008R2 using NPS as a Radius server; the windows clients connect just fine but the MAC and Linux clients get the following error:

pppd[3625]: MS-CHAPv2 Success packet is badly formed.

Any ideas?

And please no "Get a Cisco" - we are a Cisco shop and would gladly get rid of this junk. Some things are just out of your control.

++the log++
pppd[3625]: Using interface ppp0
NetworkManager[423]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
NetworkManager[423]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
pppd[3625]: Connect: ppp0 <--> /dev/pts/0
pptp[3628]: nm-pptp-service-3322 log[main:pptp.c:314]: The synchronous pptp option is NOT activated
pptp[3635]: nm-pptp-service-3322 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[3635]: nm-pptp-service-3322 log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
pptp[3635]: nm-pptp-service-3322 log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
pptp[3635]: nm-pptp-service-3322 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[3635]: nm-pptp-service-3322 log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
pptp[3635]: nm-pptp-service-3322 log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 138).
pppd[3625]: MS-CHAPv2 Success packet is badly formed.
pppd[3625]: CHAP authentication failed
NetworkManager[423]: <warn> VPN plugin failed: 1
pppd[3625]: Connection terminated.
avahi-daemon[418]: Withdrawing workstation service for ppp0.
pptp[3628]: nm-pptp-service-3322 warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
pptp[3628]: nm-pptp-service-3322 warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
pptp[3635]: nm-pptp-service-3322 log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled)
pptp[3635]: nm-pptp-service-3322 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
NetworkManager[423]: <warn> VPN plugin failed: 1
pptp[3635]: nm-pptp-service-3322 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
NetworkManager[423]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
pppd[3625]: Exit.
NetworkManager[423]: <info> VPN plugin state changed: 6
NetworkManager[423]: <info> VPN plugin state change reason: 0
NetworkManager[423]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
0
CETECH_FBRUMM
Asked:
CETECH_FBRUMM
  • 6
  • 4
1 Solution
 
Duncan RoeSoftware DeveloperCommented:
Do you have any idea which plugin NetworkManager is complaining about? Although it may not be relevant.
I would tcpdump -i ppp0 (or whatever interface pptp uses) with a Windows client (to see what it should look like) and then a Linux / MAC client.
0
 
CETECH_FBRUMMAuthor Commented:
Hi Duncan_roe, thanks for your post.

I'm not sure how to determine what the networkmanager is complaining about - outside that it appears to be having trouble with an excess 'success packet' sent from either the MS NPS Radius Server, or by the Router, or by maybe the compilation of the networkmanager code in Mac/Linux. Would it be possible that we need a updated networkmanager? if so, how do we go about that?

I think you are advising we produce a windows log for comparison - we will try this and get back. If you have any other thoughts, that would be appreciated.
0
 
Duncan RoeSoftware DeveloperCommented:
Yes and no - a tcpdump of the session will show you far more than the log above - for Linux or Windows clients. You can make tcpdump produce dump files and post them as file attachments if you like.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
CETECH_FBRUMMAuthor Commented:
Duncan, we posted a bunch of logs but dont see them here.. do you see them?
0
 
Duncan RoeSoftware DeveloperCommented:
No I don't see them either. Possibly EE didn't like the file names. You could try adding .append.txt to them - I do that to get email attachments through filters. Or just try again :-/
0
 
CETECH_FBRUMMAuthor Commented:
posted again on friday.. testing
0
 
CETECH_FBRUMMAuthor Commented:
Hmm, trying a 3rd time...

attached are the captures and wireshark - didnt help us much but maybe it will make sense to you.
Router-logs
0
 
Duncan RoeSoftware DeveloperCommented:
Got the 4 files. And have looked at them in some detail. Then I carefully re-read your original question.
In your original Q, you posted a syslog file (i.e. /var/log/something). This is a very useful file, and I would like to see it for both Windows and Linux. But first, please insert this line in /etc/ppp/options
debug

Open in new window

Also make sure that debug messages are logged (check /etc/syslog.conf). Post syslogs for Windows and Linux.
Depending on what these show, I may or may not be able to help further. I haven't run pptp for a while, keep on meaning to set it up at home to rdesktop into work but am held up because my box at work doesn't accept rdesktop requests, not even from neighbouring systems.
MS-CHAPv2 Success packet is badly formed.
is the problem we need to fix. We need to get as much info as we can into the syslog, possibly including tcpdump output eventually.
By the way, please can you familiarise yourself with tcpdump. I find its output much easier to read than wireshark.
0
 
CETECH_FBRUMMAuthor Commented:
Duncan,
we have received notfication from Draytek UK (no US support - go figure) that the router may just not support PPTP via Radius for Mac and Linux clients. Not firm one way or the other.

My next thought was to use L2TP for Mac/Linux and PPTP for Windows - however the Router does support L2TP encryption of any kind.

We are able to do these things with Cisco products and have gone back to the customer to replace the gear.

Marking this as solved - gear to be replaced.

Thanks for your time,
Fred
0
 
CETECH_FBRUMMAuthor Commented:
Problem solved via new hardware. <br /><br />Althought we never actually solved this problem - Duncan was very helpful and responsive. <br /><br />Thanks Duncan!
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now