Solved

MS-CHAPv2 Success packet is badly formed.

Posted on 2012-04-02
10
804 Views
Last Modified: 2012-06-27
Hello, we have a 3300v+ Router
Hardware Version : 1.0
Firmware Version : 2.6.3 (EN)
Build Date&Time : 2010-08-17 14:31:01

When PPTP authenticates via local accounts on the router things work fine with Windows, Mac and Linux.

However when we introduce a Windows 2008R2 using NPS as a Radius server; the windows clients connect just fine but the MAC and Linux clients get the following error:

pppd[3625]: MS-CHAPv2 Success packet is badly formed.

Any ideas?

And please no "Get a Cisco" - we are a Cisco shop and would gladly get rid of this junk. Some things are just out of your control.

++the log++
pppd[3625]: Using interface ppp0
NetworkManager[423]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
NetworkManager[423]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
pppd[3625]: Connect: ppp0 <--> /dev/pts/0
pptp[3628]: nm-pptp-service-3322 log[main:pptp.c:314]: The synchronous pptp option is NOT activated
pptp[3635]: nm-pptp-service-3322 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[3635]: nm-pptp-service-3322 log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
pptp[3635]: nm-pptp-service-3322 log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
pptp[3635]: nm-pptp-service-3322 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[3635]: nm-pptp-service-3322 log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
pptp[3635]: nm-pptp-service-3322 log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 138).
pppd[3625]: MS-CHAPv2 Success packet is badly formed.
pppd[3625]: CHAP authentication failed
NetworkManager[423]: <warn> VPN plugin failed: 1
pppd[3625]: Connection terminated.
avahi-daemon[418]: Withdrawing workstation service for ppp0.
pptp[3628]: nm-pptp-service-3322 warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
pptp[3628]: nm-pptp-service-3322 warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
pptp[3635]: nm-pptp-service-3322 log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled)
pptp[3635]: nm-pptp-service-3322 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
NetworkManager[423]: <warn> VPN plugin failed: 1
pptp[3635]: nm-pptp-service-3322 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
NetworkManager[423]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
pppd[3625]: Exit.
NetworkManager[423]: <info> VPN plugin state changed: 6
NetworkManager[423]: <info> VPN plugin state change reason: 0
NetworkManager[423]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
0
Comment
Question by:CETECH_FBRUMM
  • 6
  • 4
10 Comments
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 37810254
Do you have any idea which plugin NetworkManager is complaining about? Although it may not be relevant.
I would tcpdump -i ppp0 (or whatever interface pptp uses) with a Windows client (to see what it should look like) and then a Linux / MAC client.
0
 

Author Comment

by:CETECH_FBRUMM
ID: 37821800
Hi Duncan_roe, thanks for your post.

I'm not sure how to determine what the networkmanager is complaining about - outside that it appears to be having trouble with an excess 'success packet' sent from either the MS NPS Radius Server, or by the Router, or by maybe the compilation of the networkmanager code in Mac/Linux. Would it be possible that we need a updated networkmanager? if so, how do we go about that?

I think you are advising we produce a windows log for comparison - we will try this and get back. If you have any other thoughts, that would be appreciated.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 37822952
Yes and no - a tcpdump of the session will show you far more than the log above - for Linux or Windows clients. You can make tcpdump produce dump files and post them as file attachments if you like.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:CETECH_FBRUMM
ID: 37839292
Duncan, we posted a bunch of logs but dont see them here.. do you see them?
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 37840228
No I don't see them either. Possibly EE didn't like the file names. You could try adding .append.txt to them - I do that to get email attachments through filters. Or just try again :-/
0
 

Author Comment

by:CETECH_FBRUMM
ID: 37846928
posted again on friday.. testing
0
 

Author Comment

by:CETECH_FBRUMM
ID: 37846934
Hmm, trying a 3rd time...

attached are the captures and wireshark - didnt help us much but maybe it will make sense to you.
Router-logs
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 500 total points
ID: 37847522
Got the 4 files. And have looked at them in some detail. Then I carefully re-read your original question.
In your original Q, you posted a syslog file (i.e. /var/log/something). This is a very useful file, and I would like to see it for both Windows and Linux. But first, please insert this line in /etc/ppp/options
debug

Open in new window

Also make sure that debug messages are logged (check /etc/syslog.conf). Post syslogs for Windows and Linux.
Depending on what these show, I may or may not be able to help further. I haven't run pptp for a while, keep on meaning to set it up at home to rdesktop into work but am held up because my box at work doesn't accept rdesktop requests, not even from neighbouring systems.
MS-CHAPv2 Success packet is badly formed.
is the problem we need to fix. We need to get as much info as we can into the syslog, possibly including tcpdump output eventually.
By the way, please can you familiarise yourself with tcpdump. I find its output much easier to read than wireshark.
0
 

Author Comment

by:CETECH_FBRUMM
ID: 37862743
Duncan,
we have received notfication from Draytek UK (no US support - go figure) that the router may just not support PPTP via Radius for Mac and Linux clients. Not firm one way or the other.

My next thought was to use L2TP for Mac/Linux and PPTP for Windows - however the Router does support L2TP encryption of any kind.

We are able to do these things with Cisco products and have gone back to the customer to replace the gear.

Marking this as solved - gear to be replaced.

Thanks for your time,
Fred
0
 

Author Closing Comment

by:CETECH_FBRUMM
ID: 37862759
Problem solved via new hardware. <br /><br />Althought we never actually solved this problem - Duncan was very helpful and responsive. <br /><br />Thanks Duncan!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question