Bug 1462263 - missing MS-CHAP-v2 in vpn pptp
missing MS-CHAP-v2 in vpn pptp
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: NetworkManager-pptp (Show other bugs)
25
Unspecified Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Lubomir Rintel
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-16 10:33 EDT by sirber
Modified: 2017-06-16 11:13 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-06-16 11:13:23 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description sirber 2017-06-16 10:33:46 EDT
Description of problem:

Using NetworkManager GUI, cannot connect to pptp vpn that only allow ms-chapv2

How reproducible:
Create a new VPN connetion, pptp. Try to connect

Actual results:
Jun 16 10:32:09 sirber-laptop5 pppd[13431]: MS-CHAP authentication failed: Access denied
Jun 16 10:32:09 sirber-laptop5 pppd[13431]: CHAP authentication failed
Jun 16 10:32:09 sirber-laptop5 NetworkManager: MS-CHAP authentication failed: Access denied
Jun 16 10:32:09 sirber-laptop5 NetworkManager: CHAP authentication failed
Jun 16 10:32:09 sirber-laptop5 pppd[13431]: Connection terminated.
Jun 16 10:32:09 sirber-laptop5 NetworkManager: Connection terminated.

Expected results:
That it would try MS-CHAPv2 as configured.

Additional info:

[connection]
id=Some VPN
uuid=0efb9762-986b-46fb-90f0-xxxxxxxxxxx
type=vpn
autoconnect=false
permissions=
secondaries=

[vpn]
gateway=xx.xx.xx.xx
no-vj-comp=yes
nobsdcomp=yes
nodeflate=yes
password-flags=1
refuse-chap=yes
refuse-pap=yes
require-mppe-128=yes
user=sirber
service-type=org.freedesktop.NetworkManager.pptp

[ipv4]
dns-search=
method=auto
Comment 1 sirber 2017-06-16 10:35:09 EDT
With a Windows 10 client, I can connect to the server whitout issue.
Comment 2 sirber 2017-06-16 10:49:51 EDT
works in commandline:

Jun 16 10:47:22 sirber-laptop5 pppd[13907]: pppd 2.4.7 started by sirber, uid 0
Jun 16 10:47:22 sirber-laptop5 pppd[13907]: Using interface ppp0
Jun 16 10:47:22 sirber-laptop5 pppd[13907]: Connect: ppp0 <--> /dev/pts/4
Jun 16 10:47:22 sirber-laptop5 pptp[13908]: anon log[main:pptp.c:356]: The synchronous pptp option is NOT activated
Jun 16 10:47:22 sirber-laptop5 NetworkManager[903]: <info>  [1497624442.0881] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/15)
Jun 16 10:47:22 sirber-laptop5 pptp[13919]: anon log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jun 16 10:47:22 sirber-laptop5 pptp[13919]: anon log[ctrlp_disp:pptp_ctrl.c:781]: Received Start Control Connection Reply
Jun 16 10:47:22 sirber-laptop5 pptp[13919]: anon log[ctrlp_disp:pptp_ctrl.c:815]: Client connection established.
Jun 16 10:47:23 sirber-laptop5 pptp[13919]: anon log[ctrlp_rep:pptp_ctrl.c:259]: Sent control packet type is 7 'Outgoing-Call-Request'
Jun 16 10:47:23 sirber-laptop5 pptp[13919]: anon log[ctrlp_disp:pptp_ctrl.c:900]: Received Outgoing Call Reply.
Jun 16 10:47:23 sirber-laptop5 pptp[13919]: anon log[ctrlp_disp:pptp_ctrl.c:939]: Outgoing call established (call ID 53317, peer's call ID 1152).
Jun 16 10:47:23 sirber-laptop5 pppd[13907]: CHAP authentication succeeded
Jun 16 10:47:23 sirber-laptop5 kernel: PPP MPPE Compression module registered
Jun 16 10:47:23 sirber-laptop5 pppd[13907]: MPPE 128-bit stateless compression enabled
Jun 16 10:47:23 sirber-laptop5 pppd[13907]: local  IP address xx.xx.xx.xx
Jun 16 10:47:23 sirber-laptop5 pppd[13907]: remote IP address xx.xx.xx.xx
Comment 3 sirber 2017-06-16 11:13:23 EDT
got it...

When I add or modify the vpn connection in Network manager. Sudo does a popup but the edit connection window goes on top of it. If I enter my password afterward, it is not saved. So the connetion fail.

I'm on Fedora 25 xfce spin.

Note You need to log in before you can comment on or make changes to this bug.