The current ifup-ipppd (version 6.67-1) script seems to consider +pap (+chap) as the opposite of -pap (-chap), leading to the incorrect setting of authentication options for ipppd. In fact, those ipppd options are completely unrelated. +pap (+chap) means that the local side of the PPP connection requires the remote side to authenticate using pap (chap). -pap (-chap) means that the local side of the PPP connection refuses to authenticate itself with the remote side using pap (chap). Another way to say it is: "+" options refer to the authentication of the remote side by the local side whereas "-" options refer to the authentication of the local side by the remote side. This is a bit misleading, which is why newer versions of pppd have replaced those options by require-pap and refuse-pap. Following is a patch which correct that issue. Changes: - AUTH is replaced by AUTHLOCAL and AUTHREMOTE - AUTHLOCAL indicates which authentication schemes can be used for the authentication of the local side by the remote side. Authentication schemes are entered without leading "+" or "-". Possible values: "pap", "chap", "pap chap", "chap pap", "none", "noauth", "all" - AUTHREMOTE indicates which authentication schemes will be used for the authentication of the remote side by the local side. Authentication schemes are entered without leading "+" or "-". Possible values: "pap", "chap", "pap chap", "chap pap", "none", "noauth" - USER is replaced by NAMELOCAL and NAMEREMOTE - NAMELOCAL is the username (of the local side) which will be used to authenticate the local side with the remote side. - NAMEREMOTE is the username (of the remote side) which will be used to authenticate the remote side with the local side. - DIALIN is removed as the trick is not required anymore
Created attachment 58805 [details] more correct approach to authentication parameters
Closing bugs on older, no longer supported, releases. Apologies for any lack of response. If this persists on a current release, such as Fedora Core 4, please open a new bug.