[MASOCH-L] Forçar autenticação PAP
Hamilton Vera
hamilton at theforce.com.br
Mon Jan 30 17:26:19 BRST 2012
Oi Luiz, boa tarde.
Apesar de ser vendido como VPN, o serviço nada mais é do que uma APN
"particular". Pelos dumps que fiz com o modem que funciona, não parece ter
tunel ou qualquer coisa do tipo que tenha criptografia.
Muito obrigado.
Em 30 de janeiro de 2012 17:19, Luiz Fernando Souza Machado <
lfsm10 at gmail.com> escreveu:
> Hamilton
>
> quem efetua a autenticação é um servidor seu através de algum túnel ?
>
>
> Em 30 de janeiro de 2012 15:28, Bruno Cabral <bruno at openline.com.br
> >escreveu:
>
> > Entao parece que o outro lado nao aceita PAP por padrao. Ja questionou o
> > suporte deles? O que responderam?
> >
> > !3runo Cabrsl
> > --
> > Cursos e Consultoria BGP/OSPF
> >
> > > Date: Mon, 30 Jan 2012 13:24:11 -0200
> > > From: hamilton at theforce.com.br
> > > To: masoch-l at eng.registro.br
> > > Subject: Re: [MASOCH-L] Forçar autenticação PAP
> > >
> > > Sim senhor, inclusive tive que modificar o /etc/ppp/pap-secrets, porém
> > > quando utilizo o +pap o provedor recusa "peer refused to authenticate:
> > > terminating link":
> > >
> > >
> > > Jan 1 01:21:41 g100 pppd[3716]: Connect: ppp0 <--> /dev/ttyUSB0
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0>
> > > <auth pap> <magic 0x2a15fe3c> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x20 <asyncmap
> 0x0>
> > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x20 <auth eap>]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfRej id=0x1 <auth pap>]
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP ConfReq id=0x2 <asyncmap
> 0x0>
> > > <magic 0x2a15fe3c> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x21 <asyncmap
> 0x0>
> > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x21 <auth eap>]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfAck id=0x2 <asyncmap
> 0x0>
> > > <magic 0x2a15fe3c> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x22 <asyncmap
> 0x0>
> > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x22 <auth eap>]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x23 <asyncmap
> 0x0>
> > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x23 <auth eap>]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x24 <asyncmap
> 0x0>
> > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x24 <auth eap>]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x25 <asyncmap
> 0x0>
> > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP ConfRej id=0x25 <auth chap
> > MD5>]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x26 <asyncmap
> 0x0>
> > > <magic 0x9ec980f1> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP ConfAck id=0x26 <asyncmap
> 0x0>
> > > <magic 0x9ec980f1> <pcomp> <accomp>]
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP EchoReq id=0x0
> > magic=0x2a15fe3c]
> > > Jan 1 01:21:42 g100 pppd[3716]: peer refused to authenticate:
> > terminating
> > > link
> > > Jan 1 01:21:42 g100 pppd[3716]: sent [LCP TermReq id=0x3 "peer refused
> > to
> > > authenticate"]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP DiscReq id=0x27
> > magic=0x9ec980f1]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP EchoRep id=0x0
> > magic=0x9ec980f1
> > > 2a 15 fe 3c]
> > > Jan 1 01:21:42 g100 pppd[3716]: rcvd [LCP TermAck id=0x3]
> > >
> > >
> > > Então o lógico e natural seria assumir que a autenticação não é PAP,
> > porém
> > > outro modem conecta sem problemas:
> > >
> > >
> > > Connect: ppp0 <--> /dev/ttyUSB3
> > > sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa053d16f> <pcomp>
> > <accomp>]
> > > rcvd [LCP ConfReq id=0x0 <asyncmap 0x0> <auth chap MD5> <magic
> 0xf12a90>
> > > <pcomp> <accomp>]
> > > sent [LCP ConfNak id=0x0 <auth chap MS-v2>]
> > > rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xa053d16f> <pcomp>
> > <accomp>]
> > > rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0xf12a90>
> > <pcomp>
> > > <accomp>]
> > > sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth pap> <magic 0xf12a90>
> > <pcomp>
> > > <accomp>]
> > > sent [LCP EchoReq id=0x0 magic=0xa053d16f]
> > > sent [PAP AuthReq id=0x1 user="secret" password=<hidden>]
> > > rcvd [LCP DiscReq id=0x2 magic=0xf12a90]
> > > rcvd [LCP EchoRep id=0x0 magic=0xf12a90 a0 53 d1 6f]
> > > rcvd [PAP AuthAck id=0x1 ""]
> > > PAP authentication succeeded
> > > sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
> > > rcvd [IPCP ConfNak id=0x1 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > rcvd [IPCP ConfNak id=0x2 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > sent [IPCP ConfReq id=0x3 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > rcvd [IPCP ConfNak id=0x3 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > sent [IPCP ConfReq id=0x4 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > rcvd [IPCP ConfNak id=0x4 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > sent [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > rcvd [IPCP ConfNak id=0x5 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > sent [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > rcvd [IPCP ConfNak id=0x6 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > sent [IPCP ConfReq id=0x7 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > rcvd [IPCP ConfReq id=0x0]
> > > sent [IPCP ConfNak id=0x0 <addr 0.0.0.0>]
> > > rcvd [IPCP ConfRej id=0x7 <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > sent [IPCP ConfReq id=0x8 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > > 10.11.12.14>]
> > > rcvd [IPCP ConfReq id=0x1]
> > > sent [IPCP ConfAck id=0x1]
> > > rcvd [IPCP ConfNak id=0x8 <addr 10.48.5.40> <ms-dns1 10.61.255.62>
> > <ms-dns2
> > > 200.153.0.68>]
> > > sent [IPCP ConfReq id=0x9 <addr 10.48.5.40> <ms-dns1 10.61.255.62>
> > <ms-dns2
> > > 200.153.0.68>]
> > > rcvd [IPCP ConfAck id=0x9 <addr 10.48.5.40> <ms-dns1 10.61.255.62>
> > <ms-dns2
> > > 200.153.0.68>]
> > > Could not determine remote IP address: defaulting to 10.64.64.64
> > > local IP address 10.48.5.40
> > > remote IP address 10.64.64.64
> > > primary DNS address 10.61.255.62
> > > secondary DNS address 200.153.0.68
> > >
> > >
> > > Infelizmente ainda não consegui um contato direto com a operadora.
> > >
> > > Muito obrigado pela ajuda Bruno, se houver outra dica ficarei
> > extramemente
> > > agradecido.
> > >
> > > Obrigado.
> > >
> > > Hamilton Vera
> > >
> > > Em 30 de janeiro de 2012 13:01, Bruno Cabral <bruno at openline.com.br
> > >escreveu:
> > >
> > > >
> > > > Tentou "+pap" ou "pap" no options.pppd ?
> > > > !3runo Cabral--Cursos e Consultoria BGP/OSPF
> > > >
> > > > > Estou utilizando o modem Huawei EM 770W para utilizar os serviços
> de
> > > > "VPN"
> > > > > da vivo "zapvpn.vivo.com.br" . Pelo que percebi esse serviço
> > utiliza a
> > > > > autenticação PAP.
> > > > >
> > > > > Infelizmente o modem EM 770W por algum motivo desconhecido só tenta
> > > > > negociar MS-CHAP. Já tentei várias opções no PPPD do linux para
> > forçar
> > > > > negociação PAP:
> > > > (...)> -chap
> > > > > refuse-chap
> > > > > refuse-mschap
> > > > > refuse-mschap-v2
> > > >
> > > > __
> > > > masoch-l list
> > > > https://eng.registro.br/mailman/listinfo/masoch-l
> > > >
> > >
> > >
> > >
> > > --
> > > http://hvera.wordpress.com
> > > __
> > > masoch-l list
> > > https://eng.registro.br/mailman/listinfo/masoch-l
> >
> > __
> > masoch-l list
> > https://eng.registro.br/mailman/listinfo/masoch-l
> >
>
>
>
> --
>
> Atenciosamente
> Luiz Fernando Machado
> __
> masoch-l list
> https://eng.registro.br/mailman/listinfo/masoch-l
>
--
http://hvera.wordpress.com
More information about the masoch-l
mailing list