[MASOCH-L] Forçar autenticação PAP

Luiz Fernando Souza Machado lfsm10 at gmail.com
Mon Jan 30 17:28:47 -03 2012


bom , dependendo da aplicação do seu cliente não vai funcionar.
nos aqui temos uma APN privada, fechamos túnel l2tpn com autenticação
Radius.
ai funciona tanto a autenticação PAP, CHAP MSCHAP.

att.
Luiz Fernando.

Em 30 de janeiro de 2012 17:26, Hamilton Vera
<hamilton at theforce.com.br>escreveu:

> Oi Luiz, boa tarde.
>
> Apesar de ser vendido como VPN, o serviço nada mais é do que uma APN
> "particular". Pelos dumps que fiz com o modem que funciona, não parece ter
> tunel ou qualquer coisa do tipo que tenha criptografia.
>
> Muito obrigado.
>
> Em 30 de janeiro de 2012 17:19, Luiz Fernando Souza Machado <
> lfsm10 at gmail.com> escreveu:
>
> > Hamilton
> >
> > quem efetua a autenticação é um servidor seu através de algum túnel ?
> >
> >
> > Em 30 de janeiro de 2012 15:28, Bruno Cabral <bruno at openline.com.br
> > >escreveu:
> >
> > > Entao parece que o outro lado nao aceita PAP por padrao. Ja questionou
> o
> > > suporte deles? O que responderam?
> > >
> > > !3runo Cabrsl
> > > --
> > > Cursos e Consultoria BGP/OSPF
> > >
> > > > Date: Mon, 30 Jan 2012 13:24:11 -0200
> > > > From: hamilton at theforce.com.br
> > > > To: masoch-l at eng.registro.br
> > > > Subject: Re: [MASOCH-L] Forçar autenticação PAP
> > > >
> > > > Sim senhor, inclusive tive que modificar o /etc/ppp/pap-secrets,
> porém
> > > > quando utilizo o +pap o provedor recusa "peer refused to
> authenticate:
> > > > terminating link":
> > > >
> > > >
> > > > Jan  1 01:21:41 g100 pppd[3716]: Connect: ppp0 <--> /dev/ttyUSB0
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfReq id=0x1 <asyncmap
> > 0x0>
> > > > <auth pap> <magic 0x2a15fe3c> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x20 <asyncmap
> > 0x0>
> > > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x20 <auth
> eap>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfRej id=0x1 <auth pap>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfReq id=0x2 <asyncmap
> > 0x0>
> > > > <magic 0x2a15fe3c> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x21 <asyncmap
> > 0x0>
> > > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x21 <auth
> eap>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfAck id=0x2 <asyncmap
> > 0x0>
> > > > <magic 0x2a15fe3c> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x22 <asyncmap
> > 0x0>
> > > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x22 <auth
> eap>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x23 <asyncmap
> > 0x0>
> > > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x23 <auth
> eap>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x24 <asyncmap
> > 0x0>
> > > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x24 <auth
> eap>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x25 <asyncmap
> > 0x0>
> > > > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfRej id=0x25 <auth chap
> > > MD5>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x26 <asyncmap
> > 0x0>
> > > > <magic 0x9ec980f1> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfAck id=0x26 <asyncmap
> > 0x0>
> > > > <magic 0x9ec980f1> <pcomp> <accomp>]
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP EchoReq id=0x0
> > > magic=0x2a15fe3c]
> > > > Jan  1 01:21:42 g100 pppd[3716]: peer refused to authenticate:
> > > terminating
> > > > link
> > > > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP TermReq id=0x3 "peer
> refused
> > > to
> > > > authenticate"]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP DiscReq id=0x27
> > > magic=0x9ec980f1]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP EchoRep id=0x0
> > > magic=0x9ec980f1
> > > > 2a 15 fe 3c]
> > > > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP TermAck id=0x3]
> > > >
> > > >
> > > > Então o lógico e natural seria assumir que a autenticação não é PAP,
> > > porém
> > > > outro modem conecta sem problemas:
> > > >
> > > >
> > > > Connect: ppp0 <--> /dev/ttyUSB3
> > > > sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa053d16f> <pcomp>
> > > <accomp>]
> > > > rcvd [LCP ConfReq id=0x0 <asyncmap 0x0> <auth chap MD5> <magic
> > 0xf12a90>
> > > > <pcomp> <accomp>]
> > > > sent [LCP ConfNak id=0x0 <auth chap MS-v2>]
> > > > rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xa053d16f> <pcomp>
> > > <accomp>]
> > > > rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0xf12a90>
> > > <pcomp>
> > > > <accomp>]
> > > > sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth pap> <magic 0xf12a90>
> > > <pcomp>
> > > > <accomp>]
> > > > sent [LCP EchoReq id=0x0 magic=0xa053d16f]
> > > > sent [PAP AuthReq id=0x1 user="secret" password=<hidden>]
> > > > rcvd [LCP DiscReq id=0x2 magic=0xf12a90]
> > > > rcvd [LCP EchoRep id=0x0 magic=0xf12a90 a0 53 d1 6f]
> > > > rcvd [PAP AuthAck id=0x1 ""]
> > > > PAP authentication succeeded
> > > > sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
> > > > rcvd [IPCP ConfNak id=0x1 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 10.11.12.13>
> <ms-dns2
> > > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > rcvd [IPCP ConfNak id=0x2 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > sent [IPCP ConfReq id=0x3 <addr 0.0.0.0> <ms-dns1 10.11.12.13>
> <ms-dns2
> > > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > rcvd [IPCP ConfNak id=0x3 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > sent [IPCP ConfReq id=0x4 <addr 0.0.0.0> <ms-dns1 10.11.12.13>
> <ms-dns2
> > > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > rcvd [IPCP ConfNak id=0x4 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > sent [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-dns1 10.11.12.13>
> <ms-dns2
> > > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > rcvd [IPCP ConfNak id=0x5 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > sent [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 10.11.12.13>
> <ms-dns2
> > > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > rcvd [IPCP ConfNak id=0x6 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > > > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > sent [IPCP ConfReq id=0x7 <addr 0.0.0.0> <ms-dns1 10.11.12.13>
> <ms-dns2
> > > > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > > > rcvd [IPCP ConfReq id=0x0]
> > > > sent [IPCP ConfNak id=0x0 <addr 0.0.0.0>]
> > > > rcvd [IPCP ConfRej id=0x7 <ms-wins 10.11.12.13> <ms-wins
> 10.11.12.14>]
> > > > sent [IPCP ConfReq id=0x8 <addr 0.0.0.0> <ms-dns1 10.11.12.13>
> <ms-dns2
> > > > 10.11.12.14>]
> > > > rcvd [IPCP ConfReq id=0x1]
> > > > sent [IPCP ConfAck id=0x1]
> > > > rcvd [IPCP ConfNak id=0x8 <addr 10.48.5.40> <ms-dns1 10.61.255.62>
> > > <ms-dns2
> > > > 200.153.0.68>]
> > > > sent [IPCP ConfReq id=0x9 <addr 10.48.5.40> <ms-dns1 10.61.255.62>
> > > <ms-dns2
> > > > 200.153.0.68>]
> > > > rcvd [IPCP ConfAck id=0x9 <addr 10.48.5.40> <ms-dns1 10.61.255.62>
> > > <ms-dns2
> > > > 200.153.0.68>]
> > > > Could not determine remote IP address: defaulting to 10.64.64.64
> > > > local  IP address 10.48.5.40
> > > > remote IP address 10.64.64.64
> > > > primary   DNS address 10.61.255.62
> > > > secondary DNS address 200.153.0.68
> > > >
> > > >
> > > > Infelizmente ainda não consegui um contato direto com a operadora.
> > > >
> > > > Muito obrigado pela ajuda Bruno, se houver outra dica ficarei
> > > extramemente
> > > > agradecido.
> > > >
> > > > Obrigado.
> > > >
> > > > Hamilton Vera
> > > >
> > > > Em 30 de janeiro de 2012 13:01, Bruno Cabral <bruno at openline.com.br
> > > >escreveu:
> > > >
> > > > >
> > > > > Tentou "+pap" ou "pap" no options.pppd ?
> > > > > !3runo Cabral--Cursos e Consultoria BGP/OSPF
> > > > >
> > > > > > Estou utilizando o modem Huawei EM 770W para utilizar os serviços
> > de
> > > > > "VPN"
> > > > > > da vivo "zapvpn.vivo.com.br" . Pelo que percebi esse serviço
> > > utiliza a
> > > > > > autenticação PAP.
> > > > > >
> > > > > > Infelizmente o modem EM 770W por algum motivo desconhecido só
> tenta
> > > > > > negociar MS-CHAP. Já tentei várias opções no PPPD do linux para
> > > forçar
> > > > > > negociação PAP:
> > > > > (...)> -chap
> > > > > > refuse-chap
> > > > > > refuse-mschap
> > > > > > refuse-mschap-v2
> > > > >
> > > > > __
> > > > > masoch-l list
> > > > > https://eng.registro.br/mailman/listinfo/masoch-l
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > http://hvera.wordpress.com
> > > > __
> > > > masoch-l list
> > > > https://eng.registro.br/mailman/listinfo/masoch-l
> > >
> > > __
> > > masoch-l list
> > > https://eng.registro.br/mailman/listinfo/masoch-l
> > >
> >
> >
> >
> > --
> >
> > Atenciosamente
> > Luiz Fernando Machado
> > __
> > masoch-l list
> > https://eng.registro.br/mailman/listinfo/masoch-l
> >
>
>
>
> --
> http://hvera.wordpress.com
> __
> masoch-l list
> https://eng.registro.br/mailman/listinfo/masoch-l
>



-- 

Atenciosamente
Luiz Fernando Machado



More information about the masoch-l mailing list