PPP,IAS und VISTA

Forum zum Thema allgemeinen Fragen zu VPN

Moderator: Lancom-Systems Moderatoren

Antworten
mschoner
Beiträge: 1
Registriert: 25 Sep 2008, 22:59

PPP,IAS und VISTA

Beitrag von mschoner »

Hallo zusammen,

ich habe einen LANCOM 1711 VPN. Über den LANCOM soll eine unverschlüsselte PPP-Verbindung aufgebaut werden. Diese Verbindung solle über einen Radius-Server (Windows IAS) authentifiziert werden.
Folgende Probleme treten dabei auf:

1) Es kann keine Authentifizierung mit Radius durchgeführt werden!
Der LANCOM leitet die Authentifizierungs zum IAS weiter aber der IAS meldet dass die Connection Policy nicht erfüllt wird.
Habe am IAS in der ConnectionPolicy nur eine Client NAS-IP eingetragen.
Der Windows VPN-Client bleibt immer bei "Benutzername und Kennwort werden verifiziert ..." stehen.
Wenn ich mit einem Radius Testtool eine Authentifizierung gegen den IAS durchführe funktionierts!

Welche spezielle Einstellungen braucht der LANCOM bzw. der IAS?

Hier der Trace:

------------------------------------------------------------------------------

[PPP] 2008/09/25 23:21:49,860
PPTP control channel: connect from 12.3.4.55


[PPP] 2008/09/25 23:21:53,000
PPTP control channel: received StartControlConnectionRequest message
PPTP control channel: StartControlConnectionReply sent


[PPP] 2008/09/25 23:21:53,000
PPTP call control: received OutgoingCallRequest for call id 60230
PPTP call control: set remote window to 32 for DEFAULT
PPTP call control: OutgoingCallReply sent for call id 57247
PPTP call control: SetLinkInfo sent for call id 57247 with SendACCM=0x00000000 and ReceiveACCM=0x000
00000
PPTP call control: connect indication for PPP sent


[PPP] 2008/09/25 23:21:53,000
Change phase to ESTABLISH
Lower-Layer-Up event for LCP
Initializing LCP restart timer to 3000 milliseconds
Waiting up to 3000ms for connection
Starting LCP restart timer with 3000 milliseconds


[PPP] 2008/09/25 23:21:53,020
PPTP call control: received SetLinkInfo for call id 57247 with SendACCM=0xffffffff, ReceiveACCM=0xff
ffffff


[PPP] 2008/09/25 23:21:53,030

Received LCP frame from peer DEFAULT (channel 0)
Stop waiting for connection
Stopping LCP restart timer
Initializing LCP restart timer to 3000 milliseconds
Generating LCP configure-request for peer DEFAULT
Inserting local MRU 1460
Inserting local authentication protocol PAP
Inserting local magic number a13f4e39
Sending LCP configure-request with ID 00 and length 18 to peer DEFAULT (channel 0)
Starting LCP restart timer with 3000 milliseconds
Evaluate configure-request with ID 00 and size 21
Peer MRU 1400 accepted
Peer magic number 50ae7578 accepted
Peer requests protocol field compression, rejected
Peer requests address- and controlfield compression, rejected
Peer requests callback via callback control protocol, rejected
Negative Configure-Request-Received event for LCP
Sending LCP configure-reject with ID 00 and length 11 to peer DEFAULT (channel 0)


[PPP] 2008/09/25 23:21:53,130

Received LCP frame from peer DEFAULT (channel 0)
Evaluate configure-nak with ID 00 and size 9
Peer NAKs for authentication protocol c223, ignore NAK
Configure-Nak/Rej-Received event for LCP
Initializing LCP restart timer to 3000 milliseconds
Generating LCP configure-request for peer DEFAULT
Inserting local MRU 1460
Inserting local authentication protocol PAP
Inserting local magic number a13f4e39
Sending LCP configure-request with ID 02 and length 18 to peer DEFAULT (channel 0)
Starting LCP restart timer with 3000 milliseconds


[PPP] 2008/09/25 23:21:53,140

Received LCP frame from peer DEFAULT (channel 0)
Evaluate configure-request with ID 01 and size 14
Peer MRU 1400 accepted
Peer magic number 50ae7578 accepted
Positive Configure-Request-Received event for LCP
Sending LCP configure-ack with ID 01 and length 14 to peer DEFAULT (channel 0)


[PPP] 2008/09/25 23:21:53,140

Received LCP frame from peer DEFAULT (channel 0)
Evaluate configure-nak with ID 02 and size 9
Peer NAKs for authentication protocol CHAP with DES encryption
Local setting is PAP
Configure-Nak/Rej-Received event for LCP
Initializing LCP restart timer to 3000 milliseconds
Generating LCP configure-request for peer DEFAULT
Inserting local MRU 1460
Inserting local authentication protocol CHAP with DES encryption
Inserting local magic number a13f4e39
Sending LCP configure-request with ID 04 and length 19 to peer DEFAULT (channel 0)
Starting LCP restart timer with 3000 milliseconds


[PPP] 2008/09/25 23:21:53,150

Received LCP frame from peer DEFAULT (channel 0)
Evaluate configure-ack with ID 04 and size 19
Configure-Ack-Received event for LCP
Initializing LCP restart timer to 3000 milliseconds
This-Layer-Up action for LCP
Change phase to AUTHENTICATE

Sending CHAP-Challenge to peer DEFAULT (channel 0)
Challenge = 00 00 00 96 16 2c 00 00
Stopping LCP restart timer


[PPP] 2008/09/25 23:21:53,150

Received LCP frame from peer DEFAULT (channel 0)
Unknown-Code-Received event for LCP
Sending LCP code-reject with ID 05 and length 22 to peer DEFAULT (channel 0)


[PPP] 2008/09/25 23:21:53,150

Received LCP frame from peer DEFAULT (channel 0)
Unknown-Code-Received event for LCP
Sending LCP code-reject with ID 06 and length 27 to peer DEFAULT (channel 0)


[PPP] 2008/09/25 23:21:53,170

Received CHAP frame from peer DEFAULT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=15) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:21:53,170
PPTP call control: received SetLinkInfo for call id 57247 with SendACCM=0xffffffff, ReceiveACCM=0xff
ffffff


[PPP] 2008/09/25 23:21:55,040

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=16) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:21:57,040

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=17) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:21:58,150

Rx-Authentication retry timeout for peer RSUPPORT

Sending CHAP-Challenge to peer RSUPPORT (channel 0)
Challenge = 00 00 00 96 1b 2c 00 00


[PPP] 2008/09/25 23:21:58,150

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=18) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:00,040

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=19) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:02,040

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=20) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:03,150

Rx-Authentication retry timeout for peer RSUPPORT

Sending CHAP-Challenge to peer RSUPPORT (channel 0)
Challenge = 00 00 00 96 20 2c 00 00


[PPP] 2008/09/25 23:22:03,150

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=21) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:05,040

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=22) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:07,040

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=23) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:08,150

Rx-Authentication retry timeout for peer RSUPPORT

Sending CHAP-Challenge to peer RSUPPORT (channel 0)
Challenge = 00 00 00 96 25 2c 00 00


[PPP] 2008/09/25 23:22:08,150

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=24) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:10,040

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=25) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:12,040

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=26) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:13,150

Rx-Authentication retry timeout for peer RSUPPORT

Sending CHAP-Challenge to peer RSUPPORT (channel 0)
Challenge = 00 00 00 96 2a 2c 00 00


[PPP] 2008/09/25 23:22:13,150

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=27) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:13,170
RADIUS response received for peer RSUPPORT (channel 0) but id 15 does not mtach 27


[PPP] 2008/09/25 23:22:15,040
RADIUS response received for peer RSUPPORT (channel 0) but id 16 does not mtach 27


[PPP] 2008/09/25 23:22:15,040

Received CHAP frame from peer RSUPPORT (channel 0)
Got CHAP-Response from peer RSUPPORT, length = 49
Searching peer RSUPPORT in PPP table...peer not found
Radius request (id=28) sent for peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:17,040
RADIUS response received for peer RSUPPORT (channel 0) but id 17 does not mtach 28


[PPP] 2008/09/25 23:22:17,050
PPTP call control: received SetLinkInfo for call id 57247 with SendACCM=0xffffffff, ReceiveACCM=0xff
ffffff


[PPP] 2008/09/25 23:22:17,050

Received LCP frame from peer RSUPPORT (channel 0)
Terminate-Request-Received event for LCP


[PPP] 2008/09/25 23:22:17,050
This-Layer-Down action for LCP
Lower-Layer-Down event for BACP
Lower-Layer-Down event for CCP
Lower-Layer-Down event for IPCP
Lower-Layer-Down event for IPXCP
Resetting LCP restart timer with 3000 milliseconds
Change phase to TERMINATE
Sending LCP terminate-request with ID 07 and length 4 to peer RSUPPORT (channel 0)
Starting LCP restart timer with 3000 milliseconds
Sending LCP terminate-ack with ID 00 and length 4 to peer RSUPPORT (channel 0)


[PPP] 2008/09/25 23:22:17,050
Change phase to DEAD
Stopping LCP restart timer
Stopping IPXCP restart timer
Stopping IPCP restart timer
Stopping CCP restart timer
Stopping BACP restart timer


[PPP] 2008/09/25 23:22:17,050
PPTP call control: DisconnectNotify sent for call id 57247
PPTP call control: disconnected call id 57247


[PPP] 2008/09/25 23:22:17,070
PPTP: Disconnect info: remote-disconnected (0x4301) for RSUPPORT (84.150.7.250)

[PPP] 2008/09/25 23:22:17,100
PPTP call control: received CallClearRequest - call id 60230 not found


[PPP] 2008/09/25 23:22:17,100
PPTP call control: call destroyed


[PPP] 2008/09/25 23:22:17,100
PPTP control channel: closing TCP connection


[PPP] 2008/09/25 23:22:17,100
PPTP control channel: TCP connection closed
PPTP control channel: TCP job destroyed
--------------------------------------------------------------------------

2) Wenn ich mit VISTA versuche eine Verbindung zum LANCOM über PPP mit einer Authentifizierung am LANCOM aufzubauen schlägt die Verbindung fehl.
Mit XP kann ich ein Verbindung aufbauen.
Wird VISTA bei PPP Verbindungen vom LANCOM nicht unterstützt?

Vielen Dank und Grüße
Martin
Nach oben
backslash
Moderator
Moderator
Beiträge: 7149
Registriert: 08 Nov 2004, 21:26
Wohnort: Aachen

Beitrag von backslash »

Hi mschoner

das Problem ist, daß der RADIUS-Server über 10 Sekunden braucht, bis er antwortet. Hier ist der Requst:

Code: Alles auswählen

[PPP] 2008/09/25 23:21:53,170 

Received CHAP frame from peer DEFAULT (channel 0) 
Got CHAP-Response from peer RSUPPORT, length = 49 
Searching peer RSUPPORT in PPP table...peer not found 
Radius request (id=15) sent for peer RSUPPORT (channel 0)


und hier die Antwort

Code: Alles auswählen

[PPP] 2008/09/25 23:22:13,170 
RADIUS response received for peer RSUPPORT (channel 0) but id 15 does not mtach 27
In der Zwischenzeit hat das LANCOM schon x weitere Anfragen an den Server geshickt und verwirft die "verspätete" Antwort einfach.

Die Frage ist jetzt, warum der Server so lange braucht. Ggf. ist die RADIUS-Anfrage des LANCOMs für eine MS-CHAP Authentifizierung falsch. Um das zu prüfen kannst du bei dem Einwählenden das Authentifitierungsprotokoll mal manuell auf nur CHAP stellen. Wenn das ein Windows-Client ist, hakt du unter Eigenschaften der PPTP-Verbinung -> Sicherheit -> Erweitert (benutzerdefiniert Einstellungen) -> Einstellungen nur CHAP an.

Wenn der IAS dann imer noch 10 Sekunden zur Authentifitzierung braucht, dann mußt du den User im LANCOM lokal eintragen

Gruß
Backslash
Nach oben
Benutzeravatar
alf29
Moderator
Moderator
Beiträge: 6214
Registriert: 07 Nov 2004, 19:33
Wohnort: Aachen
Kontaktdaten:
Kontaktdaten von alf29

Beitrag von alf29 »

Moin,
Ggf. ist die RADIUS-Anfrage des LANCOMs für eine MS-CHAP Authentifizierung falsch.
Da würde ich von ausgehen, daß das im Moment nicht klappt. Für MS-CHAP bzw. MC-CHAPv2 gehen
einige Microsoft-eigene Attribute an den Server. Würde mich sehr wundern, wenn das PPP im LANCOM
die im Moment kann. Schauen wir uns nach meinem Urlaub mal an ;-)

Gruß Alfred
“There is no death, there is just a change of our cosmic address."
-- Edgar Froese, 1944 - 2015
Nach oben
Antworten

Zurück zu „Fragen zum Thema VPN“