This website uses cookies. If you continue using this website you agree to use cookies. More information.

deutschenglish

CompanyJobsw3/blogHow to find us

DEEN

News from w3logistics

w3/blog – The w3logistics Blog

12. Februar 2019

EAP-MSCHAPv2 for pppd-2.4.7

Abgelegt unter: Hacker's Corner — Thomas Omerzu @ 15:34

Recently, a customer wanted us to connect to his servers in a Microsoft Azure Cloud environment.

This connection required an SSTP tunnel with EAP-MSCHAPv2 authentication. We didn’t want to use the provided VPN client for Windows, but rather preferred to use our Linux gateway to make the connection.

An SSTP client for Linux is available at Sourceforge, but unfortunately the current pppd-2.4.7 does not support the required EAP encapsulated MSCHAPv2 authentication.

There is a patch implementing a PEAP encapsulated MSCHAPv2 at Github, but this didn’t solve our problem either, as the gateway doesn’t support PEAP.

Inspired by that implementation, we created our own EAP-MSCHAPv2 patch for pppd-2.4.7, which you can download here.

The implementation is incomplete in the way that only client mode is supported. Nevertheless, it works well for us. Please use at own risk.

7 Kommentare »

  1. Frode Lillevold sagt:

    Download link is not working, could you please update it?

    1. Thomas Omerzu sagt:

      Sorry for that, just fixed it!

  2. Eivind Naess sagt:

    Is there possible to have you help push this patch upstream to the pppd project. Please see here: https://github.com/paulusmack/ppp/pull/139

    The patch needs to have you sign-off on it.

  3. David P. sagt:

    Hi Thomas,
    I’ve followed your instructions closely but keep getting an error message.
    Connection was aborted, Reason was not known.
    In the logs it’s saying auth eap
    I’m running ubuntu 18.04.5 (sstp-client version 1.0.12)
    Which OS did you use?
    Kind regards,
    David

    1. Thomas Omerzu sagt:

      Hi David, for the original build we used a Slackware 14.2 system. This should only influence details of the built process.
      Without more detailed information of the steps of the connection dialog it is impossible to say what’s going wrong at your system.
      You should be able to find that in the ppp debug logs, maybe you need to increase the log level verbosity.
      With best regards, Thomas.

      1. David P. sagt:

        Thanks Thomas, I got it working.
        I think the problem was that the sstp-client was using an already pre-installed pppd.
        I uninstalled it first (apt remove ppp) and compiled ppp with your patch (I then also compiled the sstp-client, rather than using the packages) and it worked out great!
        Can I reference this site on a message board?
        Kind regards,
        David

        1. Thomas Omerzu sagt:

          Hi David,
          good to hear that you were successful!
          And yes, of course you may reference our web site.
          With best regards,
          Thomas.


Schreibe einen Kommentar zu Thomas Omerzu Antworten abbrechen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.