On Sat, 28 Mar 2009, Alan DeKok wrote:
Mike Diggins wrote:I have a cisco vpn3030 concentrator with both IPSec and PPTP clients. IPSec clients can successfully connect using my FreeRadius 2.1.3 server. They use PAP, I believe. My PPTP clients are failing to connect. Every indication on the Radius server is they have authenticated successfully, although the client says no (both Macintosh and Windows XP clients). When I point my cisco vpn3030 back to the CiscoSecure Radius server they use now (what I'm migrating from), the clients work again. There must be something different about the reply from each server. Any idea what might be happening?The replies are different, and the VPN3030 doesn't like the replies. So... run "tcpdump", or "radsniff" on the packets from your old server. See what is in the packets, and then make FreeRADIUS respond with the same content. That's it.
I used wireshark to capture the working and non-working PPTP authentication. There is a difference, but I don't know how to interpret what's missing on the failed reply. Anyone want to have a look? Files are attached (I hope).
-Mike
pptp.working.pcap
Description: Binary data
pptp.notworking.pcap
Description: Binary data
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
