I've got a server running with the following changes compared to vanilla:
MS-CHAP-MPPE-Keys := "0x00112233445566778899aabbccddeeff"
The addition of MS-CHAP-MPPE-Keys breaks things. The relevant parts of the logging:
# (14) is the packet sent in the proxy
(14) Sent Access-Accept Id 172 from 127.0.0.1:1812 to 127.0.0.1:53383 length 0
(14) MS-CHAP-MPPE-Keys = 0x00112233445566778899aabbccddeeff
(14) MS-MPPE-Encryption-Policy = Encryption-Allowed
(14) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(14) MS-MPPE-Send-Key = 0x90dec0482f4e19030a19e272668e4982
(14) MS-MPPE-Recv-Key = 0x740d206d5db3758925e23aa851832868
(14) EAP-Message = 0x030a0004
(14) Message-Authenticator = 0x00000000000000000000000000000000
(14) User-Name = 'bob'
(14) Proxy-State = 0x3130
(14) Finished request
# (13) is the packet received in proxy-inner-tunnel
(13) Received Access-Accept Id 172 from 127.0.0.1:1812 to 127.0.0.1:53383 length 185
(13) MS-CHAP-MPPE-Keys = 0x
(13) MS-MPPE-Encryption-Policy = Encryption-Allowed
(13) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(13) MS-MPPE-Send-Key = 0x90dec0482f4e19030a19e272668e4982
(13) MS-MPPE-Recv-Key = 0x740d206d5db3758925e23aa851832868
(13) EAP-Message = 0x030a0004
(13) Message-Authenticator = 0x89f4793a5af105e0cbb541497226751d
(13) User-Name = 'bob'
(13) Proxy-State = 0x3130
(15) Sent Access-Accept Id 11 from 127.0.0.1:1812 to 127.0.0.1:51946 length 0
(15) MS-CHAP-MPPE-Keys = 0x
(15) User-Name = 'bob'
(15) MS-MPPE-Recv-Key = 0x0b4a833cab9e2a0975b89fb27204f8292d8ffad09c3c03c542173bb7d33e53d4
(15) MS-MPPE-Send-Key = 0x8f9886bdb0796cd4f2ee84b0ed760d35077cfbb35312fb592bdcb818caa220f2
(15) EAP-Message = 0x030b0004
(15) Message-Authenticator = 0x00000000000000000000000000000000
(15) ERROR: Failed sending reply: ERROR: Cannot encode NULL data
MS-MPPE-Send-Key is an attribute of type octets where the setting encrypt=1 is added. Changing the type to string, removing the encrypt attribute, or changing the value of encrypt to 2 fixes the problem. I except that something in the en/decrypt logic can't handle this type correctly.
(And I fully agree that this case shouldn't have an MS-CHAP-MPPE-Keys attributes, because it isn't MSCHAP version 1. However, this still shouldn't break things)
Shorten passwords from the end. Fixes #1013
The fixes work. Sort of. If the MPPE-Key attribute has one or more zeros at the end, it will still get chopped. There really isn't much you can do about that.
The MS-MPPE-Send-Key use the Tunnel-Password encryption method, precisely to get around these kinds of issues. That method includes a "decrypted length" field, so the problem seen here is avoided.