Skip to content
peap-ms-chap v2 patch for linux pppd
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md update readme Nov 7, 2018
peap.patch remove gcrypt.h dep Jan 28, 2018

README.md

peap

Patch for PPP daemon that implements PEAP-MS-CHAP v2 auth

Installing

Patch modifies default setup location, from /usr/local to /usr. So make sure you run a proper pppd after installation.

wget -c https://download.samba.org/pub/ppp/ppp-2.4.7.tar.gz
tar -xvf ppp-2.4.7.tar.gz
cd ppp-2.4.7
patch -p1 < peap.patch
sudo apt-get install gnutls-dev
./configure
make
sudo make install

Here is how to configure peer in /etc/ppp/peers/:

pty "pptp <SERVER> --nolaunchpppd"
name login@domain.com
remotename login@domain.com
ipparam <TUNNEL>
require-mppe-128
usepeerdns
nodefaultroute
noauth

And chap file /etc/ppp/chap-secrets:

# client        server  secret                  IP addresses
login@domain.com * password *

If you specify a login in different manner(without @) you'll get a segmentation fault, I didn't have much time to implement proper error checking

Here is how to connect:

pon <TUNNEL>

or for debugging:

pppd call <TUNNEL> debug nodetach 

more on PEAP

https://msdn.microsoft.com/en-us/library/cc754179(v=ws.11).aspx

You might need to reconfigure RRAS server and configure the EAP Payload Size and set MTU to 1344. EAP doesn't support fragmentation per RFC but Microsoft implemented EAP fragmentation, however Linux PPP daemon doesn't support it, and will discard packets that are larger than MRU MTU negotiated during LCP

https://technet.microsoft.com/en-us/library/cc755205(v=ws.10).aspx

You can’t perform that action at this time.