PPPoE connection closing right after authentication?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

PPPoE connection closing right after authentication?

Jon Martin
I'm hoping someone can do a sanity check for me.

I'm trying to get an OpenBSD 6.2 router working with Teksavvy DSL.
Teksavvy uses PPPoE over Telus DSL.  It seems to authenticate just fine,
but then my box immediately terminates the connection?

My hostname.pppoe0, pretty much straight out of the man pages:

inet 0.0.0.0 255.255.255.255 NONE \
  pppoedev em0 \
  authproto pap authname '[hidden email]' authkey 'HiThere' \
  up debug
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1

Explicity turning off the dial-on-demand link1 flag does not change the
behaviour I'm seeing.  I have put the logs created by the debug flag at
the bottom of this message.

A tcpdump of what goes across em0, with some of my observations and
suspicions inline:

03:42:32.481632 :MY_ROUTER: Broadcast 8863 32: PPPoE-Discovery
        code Initiation, version 1, type 1, id 0x0000, length 12
        tag Service-Name, length 0
        tag Host-Uniq, length 4 K\200H\214
03:42:32.481828 :MY_ROUTER: Broadcast 8863 32: PPPoE-Discovery
        code Initiation, version 1, type 1, id 0x0000, length 12
        tag Service-Name, length 0
        tag Host-Uniq, length 4 K\200H\214
03:42:32.482017 :MY_ROUTER: Broadcast 8863 32: PPPoE-Discovery
        code Initiation, version 1, type 1, id 0x0000, length 12
        tag Service-Name, length 0
        tag Host-Uniq, length 4 K\200H\214
03:42:32.496674 00:90:1a:a0:91:66 :MY_ROUTER: 8863 68: PPPoE-Discovery
        code Offer, version 1, type 1, id 0x0000, length 48
        tag AC-Name, length 12 EDTNABXTAR03
        tag Host-Uniq, length 4 K\200H\214
        tag Service-Name, length 0
        tag AC-Cookie, length 16 \222\377q-,p\230I\037:t\250\251\322\031h
03:42:32.500635 00:90:1a:a0:91:66 :MY_ROUTER: 8863 68: PPPoE-Discovery
        code Offer, version 1, type 1, id 0x0000, length 48
        tag AC-Name, length 12 EDTNABXTAR03
        tag Host-Uniq, length 4 K\200H\214
        tag Service-Name, length 0
        tag AC-Cookie, length 16 \222\377q-,p\230I\037:t\250\251\322\031h
03:42:32.504625 00:90:1a:a0:91:66 :MY_ROUTER: 8863 68: PPPoE-Discovery
        code Offer, version 1, type 1, id 0x0000, length 48
        tag AC-Name, length 12 EDTNABXTAR03
        tag Host-Uniq, length 4 K\200H\214
        tag Service-Name, length 0
        tag AC-Cookie, length 16 \222\377q-,p\230I\037:t\250\251\322\031h
03:42:32.506573 :MY_ROUTER: 00:90:1a:a0:91:66 8863 52: PPPoE-Discovery
        code Request, version 1, type 1, id 0x0000, length 32
        tag Service-Name, length 0
        tag AC-Cookie, length 16 \222\377q-,p\230I\037:t\250\251\322\031h
        tag Host-Uniq, length 4 K\200H\214
03:42:32.631874 00:90:1a:a0:91:66 :MY_ROUTER: 8863 60: PPPoE-Discovery
        code Confirm, version 1, type 1, id 0x17a6, length 12
        tag Service-Name, length 0
        tag Host-Uniq, length 4 K\200H\214
03:42:32.650084 :MY_ROUTER: 00:90:1a:a0:91:66 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
03:42:32.838573 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 21
        LCP: Configure-Request, Max-Rx-Unit=1460, Auth-Prot CHAP/MD5, Magic-Number=306492429, Vendor-Ext
03:42:32.848645 :MY_ROUTER: 00:90:1a:a0:91:66 8864 31: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 11
        LCP: Configure-Nak, Auth-Prot PAP[|lcp]

*** ^ This might be significant.  The only clue I have found online, from
over five years ago, is that Telus sends a CHAP challenge first, then when
there is a valid response to that they start PAP authentication. ***

03:42:32.848654 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
03:42:33.641445 :MY_ROUTER: 00:90:1a:a0:91:66 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
03:42:33.650921 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
03:42:34.641457 :MY_ROUTER: 00:90:1a:a0:91:66 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
03:42:34.650908 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
03:42:35.641449 :MY_ROUTER: 00:90:1a:a0:91:66 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
03:42:35.651171 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
03:42:35.834563 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 20
        LCP: Configure-Request, Max-Rx-Unit=1460, Auth-Prot PAP, Magic-Number=306492429, Vendor-Ext
03:42:35.844618 :MY_ROUTER: 00:90:1a:a0:91:66 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 20
        LCP: Configure-Ack, Max-Rx-Unit=1460, Auth-Prot PAP, Magic-Number=306492429[|lcp]
03:42:35.854660 :MY_ROUTER: 00:90:1a:a0:91:66 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
03:42:36.434842 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 20
        LCP: Configure-Request, Max-Rx-Unit=1452, Auth-Prot PAP, Magic-Number=1462616641, Vendor-Ext
03:42:36.444922 :MY_ROUTER: 00:90:1a:a0:91:66 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 20
        LCP: Configure-Ack, Max-Rx-Unit=1452, Auth-Prot PAP, Magic-Number=1462616641[|lcp]
03:42:36.454959 :MY_ROUTER: 00:90:1a:a0:91:66 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
03:42:36.476793 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
03:42:36.486873 :MY_ROUTER: 00:90:1a:a0:91:66 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
03:42:36.806113 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 7
        PAP: Authenticate-Ack
03:42:36.816167 :MY_ROUTER: 00:90:1a:a0:91:66 8864 26: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 6
        LCP: Terminate-Request

*** ^ I'm sending a Terminate-Request right after I get the Auth-Ack. ***

03:42:36.836379 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x17a6, length 6
        LCP: Terminate-Ack
03:42:36.866533 :MY_ROUTER: 00:90:1a:a0:91:66 8863 20: PPPoE-Discovery
        code Terminate, version 1, type 1, id 0x17a6, length 0


So is me sending a Terminate-Request the problem, or a symptom of a problem?
If what I read from 2012 is correct and I need to respond to both CHAP and
PAP, what is the syntax for that?


/var/log/messages:
Mar 20 03:42:32 sork /bsd: pppoe0 (8863) state=2, session=0x0 output -> 00:90:1a:a0:91:66, len=38
Mar 20 03:42:32 sork /bsd: pppoe0: received unexpected PADO
Mar 20 03:42:32 sork /bsd: pppoe0: received unexpected PADO
Mar 20 03:42:32 sork /bsd: pppoe0: session 0x17a6 connected
Mar 20 03:42:32 sork /bsd: pppoe0: lcp up(starting)
Mar 20 03:42:32 sork /bsd: pppoe0: lcp starting->req-sent
Mar 20 03:42:32 sork /bsd: pppoe0: lcp output <conf-req id=0x1 len=14 05-06-db-2c-ea-8c-01-04-05-d4>
Mar 20 03:42:32 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=22
Mar 20 03:42:32 sork /bsd: pppoe0: lcp input(req-sent): <conf-req id=0x54 len=19 01-04-05-b4-03-05-c2-23-05-05-06-12-44-b4-0d-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Mar 20 03:42:32 sork /bsd: pppoe0: lcp parse opts: mru auth-proto magic
Mar 20 03:42:32 sork /bsd: pppoe0: lcp parse opt values: mru 1460 auth-proto [mine 0x0 != his chap] magic 0x1244b40d  send conf-nak
Mar 20 03:42:32 sork /bsd: pppoe0: lcp output <conf-nak id=0x54 len=9 03-05-c0-23-05>
Mar 20 03:42:32 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=17
Mar 20 03:42:32 sork /bsd: pppoe0: lcp input(req-sent): <conf-ack id=0x1 len=14 05-06-db-2c-ea-8c-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Mar 20 03:42:32 sork /bsd: pppoe0: lcp req-sent->ack-rcvd
Mar 20 03:42:33 sork /bsd: pppoe0: lcp TO(ack-rcvd) rst_counter = 10
Mar 20 03:42:33 sork /bsd: pppoe0: lcp ack-rcvd->req-sent
Mar 20 03:42:33 sork /bsd: pppoe0: lcp output <conf-req id=0x2 len=14 05-06-db-2c-ea-8c-01-04-05-d4>
Mar 20 03:42:33 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=22
Mar 20 03:42:33 sork /bsd: pppoe0: lcp input(req-sent): <conf-ack id=0x2 len=14 05-06-db-2c-ea-8c-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Mar 20 03:42:33 sork /bsd: pppoe0: lcp req-sent->ack-rcvd
Mar 20 03:42:34 sork /bsd: pppoe0: lcp TO(ack-rcvd) rst_counter = 10
Mar 20 03:42:34 sork /bsd: pppoe0: lcp ack-rcvd->req-sent
Mar 20 03:42:34 sork /bsd: pppoe0: lcp output <conf-req id=0x3 len=14 05-06-db-2c-ea-8c-01-04-05-d4>
Mar 20 03:42:34 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=22
Mar 20 03:42:34 sork /bsd: pppoe0: lcp input(req-sent): <conf-ack id=0x3 len=14 05-06-db-2c-ea-8c-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Mar 20 03:42:34 sork /bsd: pppoe0: lcp req-sent->ack-rcvd
Mar 20 03:42:35 sork /bsd: pppoe0: lcp TO(ack-rcvd) rst_counter = 10
Mar 20 03:42:35 sork /bsd: pppoe0: lcp ack-rcvd->req-sent
Mar 20 03:42:35 sork /bsd: pppoe0: lcp output <conf-req id=0x4 len=14 05-06-db-2c-ea-8c-01-04-05-d4>
Mar 20 03:42:35 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=22
Mar 20 03:42:35 sork /bsd: pppoe0: lcp input(req-sent): <conf-ack id=0x4 len=14 05-06-db-2c-ea-8c-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Mar 20 03:42:35 sork /bsd: pppoe0: lcp req-sent->ack-rcvd
Mar 20 03:42:35 sork /bsd: pppoe0: lcp input(ack-rcvd): <conf-req id=0x55 len=18 01-04-05-b4-03-04-c0-23-05-06-12-44-b4-0d-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Mar 20 03:42:35 sork /bsd: pppoe0: lcp parse opts: mru auth-proto magic
Mar 20 03:42:35 sork /bsd: pppoe0: lcp parse opt values: mru 1460 auth-proto magic 0x1244b40d send conf-ack
Mar 20 03:42:35 sork /bsd: pppoe0: lcp output <conf-ack id=0x55 len=18 01-04-05-b4-03-04-c0-23-05-06-12-44-b4-0d>
Mar 20 03:42:35 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=26
Mar 20 03:42:35 sork /bsd: pppoe0: lcp ack-rcvd->opened
Mar 20 03:42:35 sork /bsd: pppoe0: lcp tlu
Mar 20 03:42:35 sork /bsd: pppoe0: phase authenticate
Mar 20 03:42:35 sork /bsd: pppoe0: pap output <req id=0x5 len=34 16-MyTekAcct-40-74-65-6b-73-61-76-76-79-2e-63-6f-6d-06-HiThere>
Mar 20 03:42:35 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=42
Mar 20 03:42:36 sork /bsd: pppoe0: lcp input(opened): <conf-req id=0x81 len=18 01-04-05-ac-03-04-c0-23-05-06-57-2d-c2-41-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Mar 20 03:42:36 sork /bsd: pppoe0: lcp parse opts: mru auth-proto magic
Mar 20 03:42:36 sork /bsd: pppoe0: lcp parse opt values: mru 1452 auth-proto magic 0x572dc241 send conf-ack
Mar 20 03:42:36 sork /bsd: pppoe0: lcp output <conf-ack id=0x81 len=18 01-04-05-ac-03-04-c0-23-05-06-57-2d-c2-41>
Mar 20 03:42:36 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=26
Mar 20 03:42:36 sork /bsd: pppoe0: lcp opened->ack-sent
Mar 20 03:42:36 sork /bsd: pppoe0: phase terminate
Mar 20 03:42:36 sork /bsd: pppoe0: lcp output <conf-req id=0x6 len=14 05-06-db-2c-ea-8c-01-04-05-d4>
Mar 20 03:42:36 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=22
Mar 20 03:42:36 sork /bsd: pppoe0: lcp input(ack-sent): <conf-ack id=0x6 len=14 05-06-db-2c-ea-8c-01-04-05-d4-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Mar 20 03:42:36 sork /bsd: pppoe0: lcp ack-sent->opened
Mar 20 03:42:36 sork /bsd: pppoe0: lcp tlu
Mar 20 03:42:36 sork /bsd: pppoe0: phase authenticate
Mar 20 03:42:36 sork /bsd: pppoe0: pap output <req id=0x7 len=34 16-MyTekAcct-40-74-65-6b-73-61-76-76-79-2e-63-6f-6d-06-HiThere>
Mar 20 03:42:36 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=42
Mar 20 03:42:36 sork /bsd: pppoe0: pap success
Mar 20 03:42:36 sork /bsd: pppoe0: phase network
Mar 20 03:42:36 sork /bsd: pppoe0: ipcp open(initial)
Mar 20 03:42:36 sork /bsd: pppoe0: ipcp initial->starting
Mar 20 03:42:36 sork /bsd: pppoe0: ipcp_open(): no IP interface
Mar 20 03:42:36 sork /bsd: pppoe0: ipv6cp_open(): no IPv6 interface
Mar 20 03:42:36 sork /bsd: pppoe0: lcp close(opened)
Mar 20 03:42:36 sork /bsd: pppoe0: lcp opened->closing
Mar 20 03:42:36 sork /bsd: pppoe0: lcp output <term-req id=0x8 len=4>
Mar 20 03:42:36 sork /bsd: pppoe0 (8864) state=3, session=0x17a6 output -> 00:90:1a:a0:91:66, len=12
Mar 20 03:42:36 sork /bsd: pppoe0: phase terminate
Mar 20 03:42:36 sork /bsd: pppoe0: lcp input(closing): <term-ack id=0x8 len=4 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00>
Mar 20 03:42:36 sork /bsd: pppoe0: lcp closing->closed
Mar 20 03:42:36 sork /bsd: pppoe0: phase dead
Mar 20 03:42:36 sork /bsd: pppoe0: timeout
Mar 20 03:42:36 sork /bsd: pppoe0: disconnecting
Mar 20 03:42:36 sork /bsd: pppoe0: lcp down(closed)
Mar 20 03:42:36 sork /bsd: pppoe0: lcp closed->initial
Mar 20 03:42:36 sork /bsd: pppoe0: Down event (carrier loss), taking interface down.

Reply | Threaded
Open this post in threaded view
|

Re: PPPoE connection closing right after authentication?

Stuart Henderson
On 2018-03-20, Jon Martin <[hidden email]> wrote:

> I'm hoping someone can do a sanity check for me.
>
> I'm trying to get an OpenBSD 6.2 router working with Teksavvy DSL.
> Teksavvy uses PPPoE over Telus DSL.  It seems to authenticate just fine,
> but then my box immediately terminates the connection?
>
> My hostname.pppoe0, pretty much straight out of the man pages:
>
> inet 0.0.0.0 255.255.255.255 NONE \
>   pppoedev em0 \
>   authproto pap authname '[hidden email]' authkey 'HiThere' \

It's not clear from your mail, have you tried just using CHAP?


Reply | Threaded
Open this post in threaded view
|

Re: PPPoE connection closing right after authentication?

Gabriel Guzman-2
In reply to this post by Jon Martin
On 03/20, Jon Martin wrote:

> I'm hoping someone can do a sanity check for me.
>
> I'm trying to get an OpenBSD 6.2 router working with Teksavvy DSL.
> Teksavvy uses PPPoE over Telus DSL.  It seems to authenticate just fine,
> but then my box immediately terminates the connection?
>
> My hostname.pppoe0, pretty much straight out of the man pages:
>
> inet 0.0.0.0 255.255.255.255 NONE \
>   pppoedev em0 \
>   authproto pap authname '[hidden email]' authkey 'HiThere' \
>   up debug
> dest 0.0.0.1
> !/sbin/route add default -ifp pppoe0 0.0.0.1
>
> Explicity turning off the dial-on-demand link1 flag does not change the
> behaviour I'm seeing.  I have put the logs created by the debug flag at
> the bottom of this message.

I'm on teksavvy as well, only thing I had to do special was login to the
DSL modem and tell it to stop trying to login over PPPoE as well.  I
don't think you can be logged in twice.  Not sure this is your issue,
but might want to double check.

gabe.

Reply | Threaded
Open this post in threaded view
|

Re: PPPoE connection closing right after authentication?

Jon Martin
In reply to this post by Stuart Henderson
On Tue, Mar 20, 2018 at 10:27:16AM +0000, Stuart Henderson wrote:
>
> It's not clear from your mail, have you tried just using CHAP?

That's what I get for writing e-mails in the middle of the night.

I did try CHAP:

22:34:31.753153 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 21
     LCP: Configure-Request, Max-Rx-Unit=1460, Auth-Prot CHAP/MD5, Magic-Number=217270350, Vendor-Ext
22:34:31.763198 :MY_ROUTER: 00:90:1a:a0:91:66 8864 41: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 21
     LCP: Configure-Ack, Max-Rx-Unit=1460, Auth-Prot CHAP/MD5, Magic-Number=217270350[|lcp]
22:34:31.763211 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 16
     LCP: Configure-Ack, Magic-Number=1195066301, Max-Rx-Unit=1492, Vendor-Ext
22:34:31.774662 00:90:1a:a0:91:66 :MY_ROUTER: 8864 61: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 41
     CHAP: Challenge, Value=dd3d7a974dad042911fa8a11302ddd441774ec674e04, Name=EDTNABXTAR03[|chap]
22:34:31.784711 :MY_ROUTER: 00:90:1a:a0:91:66 8864 65: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 45
     CHAP: Response, Value=82b356cfa2aa9002b8998d4215abdd13, Name=[hidden email][|chap]
22:34:44.392624 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 20
     LCP: Configure-Request, Max-Rx-Unit=1452, Auth-Prot PAP, Magic-Number=235537185, Vendor-Ext
22:34:44.402667 :MY_ROUTER: 00:90:1a:a0:91:66 8864 30: PPPoE-Session
     code Session, version 1, type 1, id 0x0bd5, length 10
     LCP: Configure-Nak, Auth-Prot CHAP/[|lcp]

I get a challenge, I respond, then the remote asks for PAP, which I Nak
because I'm configured to use CHAP.  Unlike with PAP where it terminates,
my router and the remote system will then continue this argument until I
bring down the interface.

To me this further indicates a "double authentication": a CHAP challenge
followed by PAP authentication.  I have no idea how to set up a config
to answer that though.

Reply | Threaded
Open this post in threaded view
|

Re: PPPoE connection closing right after authentication?

Mihai Popescu-3
In reply to this post by Jon Martin
> To me this further indicates a "double authentication"

It is not clear what hardware you use in front of openbsd, but i guess
it is just a dsl modem.
Is it a pure modem, or maybe it has some router capabilities. If so,
is it configured to act as a bridge?

Can you get a conection on your ISP with other computer than openbsd one?

Reply | Threaded
Open this post in threaded view
|

Re: PPPoE connection closing right after authentication?

Jon Martin
On Fri, Mar 23, 2018 at 09:01:04PM +0200, Mihai Popescu wrote:
>
> It is not clear what hardware you use in front of openbsd, but i guess
> it is just a dsl modem.

It is.

> Is it a pure modem, or maybe it has some router capabilities. If so,
> is it configured to act as a bridge?

It is configured as a bridge.

> Can you get a conection on your ISP with other computer than openbsd one?

Yes, my Win 10 box can establish a PPPoE connection with the modem in
bridge mode.  I will see what WinDump or Wireshark can reveal about what
it is doing.

Reply | Threaded
Open this post in threaded view
|

Re: PPPoE connection closing right after authentication?

Sebastian Benoit
In reply to this post by Jon Martin
Jon Martin([hidden email]) on 2018.03.22 13:19:51 -0600:

> On Tue, Mar 20, 2018 at 10:27:16AM +0000, Stuart Henderson wrote:
> >
> > It's not clear from your mail, have you tried just using CHAP?
>
> That's what I get for writing e-mails in the middle of the night.
>
> I did try CHAP:
>
> 22:34:31.753153 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
>      code Session, version 1, type 1, id 0x0bd5, length 21
>      LCP: Configure-Request, Max-Rx-Unit=1460, Auth-Prot CHAP/MD5, Magic-Number=217270350, Vendor-Ext
> 22:34:31.763198 :MY_ROUTER: 00:90:1a:a0:91:66 8864 41: PPPoE-Session
>      code Session, version 1, type 1, id 0x0bd5, length 21
>      LCP: Configure-Ack, Max-Rx-Unit=1460, Auth-Prot CHAP/MD5, Magic-Number=217270350[|lcp]
> 22:34:31.763211 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
>      code Session, version 1, type 1, id 0x0bd5, length 16
>      LCP: Configure-Ack, Magic-Number=1195066301, Max-Rx-Unit=1492, Vendor-Ext
> 22:34:31.774662 00:90:1a:a0:91:66 :MY_ROUTER: 8864 61: PPPoE-Session
>      code Session, version 1, type 1, id 0x0bd5, length 41
>      CHAP: Challenge, Value=dd3d7a974dad042911fa8a11302ddd441774ec674e04, Name=EDTNABXTAR03[|chap]
> 22:34:31.784711 :MY_ROUTER: 00:90:1a:a0:91:66 8864 65: PPPoE-Session
>      code Session, version 1, type 1, id 0x0bd5, length 45
>      CHAP: Response, Value=82b356cfa2aa9002b8998d4215abdd13, Name=[hidden email][|chap]
> 22:34:44.392624 00:90:1a:a0:91:66 :MY_ROUTER: 8864 60: PPPoE-Session
>      code Session, version 1, type 1, id 0x0bd5, length 20
>      LCP: Configure-Request, Max-Rx-Unit=1452, Auth-Prot PAP, Magic-Number=235537185, Vendor-Ext
> 22:34:44.402667 :MY_ROUTER: 00:90:1a:a0:91:66 8864 30: PPPoE-Session
>      code Session, version 1, type 1, id 0x0bd5, length 10
>      LCP: Configure-Nak, Auth-Prot CHAP/[|lcp]
>
> I get a challenge, I respond, then the remote asks for PAP, which I Nak
> because I'm configured to use CHAP.  Unlike with PAP where it terminates,
> my router and the remote system will then continue this argument until I
> bring down the interface.
>
> To me this further indicates a "double authentication": a CHAP challenge
> followed by PAP authentication.  I have no idea how to set up a config
> to answer that though.

Yes, this is possible, and OpenBSD does not support this mode.

For example, this kind of authentication is used when your DSL is run by one
company who then gets your real ISP from your username and passes the
authentication session on to the radius server of your ISP. If the two ISPs
use different authentication protocols, you will see this behaviour.

/Benno

Reply | Threaded
Open this post in threaded view
|

Re: PPPoE connection closing right after authentication?

Jon Martin
In reply to this post by Jon Martin
On Fri, Mar 23, 2018 at 01:55:30PM -0600, Jon Martin wrote:
>
> Yes, my Win 10 box can establish a PPPoE connection with the modem in
> bridge mode.  I will see what WinDump or Wireshark can reveal about what
> it is doing.

Well well, this is interesting.  Win10 told to only use CHAP fails.  Told
to only use PAP works.  So double authentication must not be necessary.

My observations inline.  I edited out the timestamps and a bunch of other
things so I could do diffs across the various dumps I took.

Windows using only PAP:

%time% :TELUS: :WINDOWS: 8863 76: PPPoE-Discovery
        code Offer, version 1, type 1, id 0x0000, length 56
        tag AC-Name, length 12 EDTNABXTAR03
        tag Host-Uniq, length 12 \037\000\000\000\000\000\000\0002\000\000\000
        tag Service-Name, length 0
        tag AC-Cookie, length 16 \266b\003\242\336R\261\237\337\001\\200|\360\301\360
%time% :WINDOWS: :TELUS: 8863 60: PPPoE-Discovery
        code Request, version 1, type 1, id 0x0000, length 40
        tag Service-Name, length 0
        tag Host-Uniq, length 12 \037\000\000\000\000\000\000\0003\000\000\000
        tag AC-Cookie, length 16 \266b\003\242\336R\261\237\337\001\\200|\360\301\360
%time% :TELUS: :WINDOWS: 8863 60: PPPoE-Discovery
        code Confirm, version 1, type 1, id 0x1234, length 20
        tag Service-Name, length 0
        tag Host-Uniq, length 12 \037\000\000\000\000\000\000\0003\000\000\000
%time% :WINDOWS: :TELUS: 8864 43: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 23
        LCP: Configure-Request, Max-Rx-Unit=1480, Magic-Number=193158203, Prot-Field-Compr PFC, Add-Ctrl-Field-Compr ACFC, Call-Back[|lcp]

*** These extra fields are something OpenBSD doesn't do, but I don't think
    they are significant. ***

%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 21
        LCP: Configure-Request, Max-Rx-Unit=1460, Auth-Prot CHAP/MD5, Magic-Number=1287494669, Vendor-Ext
%time% :WINDOWS: :TELUS: 8864 30: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 10
        LCP: Configure-Nak, Auth-Prot PAP[|lcp]

*** Telus wants to do CHAP, Windows says no, just like Open does. ***

%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 9
        LCP: Configure-Reject, Call-Back, Vendor-Ext
%time% :WINDOWS: :TELUS: 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Request, Max-Rx-Unit=1480, Magic-Number=193158203, Prot-Field-Compr PFC, Add-Ctrl-Field-Compr ACFC[|lcp]
%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Request, Max-Rx-Unit=1460, Auth-Prot PAP, Magic-Number=1287494669, Vendor-Ext
%time% :WINDOWS: :TELUS: 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Ack, Max-Rx-Unit=1460, Auth-Prot PAP, Magic-Number=1287494669[|lcp]
%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Ack, Max-Rx-Unit=1480, Magic-Number=193158203, Prot-Field-Compr PFC, Add-Ctrl-Field-Compr ACFC, Vendor-Ext

*** Some arguing about configuration. ***

%time% :WINDOWS: :TELUS: 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: 0x0c
%time% :WINDOWS: :TELUS: 8864 45: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 25
        LCP: 0x0c
%time% :WINDOWS: :TELUS: 8864 46: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 26
        LCP: 0x0c

*** LCP identification packets? ***

%time% :WINDOWS: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
%time% :WINDOWS: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
%time% :WINDOWS: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
%time% :WINDOWS: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
%time% :WINDOWS: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
%time% :WINDOWS: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
%time% :WINDOWS: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere

*** I have no idea why Windows spams this. It also pops up a dialog three
    times to enter this. ***

%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Request, Max-Rx-Unit=1452, Auth-Prot PAP, Magic-Number=404795686, Vendor-Ext
%time% :WINDOWS: :TELUS: 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Request, Max-Rx-Unit=1480, Magic-Number=193158203, Prot-Field-Compr PFC, Add-Ctrl-Field-Compr ACFC[|lcp]
%time% :WINDOWS: :TELUS: 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Ack, Max-Rx-Unit=1452, Auth-Prot PAP, Magic-Number=404795686[|lcp]
%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Ack, Max-Rx-Unit=1480, Magic-Number=193158203, Prot-Field-Compr PFC, Add-Ctrl-Field-Compr ACFC, Vendor-Ext
%time% :WINDOWS: :TELUS: 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: 0x0c
%time% :WINDOWS: :TELUS: 8864 45: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 25
        LCP: 0x0c
%time% :WINDOWS: :TELUS: 8864 46: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 26
        LCP: 0x0c

*** Still arguing about configuration and more id packets. ***

%time% :WINDOWS: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 7
        PAP: Authenticate-Ack

*** Authentication successful.  From this point on Windows diverges
    from Open. ***

%time% :WINDOWS: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        IPCP: Configure-Request, IP-Address=0.0.0.0
%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 18
        IPCP: Configure-Reject, Unknown IPCP code 0x82
%time% :WINDOWS: :TELUS: 8864 44: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 24
        IPCP: Configure-Request, IP-Address=0.0.0.0
%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 24
        IPCP: Configure-Nak, IP-Address=192.252.228.129
%time% :WINDOWS: :TELUS: 8864 44: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 24
        IPCP: Configure-Request, IP-Address=192.252.228.129
%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 12
        IPCP: Configure-Request, IP-Address=76.10.191.4
%time% :TELUS: :WINDOWS: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 24
        IPCP: Configure-Ack, IP-Address=192.252.228.129
%time% :WINDOWS: :TELUS: 8864 32: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 12
        IPCP: Configure-Ack, IP-Address=76.10.191.4
%time% :WINDOWS: :TELUS: 8864 62: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 42
        IP: 192-252-228-129.dsl.teksavvy.com > igmp.mcast.net: igmp-2 [v2] [ttl 1]
%time% :WINDOWS: :TELUS: 8864 350: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 330
        IP: 192-252-228-129.dsl.teksavvy.com.bootpc > 255.255.255.255.bootps: htype-#8 hlen:0 xid:0x44e9c760 secs:1536 C:192-252-228-129.dsl.teksavvy.com vend-rfc1048 DHCP:INFORM CID:0.241.124.24.140.120.190.255.70.143.99.91.213.25.40.226.11 HN:"mywindows" VC:77.83.70.84.32.53.46.48 PR:NS+WNS+VO+SM+249+DN

*** A bit of debate over addresses and then Windows is online. ***


OpenBSD using only PAP:

%time% :TELUS: :OPENBSD: 8863 68: PPPoE-Discovery
        code Offer, version 1, type 1, id 0x0000, length 48
        tag AC-Name, length 12 EDTNABXTAR03
        tag Host-Uniq, length 4 K\200H\214
        tag Service-Name, length 0
        tag AC-Cookie, length 16 \222\377q-,p\230I\037:t\250\251\322\031h
%time% :OPENBSD: :TELUS: 8863 52: PPPoE-Discovery
        code Request, version 1, type 1, id 0x0000, length 32
        tag Service-Name, length 0
        tag AC-Cookie, length 16 \222\377q-,p\230I\037:t\250\251\322\031h
        tag Host-Uniq, length 4 K\200H\214
%time% :TELUS: :OPENBSD: 8863 60: PPPoE-Discovery
        code Confirm, version 1, type 1, id 0x1234, length 12
        tag Service-Name, length 0
        tag Host-Uniq, length 4 K\200H\214
%time% :OPENBSD: :TELUS: 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 21
        LCP: Configure-Request, Max-Rx-Unit=1460, Auth-Prot CHAP/MD5, Magic-Number=306492429, Vendor-Ext
%time% :OPENBSD: :TELUS: 8864 31: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 11
        LCP: Configure-Nak, Auth-Prot PAP[|lcp]

*** CHAP please?  No. ***

%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
%time% :OPENBSD: :TELUS: 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
%time% :OPENBSD: :TELUS: 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
%time% :OPENBSD: :TELUS: 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Request, Max-Rx-Unit=1460, Auth-Prot PAP, Magic-Number=306492429, Vendor-Ext
%time% :OPENBSD: :TELUS: 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Ack, Max-Rx-Unit=1460, Auth-Prot PAP, Magic-Number=306492429[|lcp]
%time% :OPENBSD: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Request, Max-Rx-Unit=1452, Auth-Prot PAP, Magic-Number=1462616641, Vendor-Ext
%time% :OPENBSD: :TELUS: 8864 40: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 20
        LCP: Configure-Ack, Max-Rx-Unit=1452, Auth-Prot PAP, Magic-Number=1462616641[|lcp]
%time% :OPENBSD: :TELUS: 8864 36: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Request, Magic-Number=-617813364, Max-Rx-Unit=1492[|lcp]
%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 16
        LCP: Configure-Ack, Magic-Number=-617813364, Max-Rx-Unit=1492, Vendor-Ext
%time% :OPENBSD: :TELUS: 8864 56: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 36
        PAP: Authenticate-Request, Peer-Id=[hidden email], Passwd=HiThere
%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 7
        PAP: Authenticate-Ack

*** Roughly the same debate about configuration, then successful
    authentication. ***

%time% :OPENBSD: :TELUS: 8864 26: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 6
        LCP: Terminate-Request

*** Ker-plonk.  Instead of working on getting an IP address, Open
    requests termination. ***

%time% :TELUS: :OPENBSD: 8864 60: PPPoE-Session
        code Session, version 1, type 1, id 0x1234, length 6
        LCP: Terminate-Ack
%time% :OPENBSD: :TELUS: 8863 20: PPPoE-Discovery
        code Terminate, version 1, type 1, id 0x1234, length 0

*** Which Telus duly obliges. ***


I feel like I'm missing something very obvious.

Reply | Threaded
Open this post in threaded view
|

Re: PPPoE connection closing right after authentication?

Jon Martin
In reply to this post by Sebastian Benoit
On Mon, Mar 26, 2018 at 09:47:18PM +0200, Sebastian Benoit wrote:
> Jon Martin([hidden email]) on 2018.03.22 13:19:51 -0600:
>>
>> To me this further indicates a "double authentication": a CHAP challenge
>> followed by PAP authentication.  I have no idea how to set up a config
>> to answer that though.
>
> Yes, this is possible, and OpenBSD does not support this mode.

The good news is that just PAP authentication should work, and does on
Windows.  The bad news is that on OpenBSD I'm still not getting an IP
address from Tek/Telus after the Authenticate-Ack.

Reply | Threaded
Open this post in threaded view
|

Re: PPPoE connection closing right after authentication?

Mihai Popescu-3
In reply to this post by Jon Martin
>The good news is that just PAP authentication should work, and does on Windows.  The bad >news is that on OpenBSD I'm still not getting an IP address from Tek/Telus after the Authenticate-Ack.

I remember some time ago, that someone requested some help with pppoe
implementation since his ISP was asking for a specific value of VLAN
field for a german ISP. I think someone coded right away that feature
in OpenBSD.
All the discussion is in the misc@.
In the meantime, you can email your ISP and explain that you are using
something else and you need some details about connection. First line
of support may think you are crazy, but ask for a more specialised
person and maybe they will tell you the full process.