|
| From: | Greg Smith |
| Subject: | [lwip-users] PPP MPPE "Optional" Support |
| Date: | Wed, 10 Aug 2016 23:30:14 +0000 |
|
Hello. I have some devices in the field that have all PPP authentication turned off for PPP. Now that lwIP supports MSCHAPv2 and MPPE (in the 2.0.0 betas), I'd like to enable those features on my devices to encrypt the traffic. But I also need
to support older units that are running older lwIP versions and don't have authentication support. If I ppp_set_auth(, PPPAUTHTYPE_ANY,,) in my startup code, I can get peers to connect with both no authentication and MSCHAPv2 successfully. (Yea!) However, if I then try ppp_set_mppe(pppPcb, PPP_MPPE_ENABLE | PPP_MPPE_REFUSE_128); (with or without the REFUSE flag), my clients with no authentication fail because MPPE is "required". (LwIP responds with "MPPE required, but MS-CHAP[v2]
auth not performed.".) I'd like to make it so MPPE is only required if MSCHAPv2 negotiates. (Alternately, don't require MPPE if no authentication is negotiated, but require it (and fail) if any other form is negotiated.) Is there a way to do this? Or is that
behavior completely unsupported? I've thought about using PPP_NOTIFY_PHASE in some way, but I haven't explored that yet. Would that be viable (even if clunky) to manually do ppp_set_mppe after MSCHAPv2 negotiates? Or is even that poor practice to change LCP options in
the middle of the negotiation? -- G This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com |
| [Prev in Thread] | Current Thread | [Next in Thread] |