Ubuntu
ppp package

Handle PPP non-compliant success packets

Bug #1890814 reported by Douglas Kosovic
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ppp (Debian)
Fix Released
Unknown
ppp (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

[Impact]
According to RFC2759, the format of PPP success packets is :

"S=<auth_string> M=<message>"

Recently Windows Server 2019 has started producing non-complaint PPP success packets which have a space missing before the M= characters.

PPP based (e.g. PPTP, L2TP, etc) VPN clients connecting to an affected Windows Server 2019 VPN server will get the following error message during MS-CHAPv2 authentication :

   MS-CHAPv2 Success packet is badly formed

If the following upstream ppp patch is applied, it will handle the non-compliant, missing-space before M= success packets :

https://github.com/paulusmack/ppp/commit/3cd95baf3f1de1d5a9bc89be0f4c3215ceb5aefe.patch

Tags: sru
Revision history for this message
Douglas Kosovic (dkosovic) wrote :

macOS already handles the missing space before M=, extract from :
https://opensource.apple.com/source/ppp/ppp-862.120.2/Helpers/pppd/chap_ms.c.auto.html

 //we'll allow the missing-space case from the server, even though
 //it's non-conforming to spec!
 dbglog("Rcvd non-conforming MSCHAPv2 Success packet, len=%d", len);
 if(len >= 2 && !strncmp((char*)msg, "M=", 2))
  msg += 2;
 else
 {
  error("MS-CHAPv2 Success packet is badly formed.");
  return 0;
 }

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ppp (Ubuntu):
status: New → Confirmed
Revision history for this message
manap reza (manap-reza) wrote :

This bug is affecting me as well. It's annoying not being able to connect to my work VPN. Since nobody wants to follow this bug up. Here is the snippet of the log:

ct 6 01:37:00 reza pppd[18741]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
Oct 6 01:37:00 reza NetworkManager[18741]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
Oct 6 01:37:00 reza pppd[18741]: pppd 2.4.7 started by root, uid 0
Oct 6 01:37:00 reza pppd[18741]: Using interface ppp0
Oct 6 01:37:00 reza NetworkManager[18741]: Using interface ppp0
Oct 6 01:37:00 reza NetworkManager[18741]: Connect: ppp0 <--> /dev/pts/3
Oct 6 01:37:00 reza pppd[18741]: Connect: ppp0 <--> /dev/pts/3
Oct 6 01:37:00 reza NetworkManager[16794]: <info> [1601919420.1914] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/22)
Oct 6 01:37:00 reza pptp[18746]: nm-pptp-service-18737 log[main:pptp.c:353]: The synchronous pptp option is NOT activated
Oct 6 01:37:00 reza systemd-udevd[18745]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Oct 6 01:37:00 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
Oct 6 01:37:00 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_disp:pptp_ctrl.c:781]: Received Start Control Connection Reply
Oct 6 01:37:00 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_disp:pptp_ctrl.c:815]: Client connection established.
Oct 6 01:37:01 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
Oct 6 01:37:01 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_disp:pptp_ctrl.c:900]: Received Outgoing Call Reply.
Oct 6 01:37:01 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_disp:pptp_ctrl.c:938]: Outgoing call established (call ID 60622, peer's call ID 6890).
Oct 6 01:37:01 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_disp:pptp_ctrl.c:1004]: PPTP_SET_LINK_INFO received from peer_callid 40298
Oct 6 01:37:01 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_disp:pptp_ctrl.c:1006]: send_accm is 00000000, recv_accm is FFFFFFFF
Oct 6 01:37:01 reza pptp[18758]: nm-pptp-service-18737 warn[ctrlp_disp:pptp_ctrl.c:1011]: Non-zero Async Control Character Maps are not supported!
Oct 6 01:37:01 reza pppd[18741]: MS-CHAPv2 Success packet is badly formed.
Oct 6 01:37:01 reza NetworkManager[18741]: MS-CHAPv2 Success packet is badly formed.
Oct 6 01:37:01 reza NetworkManager[18741]: CHAP authentication failed
Oct 6 01:37:01 reza pppd[18741]: CHAP authentication failed
Oct 6 01:37:01 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_disp:pptp_ctrl.c:1004]: PPTP_SET_LINK_INFO received from peer_callid 40298
Oct 6 01:37:01 reza pptp[18758]: nm-pptp-service-18737 log[ctrlp_disp:pptp_ctrl.c:1006]: send_accm is FFFFFFFF, recv_accm is FFFFFFFF
Oct 6 01:37:01 reza NetworkManager[18741]: Connection terminated.
Oct 6 01:37:01 reza pptp[18758]: nm-pptp-service-18737 warn[ctrlp_disp:pptp_ctrl.c:1011]: Non-zero Async Control Character Maps are not supported!
Oct 6 01:37:01 reza pppd[18741]: Connection terminated.

Nim (nim12)
no longer affects: ppp
Bug Watch Updater (bug-watch-updater)
Changed in ppp (Debian):
status: Unknown → Fix Released
Revision history for this message
Douglas Kosovic (dkosovic) wrote :

Nim's status change of no longer affects ppp I think was just a mistake and rectified, but the rectification wasn't recorded in a new message.

This bug report no longer affects ppp >= 2.4.9, as it was fixed upstream and is the reason the corresponding Debian bug was closed.

This SRU patch request is for Ubuntu 20.04 which is still using an older ppp.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.