Noob: aws ec2 pptp vpnclient connection fails

Hi,

I’m comming from a windows background and new to linux. I’m trying to get my linux client to connect to the office network. I know the credentials are correct since the do work on my windows laptop.

Message when I try to connect:

 >pppd call wenvpn debugusing channel 10
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xb1de9edd> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <auth chap MS-v2> <magic 0x1>]
sent [LCP ConfAck id=0x0 <auth chap MS-v2> <magic 0x1>]
rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
sent [LCP ConfReq id=0x2 <magic 0xb1de9edd>]
rcvd [LCP ConfAck id=0x2 <magic 0xb1de9edd>]
sent [LCP EchoReq id=0x0 magic=0xb1de9edd]
rcvd [CHAP Challenge id=0x1 <5a3caee784533b30ab69c8f8119e65c9>, name = "WENNEKER"]
added response cache entry 0
sent [CHAP Response id=0x1 <20f9548fb911fbf6fe376144950b086d00000000000000000ad865df71e16f500500d9c8534726705536d8d7e753c30b00>, name = "UserName"]
rcvd [LCP EchoRep id=0x0 magic=0x1]
rcvd [CHAP Failure id=0x1 "E=691 R=1 C=5A3CAEE784533B30AB69C8F8119E65C9 V=0 M=Good luck!"]
MS-CHAP authentication failed: Good luck!
CHAP authentication failed
sent [LCP TermReq id=0x3 "Failed to authenticate ourselves to peer"]
rcvd [LCP TermReq id=0x1]
sent [LCP TermAck id=0x1]
rcvd [LCP TermAck id=0x3]
Connection terminated.
Waiting for 1 child processes...
  script pptp XX.XX.XX.XX --nolaunchpppd, pid 14650
Script pptp XX.XX.XX.XX --nolaunchpppd finished (pid 14650), status = 0x0



These are the settings in PPP/Peers/wenvpn:


>cat wenvpn
# written by pptpsetup
pty "pptp XX.XX.XX.XX --nolaunchpppd"
# Lock the port
lock
# We don't need the tunnel server to authenticate itself
noauth
# Turn off compression protocols we know won't be used
nobsdcomp
nodeflate
name UserName
password PassWord
remotename WENNEKER
ipparam wenvpn
require-mppe-128
refuse-chap

Can someone please point me in the right direction to get this sorted?
Thanks!

Been a little while since I’ve used AWS, but I always used an AWS client (typically based on FF) from the AWS site.
Assuming little has changed, it should still be the simplest and best way to connect to AWS which should also be cross-platform… to an extent.

The error you’re throwing is that you’re failing MS-CHAP authentication, and that could be caused by a number of things… eg Something in the client you’re using to connect, a missing component, etc.

So,
How are you connecting, with the officially recommended client, a third party client or from command line?
Start from there to troubleshoot.

TSU

You kind of lost me on the first line. AWS client (typically based on FF) ?

I started with the suse ami and connect over ssh with putty. So i’m working on the commandline.
From there I installed the “pptp” package with zypper.

You choose OTHER VERSION from the version menu prefix to the title.
But you fail to mention which version of openSUSE you do use.

We hope that the fact that there is that obligatory choice to be made, will give people a hint that that is an important piece of information needed to give adequate help. And that if you use a not supported version of openSUSE (which then falls under OTHER VERSION) this menul give you the idea that it is the more important to tell us that in the verry beginning of your problem description.

So please tell us which version of openSUSE you use.

Sorry I’m very new to this. Please educate me if necessary. Is this the information you need? I hope I’m in the right part of the forum.


> uname -a
Linux ip-172-31-25-73.eu-west-1.compute.internal 3.12.53-60.30-default #1 SMP Wed Feb 10 14:41:46 UTC 2016 (e57129f) x86_64 x86_64 x86_64 GNU/Linux

> lsb_release -a
LSB Version:    n/a
Distributor ID: SUSE LINUX
Description:    SUSE Linux Enterprise Server 12 SP1
Release:        12.1
Codename:       n/a
ip-172-31-25-73:/var/log #


 

You seem to have openSUSE 12.1.

It is realy something that is important for helpers. It is an old release, thus things might be different and a different advice might be needed.

BTW, you better upgrade to a newer version. You will not recieve any security patches on 12.1 and thus be vulnarable.

Ok appears that you use SLES which is the commercial version this is the openSUSE forums you need to ask SUSE forums not the openSUSE forums. You can use the same password

https://forums.suse.com/forum.php

Indeed it is SLES. I was wrong. It is not openSUSE at all.

The alternative to the CLI

The web tool is not only easy to connect, because it’s graphical IMO you can see more and do things more quickly in general.

TSU

I did start it from the web-interface. After starting the instance it needs to be controlled somehow. For the windows instances I normally work with this is easily done through RDP. But since I can’t seem to get VNC running on the instance (got it working on RedHat but it’s appears to be a little different approach on suse) I’m left with the commandline in Putty.

Thanks all for pointing me in the right direction and I’ll post a new thread on the Suse forum.

I might be mistaken but could it be the versioning for openSuse en enterprise are different? I think 12.1 is the current version. It’s the one advertised on suse.com

makes it even more clear that I should post in the right forum.
Thanks.

I do not know much of SLES/SLED, but the numbers have no real connection with the openSUSE ones.