25.03.b.20250306.0140 - if_pppoe kernel module chap failure
-
Decided to give the if_pppoe kernel module a go.
After the mandatory reboot no PPPoE connection.
Logs only have:if_pppoe: pppoe0: chap failure
Everything worked fine with mpd5.
Nothing odd about the connection that I can think of. Normal FTTP in the UK from an ISP using BT Wholesale's infrastructure.
The username is 27 characters long and as both a - and @ in it. That's typical for this type of ISP as the bit after the @ ends the authentication to the correct ISP.Is there a way I can capture the negotiation in more detail to see what's failing?
-
@femtosize tcpdump should let you capture the PPP connection negotiation.
tcpdump -n -i <ethernet interface> -s0 -w /tmp/ppp.pcapshould produce a useful capture file in /tmp/ppp.pcap. -
@kprovost Thanks. That's let me see what's going on.
It appears the MD5 calculation is wrong as I get a failure packet back with the Message field set to "The password supplied was incorrect".
The challenge is 51 bytes long and the secret 9, along with the the id byte that's 61 bytes = 418 bits.
That means 59 bytes of padding will be required.I wonder if the 51 byte challenge is breaking things as most implementations I can find info on seem to use 16 bytes or maybe 24.
-
@femtosize There's nothing obvious in the code. I'd expect long challenges to just work.
Can you share this capture to https://nc.netgate.com/nextcloud/s/Am58nWPJSZyf9JJ? Perhaps there's still something else to see in it.
-
@kprovost OK. I've uploaded the capture.
-
Thanks, we are checking...
-
@femtosize I've tried to reproduce this locally, and found that this challenge length just works.
I've also tweaked the test setup to resemble yours a bit more by using the same username.Here's the capture for that: https://www.codepro.be/files/197026.pcap
That just worked.Just about the only thing I can think right now is that the password is actually wrong. It may be worth trying with this pppoe package: https://www.codepro.be/files/if_pppoe-kmod-2.8.0.b.20250404.1200.1500029.pkg . This one will copy the password back to userspace so
pppcfg pppoe0will show the password, allowing you to check if it actually has the correct password. -
@kprovost Sorry, I can't try that pkg as I'm on arm64. Could that be the problem? Different alignment requirements?
The password should be correct as I'm not changing any config when flipping between mpd5 and if_pppoe and back again. Always works with mpd5, always fails with if_pppoe. -
@femtosize Ah, yeah, an amd64 (and CE) kernel module won't work on arm64, of course.
I don't expect there to be alignment issues in this particular code. That's one thing that might be going wrong, but it's also possible there are issues in how the PHP passes the password via pppcfg, so it's worth checking this anyway.
I'll make an arm64 build, but that might not happen until Monday.
-
@kprovost I've figured it out. There's been a space at the start of the password since I entered it years ago. The mdp5 code path writes it to a config file with no quotes around it so it just worked.
The if_pppoe path uses it on a command line surrounded by quotes and so it fails until I remove the space.This does make me think it might be interesting if my username or password had / " or ; in it.
-
@femtosize said in 25.03.b.20250306.0140 - if_pppoe kernel module chap failure:
@kprovost I've figured it out. There's been a space at the start of the password since I entered it years ago. The mdp5 code path writes it to a config file with no quotes around it so it just worked.
The if_pppoe path uses it on a command line surrounded by quotes and so it fails until I remove the space.This does make me think it might be interesting if my username or password had / " or ; in it.
Seems like a bug to me for pfSense to inconsistently handle non-printing characters at the beginning or end of any string.
-
@femtosize Ah, thanks for figuring that out.
I'll add a Redmine for this, and a reminder to check for escaping things like " and ' and .
-
For reference: https://redmine.pfsense.org/issues/16128