This project is read-only.

disable chap not working

Feb 3, 2014 at 4:29 AM
Edited Feb 3, 2014 at 4:29 AM
Greetings,

I'm trying to create a vpn connection with only ms-chap-v2 enabled, however CHAP keeps getting enabled even though i have the option to disable it.

Here is the code i'm using:
                Dim PhoneBook As New RasPhoneBook
                PhoneBook.Open()
                Dim VpnEntry As RasEntry = RasEntry.CreateVpnEntry(VpnName, Destination, DotRas.RasVpnStrategy.L2tpOnly, _
                                           DotRas.RasDevice.Create(VpnName, DotRas.RasDeviceType.Vpn))
                VpnEntry.Options.UsePreSharedKey = True
                VpnEntry.Options.RemoteDefaultGateway = False
                VpnEntry.Options.RequireChap = False
                PhoneBook.Entries.Add(VpnEntry)
                VpnEntry.UpdateCredentials(RasPreSharedKey.Client, PresharedKey)
any help is appreciated
Feb 3, 2014 at 5:06 PM
Microsoft tied a couple settings together for those, if any of them are turned on, the others are turned on as well. Make sure the RequireEncryptedPassword and RequireMsEncryptedPassword options are both turned off on your entry. That should allow you to disable the use of CHAP.
Feb 3, 2014 at 5:21 PM
Edited Feb 3, 2014 at 6:34 PM
is that just for the api? i ask because when i manually create a vpn the chap box can be cnchecked while still requiring encryption

thanks!

[edit]
comparing the rasphone.pbk files that are created the following lines are changed when checking/unckecking CHAP when MS-CHAP-V2 is left enabled:
Original:
PreferredHwFlow=0
PreferredProtocol=0
PreferredCompression=0
PreferredSpeaker=0

and
AuthRestrictions=544

Changed:
PreferredHwFlow=1
PreferredProtocol=1
PreferredCompression=1
PreferredSpeaker=1

and
AuthRestrictions=512
Feb 3, 2014 at 10:13 PM
According to the Win32 RAS API, yes. I don't know whether there are any differences between how the API and the dialog work, never really thought to look. All I know is what the SDK documentation tells me, which I in turn relayed to you. DotRas doesn't work with the phonebook files directly either, that's all under Microsoft's control as far as this library is concerned.

Below is the link to the RASENTRY structure, where they documented this:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa377274(v=vs.85).aspx

If you open the entry you created manually, within Windows, with the API and inspect the entry which options have been set? That might give you some insight which properties need to be configured to get the entry to act the way you want.
Feb 3, 2014 at 11:24 PM
Edited Feb 4, 2014 at 8:11 PM
opening the entry with the api was going to be my next step. do you have any examples for that? (i'm learning vb as i go with this project -- i'm actually a linux/perl guy)

[Edit]
so i created a brakepoint and was able to dump the options for the manually created (good) and the progrmatically created (bad) one and found that if you want to disable RequireChap you have to enable RequireMSEncryptedPassword

in the end my code looks like this:
                Dim PhoneBook As New RasPhoneBook
                PhoneBook.Open()
                Dim VpnEntry As RasEntry = RasEntry.CreateVpnEntry(VpnName, Destination, DotRas.RasVpnStrategy.L2tpOnly, _
                                           DotRas.RasDevice.Create(VpnName, DotRas.RasDeviceType.Vpn))
                VpnEntry.Options.UsePreSharedKey = True
                VpnEntry.Options.RemoteDefaultGateway = False
                VpnEntry.Options.RequireChap = False
                VpnEntry.Options.RequireMSEncryptedPassword = True
                PhoneBook.Entries.Add(VpnEntry)
                VpnEntry.UpdateCredentials(RasPreSharedKey.Client, PresharedKey)
Marked as answer by adambot on 2/4/2014 at 12:11 PM