Hi,
Recently I bought a router from MikroTik in order to substitute the one given from my ISP. I have the ONT sepparated from the ISP router so setting a PPPoE should be easy.
I called them and asked for the credentials which they willingly handeled over. But when trying to set up the PPPoE client it says “connecting…” and then “failed to authenticate ourselves to peer” (and proceed to repeat this to the inifnite in a 2-second span time), which would usually mean that either the password or the username is wrong, just in case I decided to double check asking again the credentials just to find out I did get them right.
I tried doing a MiM to steal the credentials but they are using the CHAP protocol instead of a PAP (meaning they come encrypted, but at least allows me to ensure that the username is right).
Oddly enough when trying to set up a PPPOE connection with my windows (just to check the credentials) I get the error 651.
Does anyone know a way to check if the credentials are okay? What other causes of error could be producing the “failed to authenticate ourselves to peer” error?
[Also, VLAN ID is correctly setted].
HI,
It’s clear that the router can communicate with the ISP’s PPPoE Acces Concetrators and those reply with the message “failed to authenticate ourselves to peer” because either the credentials are wrong, or not implemented correctly by the ISP, or, there is an encryption mismatch between client and server.
You could try to check under PPP → Profiles, click the default one, and make sure that under Protocols tab the “Use Encryption” setting is set to “Yes”.
Hi,
I’m no expert on this (so I might be wrong) but all tutorials I saw said it did, the mikrotik has a field to input the vlan id and the packets containing the CHAP request and the CHAP response did had the VLAN id on them, so I guess it does come over on a vlan
Yes, already did that. Created a Vlan interface assigned them to ether1 and then assigned the pppoe to the vlan interface (otherwise it doesn’t even work). I have also setted up a masquerade rule on the firewall to get internet acces from my LAN bridge and also setted a dhcp server in the bridge, with no luck at all.
I’m starting to think they might have block my MAC from their network and thats making the error of “could not autentificate ourselves to the peer”.
Also with my windows I changed the VLAN ID of the ethernet adapter (thanks for pointing that out) and I don’t get the 651 error anymore but now I get an error complaining either the configuration of the connnection or the credentials (I haven’t specified to the connnection I want to use the CHAP authentification so maybe it’s only trying with PAP which I think is no longer supported).
Edit: I checked with wireshark and the protocol used when trying to connect with windows is CHAP so again everything leeds to incorrect credentials, which are not since I double checked them with my ISP.
Have you tried connecting both with and without encryption? If one end requires encryption and the other does not support it the connection setup will fail, I would expect the connection not to require encryption as MPPE has not been secure for years and would be unnecessary overhead for the ISP concentrators.
Also, have you tried cloning the WAN MAC address from the router supplied by the ISP. It is common for DHCP WAN connections to be locked to a specific MAC address, much less common for PPPoE but may still be the case.
Hi,
English is not my first language so I have some troubles understanding you. What do you mean to adding a logging topic? If you mean the logs from the mikrotik, they don’t output much more information than the one I gave in this post but sure I will upload them.