C ++:在Windows RAS API中禁用RequireCHAP和RequireMsCHAP2

时间:2015-04-16 21:31:42

标签: c++ windows encryption vpn ras

我正在编写一个程序,用于在用户的计算机上设置VPN。我的系统管理员告诉我,VPN的安全页面必须检查these安全设置,而不检查其他设置。

我使用this代码作为我自己的基础。我的版本几乎可以正确设置所有内容,但不能取消选中标题为Challenge Handshake Authentication Protocol (CHAP)Microsoft CHAP Version 2 (MS-CHAP v2)的2个框。是否可以通过编程方式取消选中这两个复选框,同时将Data Encryption下拉列表设置为Require Encryption?这是我的代码:

void createVPN()
{
    DWORD size = 0;
    RasGetEntryProperties(NULL, L"", NULL, &size, NULL, NULL);
    LPRASENTRY pras = (LPRASENTRY)malloc(size);
    memset(pras, 0, size);
    pras->dwSize = size;
    pras->dwType = RASET_Vpn;
    pras->dwRedialCount = 1;
    pras->dwRedialPause = 60;
    pras->dwfNetProtocols = RASNP_Ip;
    pras->dwEncryptionType = ET_Require;
    wcscpy_s(pras->szLocalPhoneNumber, L"meraki.companyname.com");
    wcscpy_s(pras->szDeviceType, RASDT_Vpn);
    pras->dwfOptions = RASEO_RemoteDefaultGateway;

    pras->dwVpnStrategy = VS_L2tpOnly;
    pras->dwfOptions2 |= RASEO2_UsePreSharedKey;
    pras->dwfOptions &= ~(RASEO_RequireCHAP | RASEO_RequireMsCHAP | RASEO_RequireMsCHAP2);//This should unset the CHAP flags, but it doesn't.

    RasSetEntryProperties(NULL, L"CompanyName Meraki VPN", pras, pras->dwSize, NULL, 0);

    RASCREDENTIALS ras_cre_psk = { 0 };
    ras_cre_psk.dwSize = sizeof(ras_cre_psk);
    ras_cre_psk.dwMask = RASCM_PreSharedKey;
    wcscpy_s(ras_cre_psk.szPassword, L"redacted");
    RasSetCredentials(NULL, L"CompanyName Meraki VPN", &ras_cre_psk, FALSE);

    free(pras);
}

我想通过将pras->dwEncryptionType设置为ET_Require,可以防止RASEO_RequireCHAP和其他CHAP标记被取消设置,但在Windows GUI中,可以取消选中它们将Data Encryption设置为Require Encryption。我的系统管理员告诉我,如果选中了任一个CHAP复选框,或者Data Encryption未设置为Require Encryption,则连接将不起作用。我该怎么办?

1 个答案:

答案 0 :(得分:2)

我终于明白了。您必须设置RASEO_RequirePAP开关。这是该函数的最终版本:

void createVPN()
{
    DWORD size = 0;
    RasGetEntryProperties(NULL, L"", NULL, &size, NULL, NULL);
    RASENTRY rasEntry = {};
    rasEntry.dwSize = sizeof(rasEntry);
    rasEntry.dwType = RASET_Vpn;
    rasEntry.dwRedialCount = 1;
    rasEntry.dwRedialPause = 60;
    rasEntry.dwfNetProtocols = RASNP_Ip;
    rasEntry.dwEncryptionType = ET_Require;
    wcscpy_s(rasEntry.szLocalPhoneNumber, L"meraki.enoble.com");
    wcscpy_s(rasEntry.szDeviceType, RASDT_Vpn);
    rasEntry.dwfOptions = RASEO_RemoteDefaultGateway;

    rasEntry.dwVpnStrategy = VS_L2tpOnly;
    rasEntry.dwfOptions2 |= RASEO2_UsePreSharedKey;
    rasEntry.dwfOptions |= RASEO_RequirePAP;

    RasSetEntryProperties(NULL, L"Enoble Meraki VPN", &rasEntry, rasEntry.dwSize, NULL, 0);

    RASCREDENTIALS ras_cre_psk = { 0 };
    ras_cre_psk.dwSize = sizeof(ras_cre_psk);
    ras_cre_psk.dwMask = RASCM_PreSharedKey;
    wcscpy_s(ras_cre_psk.szPassword, L"passport2k");
    RasSetCredentials(NULL, L"Enoble Meraki VPN", &ras_cre_psk, FALSE);
}

我希望这有助于某人。

相关问题
最新问题