[pptp-server] Encryption Problem (me too)

[Jason M. Felice]

On Thu, Nov 04, 1999 at 04:02:54PM -0600, locutus at imsa.edu wrote:
> Hello all.
> 
> I have successfully installed PoPToP 1.0.0 on a RedHat 6.0 (kernel 2.2.5)
> system.  I can connect to it from any 98 host, and can communicate with
> any host on my private network.  However, when I check "require encrypted
> authentication" within the DUN properties on the client, I am no longer
> able to communicate with the private network.  The DUN connection can
> still be established, and the correct IP is assigned, but communication
> is impossible.  I have installed the ppp-mppe patch, recompiled the kernel,
> and have loaded all of the necessary modules.  I have also installed SSLeay
> 0.6.6b.  In addition, I have installed the DUN 4.0 update per the HOWTO.
> This happens from multiple clients, some running 98 and some running 98se.
> None of these have helped.  Here is what I find in /var/log/pptpd.log:
> 
> pppd[1735]: MPPE 40 bit, stateless compression enabled
> pppd[1735]: Script /etc/ppp/ip-up finished (pid 1736), status = 0x0
> pppd[1735]: rcvd [proto=0x4da7] cd 80 08 8a be c6 bc f1 4d 6e ad a5 04 2e
> 91 1f 96 1d b5 3d b0 f4 92 12 0c f9 a6 ce
> pppd[1735]: Unsupported protocol (0x4da7) received
> 
> The last two lines continue, with a different set of numbers in the 
> "unsupported protocol" line, until I disconnect.  Here is my /etc/ppp/options:
> 
> lock
> debug
> auth
> +chap
> +chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
> name punk
> require-chap
> proxyarp

I am having the exact same problem here, with multiple Windows 98 machines.
The configuration is exactly the same as this, except I don't have the 'name'
line in the options file.  (I've tried with and without proxyarp, and all
compinations of mppe/chap options).  ppp-2.3.8+mppe

To answer the next question that will be asked, IP header compression is off,
IPX/SPX is off, Netbeui is off, Log on to remote network is off.  The mppe
module is loaded (it appears in the log), so are the compression modules,
loaded via aliases in /etc/conf.modules - kernel is 2.2.9, (okay two 
differences).  Require data encryption is on (if I turn it off, I can
get an unencrypted tunnel which works fine), require encrypted password is on,
record a log file for this connection is on (although it won't *sigh*), I've
tried with use default gateway on remote network both on and off (usually off),
and I've gone through all of the FAQs and howtos and docs three times now.

If log on to network is off (which is where I typically keep it, but I've
tried everything), there is a one-to-one relationship between packets I try
to send accross the wire and 'Unsupported protocol' messages.  All traffic
is ICMP or TCP, I have not tried UDP.

We have an NT server, and this Windows98 box *will* connect to the NT server
with an encrypted connection and route traffic just fine.

This is on a modified RH5.2 with kernel 2.2 and the kernel2.2 RPM updates
provided by redhat.

> 
> I have run out of ideas.  Any suggestions?

I have a test box, and PoPToP has gone into our 'custom linux distro', so I
can install it and get it onto our subnet fairly quickly.  If any developer
wants to see what's going on with an exact replica, please let me know.

I know this is working under similar configurations, I've talked with a
fellow Cleveland Linux User's Group member who has this working in a few
offices, although that is an older version PoPToP (only thing I can think
of).

> 
> Thanks in advance.
> 
> Michael Holl
> --
> locutus at imsa.edu
> 

-Jay 'Eraserhead' Felice

P.S.  Are there any changes in CVS?