[pptp-server] pptpd-1.0.0: 128-bit encryption not working
JordanR7 at aol.com
JordanR7 at aol.com
Fri Nov 26 11:41:09 CST 1999
Hi,
I've searched the PoPToP FAQ, and recompiled and reinstalled ppp & pptpd over
and over, but I still can't get 128-bit encryption to work properly. I'm
using pptpd-1.0.0, ppp-2.3.8 with the MPPE patch, and SSLeay-0.6.6b. My
/etc/ppp/options is as follows:
lock
# options added for poptop
debug
name servername
auth
require-chap
proxyarp
+chap
+chapms
+chapms-v2
mppe-40
#mppe-128
mppe-stateless
Everything appears to work normally -- connections can be made from both
Windows 98 and Windows NT 4.0 clients. When a Windows 98 client with "Require
data encryption" enabled connects, I get this message in the log:
pppd[14765]: MPPE 40 bit, stateless receive compression enabled
so it appears 40-bit encryption is functional. Problem is, when I remove the
hash mark from behind "mppe-128" so that I can use 128-bit encryption, the
Windows 98 client cannot connect. It says:
"The computer you're dialing in to does not support the data encryption
requirements specified.
Please check your encryption settings in the properties of the connection.
If this problem persists, contact your network administrator."
Isn't 128-bit encryption supposed to be supported out the box with the MPPE
patch? Is there further configuration required to enable 128-bit encryption
on the PoPToP server? The Windows 98 & NT client machines do have the
appropriate 128-bit encryption patches, and are able to successfully connect
to "128-bit required" NT-based PPTP servers.
P.S. I did have to edit one file -- ppp_mppe.c -- in order to get the
ppp_mppe module to compile correctly. It had a line #include "rc4_skey.c". I
don't have this file anywhere on my system (it doesn't come with
SSLeay-0.6.6b), so I commented the line out, and then it was able compile
successfully. Could that have anything to do with 128-bit encryption not
working?
Thanks very much in advance!
Jordan Russell
More information about the pptp-server
mailing list