[pptp-server] pptpd-1.0.0: 128-bit encryption not working

JordanR7 at aol.com JordanR7 at aol.com
Fri Nov 26 11:41:09 CST 1999


Hi,

I've searched the PoPToP FAQ, and recompiled and reinstalled ppp & pptpd over 
and over, but I still can't get 128-bit encryption to work properly. I'm 
using pptpd-1.0.0, ppp-2.3.8 with the MPPE patch, and SSLeay-0.6.6b. My 
/etc/ppp/options is as follows:

lock

# options added for poptop
debug
name servername
auth
require-chap
proxyarp

+chap
+chapms
+chapms-v2
mppe-40
#mppe-128
mppe-stateless

Everything appears to work normally -- connections can be made from both 
Windows 98 and Windows NT 4.0 clients. When a Windows 98 client with "Require 
data encryption" enabled connects, I get this message in the log:

pppd[14765]: MPPE 40 bit, stateless receive compression enabled

so it appears 40-bit encryption is functional. Problem is, when I remove the 
hash mark from behind "mppe-128" so that I can use 128-bit encryption, the 
Windows 98 client cannot connect. It says:

"The computer you're dialing in to does not support the data encryption 
requirements specified.
Please check your encryption settings in the properties of the connection.  
If this problem persists, contact your network administrator."

Isn't 128-bit encryption supposed to be supported out the box with the MPPE 
patch? Is there further configuration required to enable 128-bit encryption 
on the PoPToP server? The Windows 98 & NT client machines do have the 
appropriate 128-bit encryption patches, and are able to successfully connect 
to "128-bit required" NT-based PPTP servers.

P.S. I did have to edit one file -- ppp_mppe.c -- in order to get the 
ppp_mppe module to compile correctly. It had a line #include "rc4_skey.c". I 
don't have this file anywhere on my system (it doesn't come with 
SSLeay-0.6.6b), so I commented the line out, and then it was able compile 
successfully. Could that have anything to do with 128-bit encryption not 
working?

Thanks very much in advance!

Jordan Russell




More information about the pptp-server mailing list