[pptp-server] compiling with RC4, and openssl (easy fix for a guru)

Mon Oct 18 14:43:56 CDT 1999

Geoff 

It isen´t necessary modify any source code. Probally you´re using 
OpenSSL-0.9.1c or OpenSSL-0.9.4. 
If you use SSLeay-0.6.6b forget the information below.
************************************************************************
2. edit both "ppp_mppe.c" files and add the following line at the end
     of the set of #include lines at the top of the file...
           #include "rc4_skey.c"

************************************************************************

I modifyed any procedures below. 

Now I installed without problems with a bit modifications describe
below from HOWTOFAQ PoPToP source.

Thanks

Emir Toktar

Procedures that I used for comments.

begin------------------------------
(+) lines that I add ....
end------------------------------

(-) lines that I cut ....

******************************

PoPToP HOWTO/FAQ
----------------
Last Updated: 19990813
Maintained by: Matthew Ramsay <matthewr at moreton.com.au>

HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP Mailing List
(hosted by Christopher Schulte) by Matthew Ramsay. Large contributions from
Steve Rhodes and Michael Walter.

+++++++++++++++++++++

3.0 PPP (and MSCHAP/MPPE) Installation
--------------------------------------
It is only necessary to use PPP 2.3.8 if you want Microsoft compatible
MSCHAPv2/MPPE authentication and encryption. The reason for this is that
the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8.
If you don't need Microsoft compatible authentication/encryption any 2.3.x
PPP source will be fine.

Assuming you want Microsoft compatible authentication/encryption follow
these steps:

Note: [] are example commands to run

1. Grab yourself a clean copy of the PPP deamon v2.3.8 (ppp-2.3.8.tar.gz).
 I usually go here for my PPP files: ftp://cs.anu.edu.au/pub/software/ppp/
 Note: You must get the tarball (tar.gz) and *not* the RPM.

2. Grab youself the MSCHAP/MPPE diff file from:

http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff.
gz

3. Grab yourself the SSLeay-0.6.6b file from:
 ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz

4. You should now have 3 files:
  ppp-2.3.8.tar.gz
  ppp-2.3.8-mppe-others-norc4_TH7.diff.gz
  SSLeay-0.6.6b.tar.gz
begin-------------------------------------------
(+) ppp-2.3.8-patch1  ==>correction for IPX/SPX
end---------------------------------------------

 Copy these files to your preferred location (I prefer /usr/local/src/)

begin-----------------------------
 I uninstall previus ppp
(+) rpm -e ppp-2.3.7-2
end--------------------------------

5. Assuming your files are in /usr/local/src/ and your current working
 directory is also /usr/local/src/ do the following:
  [tar zxvf ppp-2.3.8.tar.gz]
  [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz]

begin----------------------------
 it's not gunzip... [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz]
end----------------------------

  [tar zxvf SSLeay-0.6.6b.tar.gz]
  [cp SSLeay-0.6.6b/crypto/rc4/rc4.h ppp-2.3.8/linux/]
  [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c ppp-2.3.8/linux/]

begin------------------------------
(+) [cp SSLeay-0.6.6b/crypto/rc4/rc4.h  /usr/src/linux/drivers/net/]
(+) [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/]
(+) [cp ppp-2.3.8-patch1  ppp-2.3.8/pppd]
(+) [cd ppp-2.3.8/pppd]
(+) [patch -p0 < ppp-2.3.8-patch1]
(+) [cd /usr/local/src/]
end------------------------------
    [patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff]
    [cd ppp-2.3.8]

6. The files should now all be in place and we are ready to compile PPP.
 Follow these steps to compile it:
  [./configure]

begin--------------------------------------------------------------
(+)  [make kernel]  --> reference ppp-2.3.8
it isen't necessary following lines below described in HOWTOFAQ...
end----------------------------------------------------------------

(-)  [cd linux]
(-)  [./kinstall.sh]
(-)  [cd ..]

begin-----(if kernel < 2.2.8)---------
Build the kernel when < Kernel 2.2.8
     [cd /usr/src/linux/]
     [make menuconfig .....if necessary ...]
     [make dep]
     [make clean]
     [make bzImage]
end---------------------------------

  [make]
  [cp pppd/pppd /usr/sbin/]

begin------------------------------
(+) [make install]  --> reference ppp-2.3.8
end------------------------------

  [cd /usr/src/linux]
  [make modules SUBDIRS=drivers/net]
  [make modules_install]

begin------------------------------
(+) [cd /lib/modules/2.2.5-15/net/]
(+) [insmod slhc]
(+) [insmod ppp]
(+) [insmod bsd_comp]
(+) [insmod ppp_deflate]
(+) [insmod ppp_mppe]
end------------------------------

// it isen't work
(-)  [rmmod ppp]
(-)  [insmod ppp]
(-)  [insmod ppp_mppe]

Regards,

Emir Toktar

+55 ** 41 340-7157
emir.toktar at bra.xerox.com
toktar at per.com.br
toktar at ppgia.pucpr.br

-----Original Message-----
From: Geoff Nordli [mailto:geoff at gnaa.net]
Sent: Sunday, October 17, 1999 10:32 PM
To: carey at itfreedom.com
Cc: Pptp-Server List (E-mail)
Subject: [pptp-server] compiling with RC4, and openssl (easy fix for a
guru)

Yes.  I think so.  I tried all kinds of different things.

I tried doing a re-install of the ppp/pptpd, and now I can't
even get the damn thing compiled.

I am working with the openssl package, and follwed the
instructions that were on the list, but to no avail.

Supposedly you are supposed to:

1. copy rc4.h, rc4_enc.c rc4_locl.h, rc4_skey.c to both
           .../ppp-2.3.8/linux/
     and
           /usr/src/linux/drivers/net/

2. edit both "ppp_mppe.c" files and add the following line at the end
     of the set of #include lines at the top of the file...
           #include "rc4_skey.c"

which i did, but I can't get past the

'make modules' command in the /usr/src/linux

I attached the error log from my compile.  It seems that it can't
find the openssl/rc4.h file.  Is there a path section I should
be aware of?

thanks,

geoff 

> -----Original Message-----
> From: Carey Jung [mailto:carey at itfreedom.com]
> Sent: Sunday, October 17, 1999 5:08 PM
> To: geoff at gnaa.net
> Subject: RE: [pptp-server] unable to ping hosts on network
>
>
> Looks like you have to call them.  It's not generally available.
>
> Have you tried connecting with encryption turned off?
>
> > -----Original Message-----
> > From: Geoff Nordli [mailto:geoff at gnaa.net]
> > Sent: Sunday, October 17, 1999 6:25 PM
> > To: carey at itfreedom.com; 'Pptp-Server List (E-mail)'
> > Subject: RE: [pptp-server] unable to ping hosts on network
> >
> >
> > Does anyone happen to have a link for the fix.
> >
> > I can't find it on the MS ftp server.
> >
> > > -----Original Message-----
> > > From: Carey Jung [mailto:carey at itfreedom.com]
> > > Sent: Sunday, October 17, 1999 4:06 PM
> > > To: geoff at gnaa.net; Pptp-Server List (E-mail)
> > > Subject: RE: [pptp-server] unable to ping hosts on network
> > >
> > >
> > > This sounds somewhat like a known bug in NT SP5.  Check
> out Microsoft
> > > knowledge base article Q236584.  Here's an excerpt. 
> Sound like your
> > > problem?
> > >
> > > SYMPTOMS
> > > After you upgrade to Windows NT 4.0 Service Pack 5 (SP5),
> Windows NT
> > > 4.0-based 128-bit Remote Access Services (RAS) clients can
> > > successfully dial
> > > in to a RAS server, but cannot access the server's network
> > > adapter or any
> > > other device on the network. The issue occurs when you are
> > > using the Require
> > > Data Encryption option with the Require Microsoft Encrypted
> > > Authentication
> > > setting. The client is unable to ping any TCP/IP interface on
> > > the remote
> > > network, including the Microsoft Virtual Private
> Networking Adapter
> > > (NDISWAN) IP address that the server assigned to the client.
> > > This behavior
> > > does not occur with 40-bit RAS clients or Microsoft Windows
> > > 95/Microsoft
> > > Windows 98 clients.
> > >
> > > Routing and Remote Access Services (RRAS) Dial-on-Demand
> > > (DOD) connections
> > > that use direct dial (Point-to-Point Protocol, or PPP), not
> > > Point-to-Point
> > > Tunneling Protocol (PPTP), are also affected when you are
> > > using 128-bit
> > > updates with the Require Data Encryption option with the
> > > Require Microsoft
> > > Encrypted Authentication setting
> > >
> > > RESOLUTION
> > > A supported fix that corrects this problem is now available
> > > from Microsoft,
> > > but it has not been fully regression tested and should be
> > > applied only to
> > > systems experiencing this specific problem. If you are not
> > > severely affected
> > > by this specific problem, Microsoft recommends that you wait
> > > for the next
> > > Windows NT 4.0 service pack that contains this fix.
> > >
> > > To resolve this problem immediately, contact Microsoft
> Product Support
> > > Services to obtain the fix. For a complete list of Microsoft
> > > Product Support
> > > Services phone numbers and information on support costs,
> > > please go to the
> > > following address on the World Wide Web:
> > >
> > >
> > http://www.microsoft.com/support/supportnet/overview/overview.asp
> >
> >
> >
> > > -----Original Message-----
> > > From: pptp-server-admin at lists.schulte.org
> > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of
> Geoff Nordli
> > > Sent: Sunday, October 17, 1999 2:59 PM
> > > To: Pptp-Server List (E-mail)
> > > Subject: [pptp-server] unable to ping hosts on network
> > >
> > >
> > > I have attached my pptplog describing a session.
> > >
> > > I am unable to ping into the network.
> > >
> > > Any ideas why this might happen?
> > >
> > > The proxy arp is eth0, which is the internal
> > > network (172.16.0.0), which I assume is correct,
> > > since I think it is responsible for replying
> > > ARP requests on local network.
> > >
> > > I actually had it working temporarily last night,
> > > but then it broke.
> > >
> > > thanks,
> > >
> > > BTW I am also unable to get the encryption set up
> > > with the NT 4 SP5 client.  It says,  "the local
> > > computer does not support encryption".
> > >
> > > Any ideas with that?
> > >
> > > Geoff Nordli
> >
> >
>