[pptp-server] compiling with RC4, and openssl (easy fix for a guru)
Toktar, Emir
EMIR.TOKTAR at bra.xerox.com
Mon Oct 18 14:43:56 CDT 1999
Geoff
It isen´t necessary modify any source code. Probally you´re using
OpenSSL-0.9.1c or OpenSSL-0.9.4.
If you use SSLeay-0.6.6b forget the information below.
************************************************************************
2. edit both "ppp_mppe.c" files and add the following line at the end
of the set of #include lines at the top of the file...
#include "rc4_skey.c"
************************************************************************
I modifyed any procedures below.
Now I installed without problems with a bit modifications describe
below from HOWTOFAQ PoPToP source.
Thanks
Emir Toktar
Procedures that I used for comments.
begin------------------------------
(+) lines that I add ....
end------------------------------
(-) lines that I cut ....
******************************
PoPToP HOWTO/FAQ
----------------
Last Updated: 19990813
Maintained by: Matthew Ramsay <matthewr at moreton.com.au>
HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP Mailing List
(hosted by Christopher Schulte) by Matthew Ramsay. Large contributions from
Steve Rhodes and Michael Walter.
+++++++++++++++++++++
3.0 PPP (and MSCHAP/MPPE) Installation
--------------------------------------
It is only necessary to use PPP 2.3.8 if you want Microsoft compatible
MSCHAPv2/MPPE authentication and encryption. The reason for this is that
the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8.
If you don't need Microsoft compatible authentication/encryption any 2.3.x
PPP source will be fine.
Assuming you want Microsoft compatible authentication/encryption follow
these steps:
Note: [] are example commands to run
1. Grab yourself a clean copy of the PPP deamon v2.3.8 (ppp-2.3.8.tar.gz).
I usually go here for my PPP files: ftp://cs.anu.edu.au/pub/software/ppp/
Note: You must get the tarball (tar.gz) and *not* the RPM.
2. Grab youself the MSCHAP/MPPE diff file from:
http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff.
gz
3. Grab yourself the SSLeay-0.6.6b file from:
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz
4. You should now have 3 files:
ppp-2.3.8.tar.gz
ppp-2.3.8-mppe-others-norc4_TH7.diff.gz
SSLeay-0.6.6b.tar.gz
begin-------------------------------------------
(+) ppp-2.3.8-patch1 ==>correction for IPX/SPX
end---------------------------------------------
Copy these files to your preferred location (I prefer /usr/local/src/)
begin-----------------------------
I uninstall previus ppp
(+) rpm -e ppp-2.3.7-2
end--------------------------------
5. Assuming your files are in /usr/local/src/ and your current working
directory is also /usr/local/src/ do the following:
[tar zxvf ppp-2.3.8.tar.gz]
[gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz]
begin----------------------------
it's not gunzip... [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz]
end----------------------------
[tar zxvf SSLeay-0.6.6b.tar.gz]
[cp SSLeay-0.6.6b/crypto/rc4/rc4.h ppp-2.3.8/linux/]
[cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c ppp-2.3.8/linux/]
begin------------------------------
(+) [cp SSLeay-0.6.6b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/]
(+) [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/]
(+) [cp ppp-2.3.8-patch1 ppp-2.3.8/pppd]
(+) [cd ppp-2.3.8/pppd]
(+) [patch -p0 < ppp-2.3.8-patch1]
(+) [cd /usr/local/src/]
end------------------------------
[patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff]
[cd ppp-2.3.8]
6. The files should now all be in place and we are ready to compile PPP.
Follow these steps to compile it:
[./configure]
begin--------------------------------------------------------------
(+) [make kernel] --> reference ppp-2.3.8
it isen't necessary following lines below described in HOWTOFAQ...
end----------------------------------------------------------------
(-) [cd linux]
(-) [./kinstall.sh]
(-) [cd ..]
begin-----(if kernel < 2.2.8)---------
Build the kernel when < Kernel 2.2.8
[cd /usr/src/linux/]
[make menuconfig .....if necessary ...]
[make dep]
[make clean]
[make bzImage]
end---------------------------------
[make]
[cp pppd/pppd /usr/sbin/]
begin------------------------------
(+) [make install] --> reference ppp-2.3.8
end------------------------------
[cd /usr/src/linux]
[make modules SUBDIRS=drivers/net]
[make modules_install]
begin------------------------------
(+) [cd /lib/modules/2.2.5-15/net/]
(+) [insmod slhc]
(+) [insmod ppp]
(+) [insmod bsd_comp]
(+) [insmod ppp_deflate]
(+) [insmod ppp_mppe]
end------------------------------
// it isen't work
(-) [rmmod ppp]
(-) [insmod ppp]
(-) [insmod ppp_mppe]
Regards,
Emir Toktar
+55 ** 41 340-7157
emir.toktar at bra.xerox.com
toktar at per.com.br
toktar at ppgia.pucpr.br
-----Original Message-----
From: Geoff Nordli [mailto:geoff at gnaa.net]
Sent: Sunday, October 17, 1999 10:32 PM
To: carey at itfreedom.com
Cc: Pptp-Server List (E-mail)
Subject: [pptp-server] compiling with RC4, and openssl (easy fix for a
guru)
Yes. I think so. I tried all kinds of different things.
I tried doing a re-install of the ppp/pptpd, and now I can't
even get the damn thing compiled.
I am working with the openssl package, and follwed the
instructions that were on the list, but to no avail.
Supposedly you are supposed to:
1. copy rc4.h, rc4_enc.c rc4_locl.h, rc4_skey.c to both
.../ppp-2.3.8/linux/
and
/usr/src/linux/drivers/net/
2. edit both "ppp_mppe.c" files and add the following line at the end
of the set of #include lines at the top of the file...
#include "rc4_skey.c"
which i did, but I can't get past the
'make modules' command in the /usr/src/linux
I attached the error log from my compile. It seems that it can't
find the openssl/rc4.h file. Is there a path section I should
be aware of?
thanks,
geoff
> -----Original Message-----
> From: Carey Jung [mailto:carey at itfreedom.com]
> Sent: Sunday, October 17, 1999 5:08 PM
> To: geoff at gnaa.net
> Subject: RE: [pptp-server] unable to ping hosts on network
>
>
> Looks like you have to call them. It's not generally available.
>
> Have you tried connecting with encryption turned off?
>
> > -----Original Message-----
> > From: Geoff Nordli [mailto:geoff at gnaa.net]
> > Sent: Sunday, October 17, 1999 6:25 PM
> > To: carey at itfreedom.com; 'Pptp-Server List (E-mail)'
> > Subject: RE: [pptp-server] unable to ping hosts on network
> >
> >
> > Does anyone happen to have a link for the fix.
> >
> > I can't find it on the MS ftp server.
> >
> > > -----Original Message-----
> > > From: Carey Jung [mailto:carey at itfreedom.com]
> > > Sent: Sunday, October 17, 1999 4:06 PM
> > > To: geoff at gnaa.net; Pptp-Server List (E-mail)
> > > Subject: RE: [pptp-server] unable to ping hosts on network
> > >
> > >
> > > This sounds somewhat like a known bug in NT SP5. Check
> out Microsoft
> > > knowledge base article Q236584. Here's an excerpt.
> Sound like your
> > > problem?
> > >
> > > SYMPTOMS
> > > After you upgrade to Windows NT 4.0 Service Pack 5 (SP5),
> Windows NT
> > > 4.0-based 128-bit Remote Access Services (RAS) clients can
> > > successfully dial
> > > in to a RAS server, but cannot access the server's network
> > > adapter or any
> > > other device on the network. The issue occurs when you are
> > > using the Require
> > > Data Encryption option with the Require Microsoft Encrypted
> > > Authentication
> > > setting. The client is unable to ping any TCP/IP interface on
> > > the remote
> > > network, including the Microsoft Virtual Private
> Networking Adapter
> > > (NDISWAN) IP address that the server assigned to the client.
> > > This behavior
> > > does not occur with 40-bit RAS clients or Microsoft Windows
> > > 95/Microsoft
> > > Windows 98 clients.
> > >
> > > Routing and Remote Access Services (RRAS) Dial-on-Demand
> > > (DOD) connections
> > > that use direct dial (Point-to-Point Protocol, or PPP), not
> > > Point-to-Point
> > > Tunneling Protocol (PPTP), are also affected when you are
> > > using 128-bit
> > > updates with the Require Data Encryption option with the
> > > Require Microsoft
> > > Encrypted Authentication setting
> > >
> > > RESOLUTION
> > > A supported fix that corrects this problem is now available
> > > from Microsoft,
> > > but it has not been fully regression tested and should be
> > > applied only to
> > > systems experiencing this specific problem. If you are not
> > > severely affected
> > > by this specific problem, Microsoft recommends that you wait
> > > for the next
> > > Windows NT 4.0 service pack that contains this fix.
> > >
> > > To resolve this problem immediately, contact Microsoft
> Product Support
> > > Services to obtain the fix. For a complete list of Microsoft
> > > Product Support
> > > Services phone numbers and information on support costs,
> > > please go to the
> > > following address on the World Wide Web:
> > >
> > >
> > http://www.microsoft.com/support/supportnet/overview/overview.asp
> >
> >
> >
> > > -----Original Message-----
> > > From: pptp-server-admin at lists.schulte.org
> > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of
> Geoff Nordli
> > > Sent: Sunday, October 17, 1999 2:59 PM
> > > To: Pptp-Server List (E-mail)
> > > Subject: [pptp-server] unable to ping hosts on network
> > >
> > >
> > > I have attached my pptplog describing a session.
> > >
> > > I am unable to ping into the network.
> > >
> > > Any ideas why this might happen?
> > >
> > > The proxy arp is eth0, which is the internal
> > > network (172.16.0.0), which I assume is correct,
> > > since I think it is responsible for replying
> > > ARP requests on local network.
> > >
> > > I actually had it working temporarily last night,
> > > but then it broke.
> > >
> > > thanks,
> > >
> > > BTW I am also unable to get the encryption set up
> > > with the NT 4 SP5 client. It says, "the local
> > > computer does not support encryption".
> > >
> > > Any ideas with that?
> > >
> > > Geoff Nordli
> >
> >
>
More information about the pptp-server
mailing list