[pptp-server] Trouble with MPPE patches vs 3com PathBuilder

Grant Taylor gtaylor+pptpsrv_bjbde102799 at picante.com
Wed Oct 27 18:53:06 CDT 1999 

I've been trying for some time to get my Linux machine on speaking
terms with the PPTP VPN server at work (a 3Com pathbuilder 500).  I
can connect successfully without encryption, but with mppe, I get
a connection with no packets getting anywhere.

The Pathbuilder is running EOS 11.3.0.13, and is known to work against
a Microsoft-provided 128-bit client of uncertain version and DUN 1.3.

My linux box runs:

 - kernel 2.0.38
 - pptp-linux-1.0.2 plus a few fixes to make it speak to the 3com code
 - pppd 2.3.8 with Tim Hocken's patch, or 
 - pppd 2.3.10 with the newer openssl-based patch

I get pretty much the same results with either ppp version.

I see one of several things:

 - I get connected, everyone's happy running some flavour or other of
   mppe, and I see occasional bridged (ppp protocl 0x31) broadcast
   frames containing DHCP packets in ethernet encapsulation logged by
   ppp as "unknown protocol 0x31".  I can't ping or telnet over the
   link.  I'm guessing that the pathbuilder's "DHCP helper" code is
   creating the funky bridged dhcp frames from dhcp traffic on its
   segment?

 - I get connected, and ppp logs various unknown protocol packets, all
   of which contain "gibberish".  Presuemably these are encrypted
   differently than expected?  In any case nothing work here either.

 - I get connected, run no encryption whatsoever, and everything works
   dandy.

The different connection types come about when I put different
combinations of mppe-stateless, mppe-128, and/or mppe-40 in my pppd
peer options file.  The almost-working type, with funky bridged
packets appearing, seems to match when the mppe is non-stateless.  The
gibberish case is with stateless mode; perhaps the 3com box doesn't do
that?

I've placed a log which includes several connections covering the two
unsuccessful types at http://www.picante.com/~gtaylor/foo.txt

3com runs a demonstration pathbuilder that anyone can connect to; if
you have a bright idea and want to test it more directly, it's at
129.213.129.219 username "user1" password "password".  It's on private
network 10.0.0.0/24, and gives you an IP on 10.0.1.0/24.

-- 
Grant Taylor - gtaylor at picante.com - http://www.picante.com/~gtaylor/
 Cellphone information: http://www.picante.com/~gtaylor/cell/
 Libretto information:  http://www.picante.com/~gtaylor/portable/

More information about the pptp-server mailing list