[pptp-server] Trouble with MPPE patches vs 3com PathBuilder
Grant Taylor
gtaylor+pptpsrv_bjbde102799 at picante.com
Wed Oct 27 18:53:06 CDT 1999
I've been trying for some time to get my Linux machine on speaking
terms with the PPTP VPN server at work (a 3Com pathbuilder 500). I
can connect successfully without encryption, but with mppe, I get
a connection with no packets getting anywhere.
The Pathbuilder is running EOS 11.3.0.13, and is known to work against
a Microsoft-provided 128-bit client of uncertain version and DUN 1.3.
My linux box runs:
- kernel 2.0.38
- pptp-linux-1.0.2 plus a few fixes to make it speak to the 3com code
- pppd 2.3.8 with Tim Hocken's patch, or
- pppd 2.3.10 with the newer openssl-based patch
I get pretty much the same results with either ppp version.
I see one of several things:
- I get connected, everyone's happy running some flavour or other of
mppe, and I see occasional bridged (ppp protocl 0x31) broadcast
frames containing DHCP packets in ethernet encapsulation logged by
ppp as "unknown protocol 0x31". I can't ping or telnet over the
link. I'm guessing that the pathbuilder's "DHCP helper" code is
creating the funky bridged dhcp frames from dhcp traffic on its
segment?
- I get connected, and ppp logs various unknown protocol packets, all
of which contain "gibberish". Presuemably these are encrypted
differently than expected? In any case nothing work here either.
- I get connected, run no encryption whatsoever, and everything works
dandy.
The different connection types come about when I put different
combinations of mppe-stateless, mppe-128, and/or mppe-40 in my pppd
peer options file. The almost-working type, with funky bridged
packets appearing, seems to match when the mppe is non-stateless. The
gibberish case is with stateless mode; perhaps the 3com box doesn't do
that?
I've placed a log which includes several connections covering the two
unsuccessful types at http://www.picante.com/~gtaylor/foo.txt
3com runs a demonstration pathbuilder that anyone can connect to; if
you have a bright idea and want to test it more directly, it's at
129.213.129.219 username "user1" password "password". It's on private
network 10.0.0.0/24, and gives you an IP on 10.0.1.0/24.
--
Grant Taylor - gtaylor at picante.com - http://www.picante.com/~gtaylor/
Cellphone information: http://www.picante.com/~gtaylor/cell/
Libretto information: http://www.picante.com/~gtaylor/portable/
More information about the pptp-server
mailing list