[pptp-server] compiling ppp-2.3.10-openssl-norc-mppe.patch
Richard E Blauvelt
richard at blauvelt.com
Fri Aug 11 01:15:08 CDT 2000
I had to do a couple of additional things. My install used these
components:
Red Hat 6.2, 2.2.16-3 kernel
ppp-2.3.11
pptpd-1.0.0
SSLeay-0.9.0b
ppp-2.3.10-openssl-norc4-mppe.patch
Here are the extra things I did to get the server to work when
using a Windows 98se client with microsoft strong encryption:
When doing the [patch -p1 < ../ppp-2.3.10-openssl-norc4-mppe.patch]
onto the ppp-2.3.11, everything patched OK except for the pppd/lcp.c
file, which I had to do by hand. Basically, I replaced "Old Stuff" with
"New Stuff", as shown below (I don't yet know how to create patch files,
so go easy on me):
====== Begin "Old Stuff" ======================================================
/*
* We were asking for CHAP/MD5; they must want a different
* algorithm. If they can't do MD5, we can ask for M$-CHAP
* if we support it, otherwise we'll have to stop
* asking for CHAP.
*/
if (cichar != go->chap_mdtype) {
#ifdef CHAPMS
if (cichar == CHAP_MICROSOFT)
go->chap_mdtype = CHAP_MICROSOFT;
else
#endif /* CHAPMS */
try.neg_chap = 0;
}
} else {
====== End "Old Stuff" ======================================================
====== Begin "New Stuff" ======================================================
/*
* We were asking for CHAP/MD5; they must want a different
* algorithm. If they can't do MD5, we can ask for M$-CHAP
* if we support it, otherwise we'll have to stop
* asking for CHAP.
*
* (failed ppp-2.3.10-openssl-norc4-mppe.patch manually
* applied here by R Blauvelt 2000 08 10
*/
if (go->chap_mdtype == CHAP_MICROSOFT_V2)
{
try.use_chapms_v2 = 0;
if(try.use_chapms)
try.chap_mdtype = CHAP_MICROSOFT;
else if(try.use_digest)
try.chap_mdtype = CHAP_DIGEST_MD5;
else
try.neg_chap = 0;
}
else if(go->chap_mdtype == CHAP_MICROSOFT)
{
try.use_chapms = 0;
if(try.use_digest)
try.chap_mdtype = CHAP_DIGEST_MD5;
else
try.neg_chap = 0;
}
else if(go->chap_mdtype == CHAP_DIGEST_MD5)
{
try.use_digest = 0;
try.neg_chap = 0;
}
else
try.neg_chap = 0;
if ((cichar != CHAP_MICROSOFT_V2) &&
(cichar != CHAP_MICROSOFT) &&
(cichar != CHAP_DIGEST_MD5))
try.neg_chap = 0;
} else {
====== End "New Stuff" ======================================================
Immediately after this, there is an instruction to "Comment out or delete
the reference to rc4_skey.c in [...]/ppp_mppe.c"
This DID NOT work for me, and produced an "unresolved symbol RC4_set_key",
error message when I later tried to [insmod ppp_mppe], which prevented
the ppp_mppe module from loading, which then did not allow the microsoft
encryption to work from windows 98se (failed with an error 742 when trying
to connect through VPN).
When I put the rc4_skey.c reference back into ppp_mppe.c and re-did the steps
from there, then everything worked well.
As per Tom Eastep's suggestion from 01 August 2000, I also had to
do the following for the [make modules SUBDIRS=drivers/net] to not
complain that PPP_MAGIC and PPP_VERSION were undeclared:
>Edit /usr/src/linux/include/linux/if_ppp.h and add the following:
>
>#define PPP_MAGIC 0x5002
>#define PPP_VERSION "2.3.11"
>
>The second of course depends on your ppp version...
One final note: The "5.0 Windows Client Setup" indicates in step 12 to
check "require encrypted password". To ensure that encryption is used,
however, I believe that the client should also check "require data
encryption".
Thanks to all the previous posters, I was able to piece this together.
As a [former] lurker, I hope that this can help some of the other lurkers
who are subscribed to the list.
Thanks,
Richard Blauvelt
richard at blauvelt.com
At 01:29 PM 8/4/00, Daniell Freed wrote:
>I followed you HOW-TO, and I found an error that you may want to correct
>
>In the section of the document where you say to download SSLeay-0.6.6b you should say to download SSLea-0.9.0b since that is what your later instructions tell you to use (and 0.6.6b doesn't contain a couple of files you say we need to copy to the kernel directory).
>
>Also, you do not need to add the NULL parameter in ppp.c for kill_fasync. If you do, it won't compile (too many parameters), it works fine without this added.
>
>That was it. Thanks for the updated HOW-TO. I never had been able to get ppp-2-3.10 working with pptp and MSCHAP before this.
>
>If you get time, you should add a section on setting up and running the pptp linux client. I'm sure there are those that would greatly appreciate it.
>
>
>
>tfasko at cyberacc.com wrote:
>--
>Daniell Freed
>Computer Services
>Dewitt, Ross, & Stevens S.C.
>
>He who fights with monsters might take care
>lest he thereby become a monster.
>And if you gaze for long into an abyss,
>the abyss gazes also into you.
>
>Beyond Good and Evil
>Friedrich Wilhelm Nietzche
>
More information about the pptp-server
mailing list