[pptp-server] compiling ppp-2.3.10-openssl-norc-mppe.patch

Richard E Blauvelt richard at blauvelt.com
Fri Aug 11 01:15:08 CDT 2000 

I had to do a couple of additional things. My install used these
components:

     Red Hat 6.2, 2.2.16-3 kernel
     ppp-2.3.11
     pptpd-1.0.0
     SSLeay-0.9.0b
     ppp-2.3.10-openssl-norc4-mppe.patch

Here are the extra things I did to get the server to work when
using a Windows 98se client with microsoft strong encryption:

When doing the [patch -p1 < ../ppp-2.3.10-openssl-norc4-mppe.patch]
onto the ppp-2.3.11, everything patched OK except for the pppd/lcp.c
file, which I had to do by hand. Basically, I replaced "Old Stuff" with
"New Stuff", as shown below (I don't yet know how to create patch files,
so go easy on me):

====== Begin "Old Stuff" ======================================================
                /*
                 * We were asking for CHAP/MD5; they must want a different
                 * algorithm.  If they can't do MD5, we can ask for M$-CHAP
                 * if we support it, otherwise we'll have to stop
                 * asking for CHAP.
                 */
                if (cichar != go->chap_mdtype) {
#ifdef CHAPMS
                    if (cichar == CHAP_MICROSOFT)
                        go->chap_mdtype = CHAP_MICROSOFT;
                    else
#endif /* CHAPMS */
                        try.neg_chap = 0;
                }
            } else {
====== End   "Old Stuff" ======================================================

====== Begin "New Stuff" ======================================================
                /*
                 * We were asking for CHAP/MD5; they must want a different
                 * algorithm.  If they can't do MD5, we can ask for M$-CHAP
                 * if we support it, otherwise we'll have to stop
                 * asking for CHAP.
                 *
                 * (failed ppp-2.3.10-openssl-norc4-mppe.patch manually
                 * applied here by R Blauvelt 2000 08 10
                 */
                if (go->chap_mdtype == CHAP_MICROSOFT_V2)
                {
                    try.use_chapms_v2 = 0;
                    if(try.use_chapms)
                        try.chap_mdtype = CHAP_MICROSOFT;
                    else if(try.use_digest)
                        try.chap_mdtype = CHAP_DIGEST_MD5;
                    else
                        try.neg_chap = 0;
                }
                else if(go->chap_mdtype == CHAP_MICROSOFT)
                {
                    try.use_chapms = 0;
                    if(try.use_digest)
                        try.chap_mdtype = CHAP_DIGEST_MD5;
                    else
                        try.neg_chap = 0;
                }
                else if(go->chap_mdtype == CHAP_DIGEST_MD5)
                {
                    try.use_digest = 0;
                    try.neg_chap = 0;
                }
                else
                    try.neg_chap = 0;
                if ((cichar != CHAP_MICROSOFT_V2) &&
                    (cichar != CHAP_MICROSOFT) &&
                    (cichar != CHAP_DIGEST_MD5))
                    try.neg_chap = 0;
            } else {
====== End   "New Stuff" ======================================================

Immediately after this, there is an instruction to "Comment out or delete
the reference to rc4_skey.c in [...]/ppp_mppe.c"
This DID NOT work for me, and produced an "unresolved symbol RC4_set_key",
error message when I later tried to [insmod ppp_mppe], which prevented 
the ppp_mppe module from loading, which then did not allow the microsoft 
encryption to work from windows 98se (failed with an error 742 when trying
to connect through VPN).

When I put the rc4_skey.c reference back into ppp_mppe.c and re-did the steps 
from there, then everything worked well.

As per Tom Eastep's suggestion from 01 August 2000, I also had to
do the following for the [make modules SUBDIRS=drivers/net] to not
complain that PPP_MAGIC and PPP_VERSION were undeclared:

>Edit /usr/src/linux/include/linux/if_ppp.h and add the following:
>
>#define PPP_MAGIC 0x5002 
>#define PPP_VERSION "2.3.11"
>
>The second of course depends on your ppp version...

One final note: The "5.0 Windows Client Setup" indicates in step 12 to
check "require encrypted password". To ensure that encryption is used,
however, I believe that the client should also check "require data
encryption".

Thanks to all the previous posters, I was able to piece this together.
As a [former] lurker, I hope that this can help some of the other lurkers
who are subscribed to the list.

Thanks,

Richard Blauvelt
richard at blauvelt.com

At 01:29 PM 8/4/00, Daniell Freed wrote:
>I followed you HOW-TO, and I found an error that you may want to correct 
>
>In the section of the document where you say to download SSLeay-0.6.6b you should say to download SSLea-0.9.0b since that is what your later instructions tell you to use (and 0.6.6b doesn't contain a couple of files you say we need to copy to the kernel directory). 
>
>Also, you do not need to add the NULL parameter in ppp.c for kill_fasync.  If you do, it won't compile (too many parameters), it works fine without this added. 
>
>That was it.  Thanks for the updated HOW-TO.  I never had been able to get ppp-2-3.10 working with pptp and MSCHAP before this. 
>
>If you get time, you should add a section on setting up and running the pptp linux client.  I'm sure there are those that would greatly appreciate it. 
>  
>  
>
>tfasko at cyberacc.com wrote: 
>-- 
>Daniell Freed
>Computer Services
>Dewitt, Ross, & Stevens S.C.
>
>He who fights with monsters might take care 
>lest he thereby become a monster. 
>And if you gaze for long into an abyss, 
>the abyss gazes also into you.
>
>Beyond Good and Evil
>Friedrich Wilhelm Nietzche
>

More information about the pptp-server mailing list