[pptp-server] encryption - doesn't work under linux?? but under w2k - please read

David Moylan djm at wiz.net.au
Thu Dec 28 19:16:49 CST 2000 

greetings,

i recently took a bench-tested linux to linux pptp & pptpd into the real
world and started
discovering a few problems. after pulling traffic over the link, it went
dead and i had
to restart it. i believe that the "discarding out-of-order" patches _may_
assist in this,
but i noticed a couple of very interesting things.

please read this entire message to understand the scenario. thanks.

first a layout picture - this is a WAN/VPN with linux servers at each
location.

[ head office Windows NT 4 server ]
          | (192.168.100.11)
          |
          | (192.168.100.10)
[ head office - linux server running pptpd (currently 1.0.0) ]
          | (144.132.xxx.xxx live, 192.168.250.1-99 pppd)
          |
          | [ internet ]
          |
          | (144.132.xxx.xxx live, 192.168.201.10 pppd)
[ remote location - linux server running pptp]
          | (192.168.101.10)
          |
          | (192.168.101.130)
[ local LAN client ]

i have multiple remote locations with site addresses 192.168.101.x, 102.x,
etc.

i fixed the problem (temporarily) by disabling encryption at the clients
ends. everything
works like a charm under load with no problems experienced.

now this was the bit that intrigued me: i went home and used a windows 2000
pc to
call into the VPN. like a charm it worked - at 128bit encryption. no
problems. held the
line open and pulled traffic.

linux pptp client - encryption fails under load, w2k pptp client - works
fine.

i wanted to know if this problem had been addressed. i managed to find posts
in
november with people experiencing the same problem, and also found this
posted
by philip van baren on september 27th:

---8< cut ---
Note that if in addition to your packet order problems you are getting
dropped packets and you have encryption enabled, you will still probably see
the message:
  Sep 27 00:03:15 gateway pppd[10544]: rcvd [Compressed data] 10 32 ae 68 c0
8e e1 92 ...
in your log file after a packet gets dropped, after which the link seems to
lock up.  The only way I have been able to solve this problem so far is to
disable encryption because pppd doesn't seem to recover from lost packets
when encryption is enabled.

Has anyone found a way to get pppd to recover nicely from lost packets when
using encryption?

(I am using this with pptpd-1.1.1 and pppd-2.3.11 and kernel 2.2.17)
---8< cut ---

is this still an issue?? does this mean that i can't use PoPToP with
encryption
because if i ever get lost/dropped packets, pppd will not recover? perhaps
this
question has been answered, but i haven't found it on the list.

the w2k box connected in works great - no issues at all & reports running
encrypted.

all wan/vpn routing works fine. i can access any machine from any machine
on the wan/vpn. logging into the NT server and accessing internet/mail, etc
all works fine. (i do have some specific browsing issues, but i'll exclude
them
from this post because they're not relevant to this discussion).

head office pptpd server is running pptpd-1.0.0, pppd-2.3.11 and
kernel 2.2.17.

i'm now building up a pppd-2.3.11 with kernel 2.2.18 client with all the
appropriate patches to see if this fixes the problem. i'll probably have to
upgrade the pptpd at head office as well.

feedback appreciated, please.

cheers, David.

More information about the pptp-server mailing list