[pptp-server] rcvd [Compressed data] anyone?

Mon Jun 19 15:04:44 CDT 2000

(please note the reply-to field: eharashe at mediaone.net)

One thing I think you've got wrong: 'noauth' in your options file. I
believe that lets clients connect without authentication, which will break
mppe since it uses the authentication to generate it's keys for
encryption.

The 'fix' I sent is only for a specific case. Does it work ok if you only
download from the pptp server? If so, then you may have the same problem I
had. I wrote a fix for it, but I'm not certain how good it is... It does
work for me though... (The idea was to make it work according to the RFC I
included in the original message... Stateless is simple, it just
supposed to update the counter and thus the key). The main problem is when
DECOMP_ERROR is returned it disables 'compression' actually
encryption/decryption, which is why you see the 'rcvd' lines in your log.
After that point the session is useless... A good way to check is by
trying to connect without mppe, and seeing if transfers work fine (They
did in my case).

On Sun, 18 Jun 2000, Rob Fairchild wrote:

#=- The debug messages are getting generated in the ppp_mppe code in the
#=- mppe_decompress function when (seq != state->ccount).
#=-
#=- The problem looks similar to the excellent analysis Charles Duffy did so
#=-
#=- I tried what eric at we-24-30-125-179.we.mediaone.net
#=- suggested, i.e.
#=- > If you're expieriencing lost/dropped packets, then there's another
#=- > issue... The easiest fix is to use stateless encryption and in
#=- ppp_mppe.c
#=- > (under your usr/src/linux dir) in the decrypt/decompress function make
#=- it
#=- > loop through the update_count method until the count matches and NOT
#=- > return an error (just continue)."
#=- and that got rid of the 'decomp err' but the client still hangs as
#=- before. Honestly,
#=- I dont understand how eric's suggestion could have worked anyways,
#=- because I think
#=- at that point your already FUBAR. In any case, was I supposed to do
(Actually according to the RFC I mentioned, this is ok...)

#=- the final
#=- mppe_update_count() call after we had brought (seq == state->count) ?
(I believe that extra update is not correct, but I never got in contact
with the original coder, so I don't know for certain.)

#=- noauth

Eric Harashevsky (eharashe at mediaone.net)
----------------------------------------------------------------
A man's best friend is his dogma.