[pptp-server] PPTP Implementation Issues

Seosamh D. Ó Riordáin soriordain at asitatech.com
Wed Mar 15 06:39:45 CST 2000 

Hi PoPToP developers,

I have been looking at the implementation of PPTP for a while
now and have successfully got a VPN up and running using it.
First of all, I do my testing on a LAN, but have used dialup also.
I have a few questions/problems below relating to the
implementation and would appreciate your views on them. TIA.

Software used: PPTP 1.0, PPP2.3.10 and respective MPPE
patches.

1) Data sent in the clear!
----------------------------------
This is a problem that I came across when I found the following
kernel messages on my PoPToP server:
"Not enough space to encrypt packet: 1504<1504+4!"

I found 2 messages before on the list querying this message
but I dont think they got a response.

My test rig setup is on an Ethernet LAN as follows:
Priv LAN-------PoPToP -------LAN----- NT (6a) Client
or
Priv LAN-------PoPToP -------LAN----- Linux Client (pptp-linux-1.2)

On further analysis I made the following observations:
a) Large messages sent from Linux Client to Priv Lan do work -
however data is sent in the clear! I've attached a mail that shows
how I verified this.
Anyway from browsing the PPP code, it can be clearly seen in the
function ppp_send_frame (ppp.c) that if the mppe compression
fails the unencrypted data packet is sent!

b) With the same PoPToP server configuration, large pings to/from the
NT machine do not work, eg using the comand 'ping -l 1500 10.0.1.1',
i.e NT drops them - properly handled.

A Solution:
I've attached a file with the modifications I made to ppp.c to
fix this problem. This is tested on the LAN only, maybe this will bring
up problems for other configurations,  if any other testers could try
it out that would be great. Anyway with these mods large pings do
work, the NT client gets the properly encrypted packets and replies
to them, and the linux client does encrypt the packets properly.

2) HDLC framing
------------------------
The HDLC framing carried out in pptpgre.c is an expensive
operation but necessary to interoperate with PPP tty driver.
Has anyone looked at implementing some from of GRE
tunnelling where by a 'GRE driver' can pass the data
to the PPP driver without having to come back up the stack
to the PPTP ctrl manager process?


Now, this mail is getting too long.
All comments welcome.

Regards,
Seosamh.
---------------
Seosamh D. Ó Riordáin,            [soriordain at asitatech.com]

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: MPPE_Verify.txt
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/d2c962e8/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ppp-mtu-patch.txt
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/d2c962e8/attachment-0001.txt>

More information about the pptp-server mailing list