[pptp-server] Forcing NT client to use MPPE encryption

Jarlath Burke jburke at asitatech.ie
Mon May 29 12:02:14 CDT 2000 

I patched ppp-2.3.11 with the require-mppe patch from www.smop.de to force
clients to use MPPE encryption.
This works fine with Windows 95 clients as I cannot connect to the PoPToP
server unless I have the "Require data encryption" tab set on the Win95
client options ( I also added require-mppe-stateless to my /etc/ppp/options
file).

I can verify that the data is encrypted over the VPN by using a packet
sniffer ( tcpdump) and ping.
Also, the /var/log/messages file ont the PoPToP server reports messages
like:

    pppd[1156]: local IP address 10.0.1.1
    pppd[1156]: remote IP address 10.01.4
    pppd[1156]: MPPE 40 bit, stateless compression enabled
    pppd[1156]: stateless MPPE enforced


However, I cannot force a Windows NT client to use MPPE encryption.
The Security options under the 'edit entry and modem properties' of the NT
client give 3 choices:

    o Accept any authentication including cleartext
    o Accept only encrypted authentication
    o Accept only Microsoft encrypted authentication
                    [] Require data encryption
                    [] Use current username and password


Only when the "Accept only Microsoft encrypted authentication" and the
"Require data encryption" tabs are chosen does any encryption occur.
The PoPToP server reports in /var/log/messages that stateless MPPE has been
enforced.
I verified that this is the case using  tcpdump and ping again.

My /etc/ppp/options file on the PoPToP server contains the following:

lock
name zooropa
debug
auth
nodeflate
require-chap
-pap
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
proxyarp
mtu 1500
mru 1500
require-mppe-stateless
chapms-strip-domain

Did anyone else experience the same problems? I haven't checked if the
problem occurs with Win 98 clients but I'm going to look into it.
In the meantime, any suggestions / solutions to this problem would be
greatly appreciated.

Regards,
Jarlath.




Jarlath Burke
Asita Technologies Intl. Ltd.
Unit 2, Ballybrit Business Park
Galway.
Ireland.
Ph: +353 91 758353
Mob: 086 8577392
Email: jburke at asitatech.ie
Web:  http://www.asitatech.com
¤---------------------------------------------------------------------------
¤
R2Go
the world's first commercial high speed router switch
based on proven, standard PC components and cards
... the dawn of true O p e n  I P N e t w o r k i n g ....
¤---------------------------------------------------------------------------
¤

More information about the pptp-server mailing list