[pptp-server] LCP terminated by peer w/ encryption enabled (MPPE patches applied to pppd)

Sat Jan 20 13:49:59 CST 2001

I have obtained and installed the pptpd-1.0.1-1 rpm and have tried both
ppp-2.3.10 and ppp-2.3.11 (patched with the MPPE patches) on a freshly
installed Red Hat 6.2 box.  When I connect from win2000 and win98 clients
WITHOUT encryption, everything works fine.  When I specify ONLY mppe-128 in
options.pptp, I get (on win2000) "Error 742: The remote computer does not
support the required data encryption type".  This makes sense to me, so I
try mppe-40.  When I specify ONLY mppe-40 in options.pptp, I get (on
win2000) "Error 619: The specified port is not connected".  So it looks like
the pppd patch has worked to some extent (with mppe-128 win2000 says
"encryption not supported" and with mppe-40 win2000 says "port is not
connected").  As recommended by the pppd man page, I decided to put all mppe
specifiers in my options.pptp, and I still get "port not connected" with a
corresponding "LCP terminated by peer" in syslog.

My /etc/pptpd.conf looks like this:

option /etc/ppp/options.pptp
debug
localip 10.1.0.103
remoteip 10.3.0.29
pidfile /var/run/pptpd.pid

My /etc/ppp/options.pptpd looks like this:

lock
debug
auth
proxyarp
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless

I started up pptpd and attempt to connect from both win2000 and win98
clients and I get the same output in syslog:

Jan 20 11:18:17 localhost pptpd[8113]: MGR: No free connection slots or
IPs - no more clients can connect!
Jan 20 11:18:17 localhost pptpd[8358]: CTRL: Client 10.1.0.153 control
connection started
Jan 20 11:18:19 localhost pptpd[8358]: CTRL: Starting call (launching pppd,
opening GRE)
Jan 20 11:18:19 localhost modprobe: modprobe: Can't locate module
char-major-108
Jan 20 11:18:19 localhost pppd[8359]: pppd 2.3.10 started by root, uid 0
Jan 20 11:18:19 localhost pppd[8359]: Using interface ppp0
Jan 20 11:18:19 localhost pppd[8359]: Connect: ppp0 <--> /dev/pts/2
Jan 20 11:18:19 localhost pptpd[8358]: GRE: Discarding duplicate packet
Jan 20 11:18:21 localhost pptpd[8358]: CTRL: Ignored a SET LINK INFO packet
with real ACCMs!
Jan 20 11:18:21 localhost pppd[8359]: MSCHAP-v2 peer authentication
succeeded for jburford
Jan 20 11:18:21 localhost modprobe: modprobe: Can't locate module
ppp-compress-18
Jan 20 11:18:21 localhost pppd[8359]: Cannot determine ethernet address for
proxy ARP
Jan 20 11:18:21 localhost pppd[8359]: local  IP address 10.1.0.103
Jan 20 11:18:21 localhost pppd[8359]: remote IP address 10.3.0.29
Jan 20 11:18:27 localhost pptpd[8358]: CTRL: Ignored a SET LINK INFO packet
with real ACCMs!
Jan 20 11:18:27 localhost pppd[8359]: LCP terminated by peer
(^@M-^[rx^@<M-Mt^@^@^BM-f)
Jan 20 11:18:30 localhost pppd[8359]: Connection terminated.
Jan 20 11:18:30 localhost pppd[8359]: Connect time 0.2 minutes.
Jan 20 11:18:30 localhost pppd[8359]: Sent 574 bytes, received 2872 bytes.
Jan 20 11:18:30 localhost pppd[8359]: Exit.
Jan 20 11:18:30 localhost pptpd[8358]: GRE:
read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error =
Input/output error
Jan 20 11:18:30 localhost pptpd[8358]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
Jan 20 11:18:30 localhost pptpd[8358]: CTRL: Client 10.1.0.153 control
connection finished

Having read through the RedHat and generic FAQ, I am a little confused.  It
does not seem to me that there is a ppp_mppe module anymore since the mppe
patches for pppd appear to obsolete the module.  Is this indeed true?  Are
the m$oft boxes sending an LCP termination because of the modprobe errors
(char-major and compress-18)?  I am able to turn off compression on win2000
and it does not make a difference.  I always get these modprobe errors when
establishing regular dial-up ppp connections, so something tells me it is
not module-related.  However, whatever I try, I am unable to get any windows
box to connect when encryption is enabled.  I was also unable to search the
mail archive, so I am not sure if the search is broken (any search I do does
not match any records - including "PPTP" and "PoPToP").  Any insight someone
might have would be much appreciated - I would hate to use an m$oft box for
our PPTP sever.

Thanks in advance,

Jon