[pptp-server] pptp connection with encryption and kernel 2.4. 0

Cowles, Steve Steve at SteveCowles.com
Tue Mar 27 09:11:32 CST 2001 

> -----Original Message-----
> From: werner.hofer at igs.at [mailto:werner.hofer at igs.at]
> Sent: Tuesday, March 27, 2001 6:25 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] pptp connection with encryption and 
> kernel 2.4.0
> 
> 
> Hi!
> 
> On my positiv list:
> 
> pptp 2.4.0 runs with kernel 2.4.0 suse 7.1 "kernel" patch 
> linux-2.4.0-openssl-0.9.6-mppe.patch.gz is installed
> ppp is compiled as module
> 
> pppd is patched with ppp-2.4.0-openssl-0.9.6-mppe.patch
> 
> without encryption everything runs fine.
> 
> On my negativ list:
> 
> when I turn on encryption my win2000 system connects, but i 
> can´t get a ping through to the other side.
> 
> I have read the howto on:
> http://home.swbell.net/berzerke/2.4_kernel_PPTPD-HOWTO.txt
> at 5.13 it is mentioned to compile ppp as module - but since 
> i have done this - what else can it be?
> 
> the only error message i can find in /var/log/messages is:
> cannot determine ethernet address for proxy ARP
> I turned it on with
> echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
> but still i do have this error message.
> Since without any encryption I get this message too but 
> pinging ... works.
> 
> Does anybody have a clue?
> 
> Thanks in advance
>  Werner

You really need to fix the proxyarp problem first. Without it, you will only
be able to "ping" your PPTP server, nothing past it. The proxy arp errors
can usually be fixed by assigning IP addresses in pptpd.conf (local/remote)
that are within the network address range of the PPTP servers LAN interface
(like eth0 or eth1). If thats not an option, then consider using ip aliasing
to bind the network addresses to what is specified in your pptpd.conf to
your PPTP servers LAN interface. Checkout the kernel source documentation
directory /usr/src/linux/Documentation/networking/alias.txt for info on ip
aliasing.

Also, since "ping" works without encryption, then I would think there is a
problem with your MPPE patch implementation. i.e. The encapsulated GRE
packet cannot be de-encapsulated and handed off to the TCP/IP stack to be
routed. 

Do you have module ppp_mppe.o and does /etc/modules.conf contain:
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate

Steve Cowles

More information about the pptp-server mailing list