[pptp-server] Strange problem ...

Jim Roland jroland at roland.net
Thu Oct 18 14:49:01 CDT 2001 

That is correct.  There is also a problem of no packets running at all if
"mppe-40" is enabled in /etc/ppp/options, in all cases.  Symptoms occur as
soon as MPPE mode is initialized (after IP assignment and authentication).
The instant the "MPPE Loaded" message occurs in the /var/log/messages
logfile, packets stop running (with and without mppe-stateless and with and
without mppe-128).  Reproducing the problem and workarounds are noted below.

Here is what's loaded on the box:
Server-
RedHat 7.1 distro, custom compiled kernel (compiled to add iptables &
connection tracking capabilities, and mppe module)
Kernel 2.4.2-2
pptpd (PoPToP v1.1.2)
ppp-2.4.0 (have tried ppp-2.4.1 same result), compiled from source code
after the following patches installed:
    linux-2.4.0-openssl-0.9.6-mppe.patch.gz
    ppp-2.4.0-openssl-0.9.6-mppe.patch.gz
** The box is being used as a firewall & squid proxy.  It works w/o MPPE
(read below).
-----
Client-
Windows 2000, with no SP, and with SP1 and with SP2

-----
This is the way I reproduce the problem:
1) Multiple users: A user connects in with MPPE, the ppp_mppe module
auto-loads.  No problems thus far.
    a) While the first user stays connected, a 2nd user connects.  The
moment "MPPE loaded" shows in the messages log, packets stop moving through
the tunnel.  First user can still access the tunnel (I think).
2) Single user:  A user connects in with MPPE, the ppp_mppe module
auto-loads.  No problems accessing the tunnel.
    a) Single user disconnects, waits a few minutes and reconnects (mppe
module not unloaded yet).
    b) Single user unable to access tunnel as soon as "MPPE loaded" shows up
in the messages log.

-----
Workarounds (either 1 or 2):
1) No MPPE usage at all (tunnel works fine for multiple users):
    a) End users turn encryption requirement off
    b) mppe-* options are disabled in the /etc/ppp/options log
    c) ppp_mppe module not loaded
2) Single user, MPPE usage:
    a) Manually unloading ppp_mppe at shell prompt via rmmod
    or
    b) Unloading ppp_mppe when pppd terminates (via ipdown.local with an
rmmod command inside the script)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Roland, RHCE (RedHat Certified Engineer)
Owner, Roland Internet Services
     "The four surefire rules for success:  Show up, Pay attention, Ask
questions, Don't quit."
        --Rob Gilbert, PH.D.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----- Original Message -----
From: "Jordan Share" <iso9 at phantasticant.com>
To: "Jim Roland" <jroland at roland.net>; "Marek Butas" <MarekButas at seznam.cz>;
"PPTP List" <pptp-server at lists.schulte.org>
Sent: Thursday, October 18, 2001 1:35 PM
Subject: RE: [pptp-server] Strange problem ...


> Wait, are you saying that two people cannot be connected at once to a
linux PPTP server with MPPE ?
>
> Jordan
>
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jim Roland
> Sent: Wednesday, October 17, 2001 11:02 PM
> To: Marek Butas; PPTP List
> Subject: Re: [pptp-server] Strange problem ...
>
>
> If you're using MPPE, it has a bug in it that prevents a secondary
(single)
> connection, or multiple simultaneous connections.
>
>

More information about the pptp-server mailing list