[pptp-server] Strange problem ...

Jordan Share iso9 at phantasticant.com
Thu Oct 18 18:01:06 CDT 2001 

This boggles my mind.  I can't believe this is the first time I've even heard of it.  I've already rolled this out on our LAN (thought it would save us from buying a win2k server box).  I wasn't fully able to reproduce the behaviour you describe, but there was definite weirdness when I tried connecting two boxes.  They would alternately drop off the network (it's a little hard to tell what's going on, since I only have a flat LAN to play with here at work, and all the machines are on the same network.

Still, I was able to connect 2 at the same time, albeit with intermittant failures (I had a continuous ping running on each machine the whole time).

As I understood your message, you were saying that the second client would not be able to send/recieve data when it connected?  I was able to successfully connect the second client, and ping its (new) address from another machine.  Does this jibe with your experience?

Jordan


-----Original Message-----
From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jim Roland
Sent: Thursday, October 18, 2001 12:49 PM
To: Jordan Share; Marek Butas; PPTP List
Subject: Re: [pptp-server] Strange problem ...


That is correct.  There is also a problem of no packets running at all if
"mppe-40" is enabled in /etc/ppp/options, in all cases.  Symptoms occur as
soon as MPPE mode is initialized (after IP assignment and authentication).
The instant the "MPPE Loaded" message occurs in the /var/log/messages
logfile, packets stop running (with and without mppe-stateless and with and
without mppe-128).  Reproducing the problem and workarounds are noted below.

Here is what's loaded on the box:
Server-
RedHat 7.1 distro, custom compiled kernel (compiled to add iptables &
connection tracking capabilities, and mppe module)
Kernel 2.4.2-2
pptpd (PoPToP v1.1.2)
ppp-2.4.0 (have tried ppp-2.4.1 same result), compiled from source code
after the following patches installed:
    linux-2.4.0-openssl-0.9.6-mppe.patch.gz
    ppp-2.4.0-openssl-0.9.6-mppe.patch.gz
** The box is being used as a firewall & squid proxy.  It works w/o MPPE
(read below).
-----
Client-
Windows 2000, with no SP, and with SP1 and with SP2

-----
This is the way I reproduce the problem:
1) Multiple users: A user connects in with MPPE, the ppp_mppe module
auto-loads.  No problems thus far.
    a) While the first user stays connected, a 2nd user connects.  The
moment "MPPE loaded" shows in the messages log, packets stop moving through
the tunnel.  First user can still access the tunnel (I think).
2) Single user:  A user connects in with MPPE, the ppp_mppe module
auto-loads.  No problems accessing the tunnel.
    a) Single user disconnects, waits a few minutes and reconnects (mppe
module not unloaded yet).
    b) Single user unable to access tunnel as soon as "MPPE loaded" shows up
in the messages log.

-----
Workarounds (either 1 or 2):
1) No MPPE usage at all (tunnel works fine for multiple users):
    a) End users turn encryption requirement off
    b) mppe-* options are disabled in the /etc/ppp/options log
    c) ppp_mppe module not loaded
2) Single user, MPPE usage:
    a) Manually unloading ppp_mppe at shell prompt via rmmod
    or
    b) Unloading ppp_mppe when pppd terminates (via ipdown.local with an
rmmod command inside the script)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jim Roland, RHCE (RedHat Certified Engineer)
Owner, Roland Internet Services
     "The four surefire rules for success:  Show up, Pay attention, Ask
questions, Don't quit."
        --Rob Gilbert, PH.D.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----- Original Message -----
From: "Jordan Share" <iso9 at phantasticant.com>
To: "Jim Roland" <jroland at roland.net>; "Marek Butas" <MarekButas at seznam.cz>;
"PPTP List" <pptp-server at lists.schulte.org>
Sent: Thursday, October 18, 2001 1:35 PM
Subject: RE: [pptp-server] Strange problem ...


> Wait, are you saying that two people cannot be connected at once to a
linux PPTP server with MPPE ?
>
> Jordan
>
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jim Roland
> Sent: Wednesday, October 17, 2001 11:02 PM
> To: Marek Butas; PPTP List
> Subject: Re: [pptp-server] Strange problem ...
>
>
> If you're using MPPE, it has a bug in it that prevents a secondary
(single)
> connection, or multiple simultaneous connections.
>
>

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --

More information about the pptp-server mailing list