[pptp-server] PPP problems over VPN (MPPE)

[Jim Roland]

I've posted without a single response, so I'm going to try again...

I want to preface my verbage below by asking why someone doesn't just come
out with a version of PPP with MPPE built in?!  I am having to deploy
firewalls with VPN capabilities, prefer to use Linux, and have better things
to do with my time than waste it constantly compiling and tweaking to get
things working right, sometimes taking over a week full time until it works.

My problem:
Client machine:  Windows 2000 connecting to server via VPN (PPTP) with
encryption set.  Win2K in both normal crypto mode and with 128-bit
encryption pack added.
Server machine:  Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1)
running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm).  Kernel version
2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via the
linux-2.4.0...gz file).  PPP patched with ppp-2.4.0-mppe...gz from
mirror.binarix.com.

In short, using the mppe modules (which auto-load just fine) hose a
connection.

Encryption turned on at Client and in /etc/ppp/options (mppe-128 and
mppe-stateless enabled):
1) At best I can make the client ping inside the VPN network, but no other
operations occur.  No errors other than the occaisional GRE: Discarding out
of order packet message.  I have another working VPN server and this occurs
there, but all works just fine using same client.  With the broken system, I
am unable to connect to Exchange Server, Access NT server shares, etc.
2) After a period of time, the connection drops by itself (as if I had
disconnected manually).
3) With mppe-40 enabled, no communications (not even a ping) happen.  I am
unable to ping the server's IP, nor can the server ping the client's IP.

Encryption turned off at both client and in /etc/ppp/options (all mppe lines
commented out):
All works just fine and runs smoothly.

* Authentication occurs correctly with an without 128/stateless enabled,
MPPE modules autoload with no errors and ppp_generic shows it's being used
by the ppp_mppe module.  Just whenever mppe module is used, limited
communication occurs.


In debug mode, the debug logs show only LCP echo and LCP echorep packets.
No errors.


What's wrong with this?!