[pptp-server] Re: PPP problems over VPN (MPPE)

Bill Unruh unruh at physics.ubc.ca
Sat Sep 22 18:33:30 CDT 2001 

On Sat, 22 Sep 2001, Jim Roland wrote:

> I've posted without a single response, so I'm going to try again...
>
> I want to preface my verbage below by asking why someone doesn't just come
> out with a version of PPP with MPPE built in?!  I am having to deploy

Because Microsoft made it proprietary. Do you want Linux ( or yourself) sued by
them?

> firewalls with VPN capabilities, prefer to use Linux, and have better things
> to do with my time than waste it constantly compiling and tweaking to get
> things working right, sometimes taking over a week full time until it works.
>
> My problem:
> Client machine:  Windows 2000 connecting to server via VPN (PPTP) with
> encryption set.  Win2K in both normal crypto mode and with 128-bit
> encryption pack added.

Note that MS has an attrocious record re encryption. They like to invent thier own,
without knowing much about it.  I would not trust the encryption for much of anything.

> Server machine:  Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1)
> running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm)

 Get 2.4.1. 2.4.0 has a
 number of bugs in it.-- primarily in its inability to read any options files but
the main /etc/ppp/options.

>.  Kernel version
> 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via the
> linux-2.4.0...gz file).  PPP patched with ppp-2.4.0-mppe...gz from
> mirror.binarix.com.
>
> In short, using the mppe modules (which auto-load just fine) hose a
> connection.
>
> Encryption turned on at Client and in /etc/ppp/options (mppe-128 and
> mppe-stateless enabled):
> 1) At best I can make the client ping inside the VPN network, but no other
> operations occur.  No errors other than the occaisional GRE: Discarding out
> of order packet message.  I have another working VPN server and this occurs
> there, but all works just fine using same client.  With the broken system, I
> am unable to connect to Exchange Server, Access NT server shares, etc.
> 2) After a period of time, the connection drops by itself (as if I had
> disconnected manually).
> 3) With mppe-40 enabled, no communications (not even a ping) happen.  I am
> unable to ping the server's IP, nor can the server ping the client's IP.

Unfortunately you will not get much help in the ppp list. You have to go after the authors of
the mppe. Using a hacked version of pppd means that all bets are off since  it is
hard to know what those hacks have done to pppd.


>
> Encryption turned off at both client and in /etc/ppp/options (all mppe lines
> commented out):
> All works just fine and runs smoothly.
>
> * Authentication occurs correctly with an without 128/stateless enabled,
> MPPE modules autoload with no errors and ppp_generic shows it's being used
> by the ppp_mppe module.  Just whenever mppe module is used, limited
> communication occurs.
>
>
> In debug mode, the debug logs show only LCP echo and LCP echorep packets.
> No errors.

There is a whole host of initial negotiation messages long befor
those LCP echo packets. That is where I would look for clues. And write to the
authors of mppe patches. or perhaps the mppe list will be helpful.





-- 
William G. Unruh        Canadian Institute for          Tel: +1(604)822-3273
Physics&Astronomy          Advanced Research            Fax: +1(604)822-5324
UBC, Vancouver,BC        Program in Cosmology           unruh at physics.ubc.ca
Canada V6T 1Z1               and Gravity           www.theory.physics.ubc.ca/
For step by step instructions about setting up ppp under Linux, see
            http://www.theory.physics.ubc.ca/ppp-linux.html

More information about the pptp-server mailing list