[pptp-server] Re: PPP problems over VPN (MPPE)

Jim Roland jroland at roland.net
Sat Sep 22 22:55:37 CDT 2001


Thanks for your comments.  However (no offense and not trying to start a
flame thread), I'm looking for solutions not rhetoric.  I am a Linux bigot
just like most people on the list, but I don't have time for anti-MS
sentiment right now, I need to provide a solution as soon as possible.  For
any of us Linux/Unix bigots to continue to gain acceptance, it's better to
follow the old adage of getting more flies with honey.  Besides, that's what
Microsoft did early on, befriended Apple before stealing their code and
GUI...perhaps a lesson there.

There are numerous RFCs and other papers, some/most provided by Microsoft
for free, the explain PPTP and MPPE protocols, so Microsoft suing the author
of the MPPE code is highly unlikely.  Actually, I found a site with the
binaries already compiled and ready to go, however it's an older version of
PPP.  I need a newer version of PPP that works without these flaky problems.



----- Original Message -----
From: "Bill Unruh" <unruh at physics.ubc.ca>
To: "Jim Roland" <jroland at roland.net>
Cc: <linux-ppp at vger.kernel.org>; "Linux PPTP"
<pptp-server at lists.schulte.org>
Sent: Saturday, September 22, 2001 6:33 PM
Subject: Re: PPP problems over VPN (MPPE)


> On Sat, 22 Sep 2001, Jim Roland wrote:
>
> > I've posted without a single response, so I'm going to try again...
> >
> > I want to preface my verbage below by asking why someone doesn't just
come
> > out with a version of PPP with MPPE built in?!  I am having to deploy
>
> Because Microsoft made it proprietary. Do you want Linux ( or yourself)
sued by
> them?
>
> > firewalls with VPN capabilities, prefer to use Linux, and have better
things
> > to do with my time than waste it constantly compiling and tweaking to
get
> > things working right, sometimes taking over a week full time until it
works.
> >
> > My problem:
> > Client machine:  Windows 2000 connecting to server via VPN (PPTP) with
> > encryption set.  Win2K in both normal crypto mode and with 128-bit
> > encryption pack added.
>
> Note that MS has an attrocious record re encryption. They like to invent
thier own,
> without knowing much about it.  I would not trust the encryption for much
of anything.
>
> > Server machine:  Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1)
> > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm)
>
>  Get 2.4.1. 2.4.0 has a
>  number of bugs in it.-- primarily in its inability to read any options
files but
> the main /etc/ppp/options.
>
> >.  Kernel version
> > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via
the
> > linux-2.4.0...gz file).  PPP patched with ppp-2.4.0-mppe...gz from
> > mirror.binarix.com.
> >
> > In short, using the mppe modules (which auto-load just fine) hose a
> > connection.
> >
> > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and
> > mppe-stateless enabled):
> > 1) At best I can make the client ping inside the VPN network, but no
other
> > operations occur.  No errors other than the occaisional GRE: Discarding
out
> > of order packet message.  I have another working VPN server and this
occurs
> > there, but all works just fine using same client.  With the broken
system, I
> > am unable to connect to Exchange Server, Access NT server shares, etc.
> > 2) After a period of time, the connection drops by itself (as if I had
> > disconnected manually).
> > 3) With mppe-40 enabled, no communications (not even a ping) happen.  I
am
> > unable to ping the server's IP, nor can the server ping the client's IP.
>
> Unfortunately you will not get much help in the ppp list. You have to go
after the authors of
> the mppe. Using a hacked version of pppd means that all bets are off since
it is
> hard to know what those hacks have done to pppd.
>
>
> >
> > Encryption turned off at both client and in /etc/ppp/options (all mppe
lines
> > commented out):
> > All works just fine and runs smoothly.
> >
> > * Authentication occurs correctly with an without 128/stateless enabled,
> > MPPE modules autoload with no errors and ppp_generic shows it's being
used
> > by the ppp_mppe module.  Just whenever mppe module is used, limited
> > communication occurs.
> >
> >
> > In debug mode, the debug logs show only LCP echo and LCP echorep
packets.
> > No errors.
>
> There is a whole host of initial negotiation messages long befor
> those LCP echo packets. That is where I would look for clues. And write to
the
> authors of mppe patches. or perhaps the mppe list will be helpful.
>
>
>
>
>
> --
> William G. Unruh        Canadian Institute for          Tel:
+1(604)822-3273
> Physics&Astronomy          Advanced Research            Fax:
+1(604)822-5324
> UBC, Vancouver,BC        Program in Cosmology
unruh at physics.ubc.ca
> Canada V6T 1Z1               and Gravity
www.theory.physics.ubc.ca/
> For step by step instructions about setting up ppp under Linux, see
>             http://www.theory.physics.ubc.ca/ppp-linux.html
>




More information about the pptp-server mailing list