[pptp-server] Re: PPP problems over VPN (MPPE)

Sat Sep 22 23:10:17 CDT 2001

The question becomes why complicate such a simple program, pppd, with junk
that maybe 10-15% of people will ever need.

I remember reading a comment from a pppd developer, and the gist of it 
read that They are only interrested in only doing things the right
way, an example of such are the compression implamentations in pppd.  PPPD
supports 3 compression types, on linux, it only supports BsdComp -
For legacy, and Deflate - because it only compresses when it possible can,
it does not try to compress everything, thus itwill not make the
information larger by compressing it.

I can see a novice user trying to dial up to their isp with a normal
modem, and setting all this junk like mppe, and mschap when its not
needed, nor supported.

In response to the first post, binaries exist for the newest version, you
just have to look for them.  BTW, lets not get into a "microsoft stold
their gui code" argument, I remember when I first got online, and that was
STILL raging , and that was back in like 93 or 94...  Besides, we all know
where apple got their gui code from.

On a side note, IPSec is better, its not nearlly as point and click, but
it's much more secure.

Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net

P.S., we should all know where M.S. got their TCP/IP Stack from.... :)

On Sat, 22 Sep 2001, Jim Roland wrote:

> Thanks for your comments.  However (no offense and not trying to start a
> flame thread), I'm looking for solutions not rhetoric.  I am a Linux bigot
> just like most people on the list, but I don't have time for anti-MS
> sentiment right now, I need to provide a solution as soon as possible.  For
> any of us Linux/Unix bigots to continue to gain acceptance, it's better to
> follow the old adage of getting more flies with honey.  Besides, that's what
> Microsoft did early on, befriended Apple before stealing their code and
> GUI...perhaps a lesson there.
> 
> There are numerous RFCs and other papers, some/most provided by Microsoft
> for free, the explain PPTP and MPPE protocols, so Microsoft suing the author
> of the MPPE code is highly unlikely.  Actually, I found a site with the
> binaries already compiled and ready to go, however it's an older version of
> PPP.  I need a newer version of PPP that works without these flaky problems.
> 
> 
> 
> ----- Original Message -----
> From: "Bill Unruh" <unruh at physics.ubc.ca>
> To: "Jim Roland" <jroland at roland.net>
> Cc: <linux-ppp at vger.kernel.org>; "Linux PPTP"
> <pptp-server at lists.schulte.org>
> Sent: Saturday, September 22, 2001 6:33 PM
> Subject: Re: PPP problems over VPN (MPPE)
> 
> 
> > On Sat, 22 Sep 2001, Jim Roland wrote:
> >
> > > I've posted without a single response, so I'm going to try again...
> > >
> > > I want to preface my verbage below by asking why someone doesn't just
> come
> > > out with a version of PPP with MPPE built in?!  I am having to deploy
> >
> > Because Microsoft made it proprietary. Do you want Linux ( or yourself)
> sued by
> > them?
> >
> > > firewalls with VPN capabilities, prefer to use Linux, and have better
> things
> > > to do with my time than waste it constantly compiling and tweaking to
> get
> > > things working right, sometimes taking over a week full time until it
> works.
> > >
> > > My problem:
> > > Client machine:  Windows 2000 connecting to server via VPN (PPTP) with
> > > encryption set.  Win2K in both normal crypto mode and with 128-bit
> > > encryption pack added.
> >
> > Note that MS has an attrocious record re encryption. They like to invent
> thier own,
> > without knowing much about it.  I would not trust the encryption for much
> of anything.
> >
> > > Server machine:  Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1)
> > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm)
> >
> >  Get 2.4.1. 2.4.0 has a
> >  number of bugs in it.-- primarily in its inability to read any options
> files but
> > the main /etc/ppp/options.
> >
> > >.  Kernel version
> > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via
> the
> > > linux-2.4.0...gz file).  PPP patched with ppp-2.4.0-mppe...gz from
> > > mirror.binarix.com.
> > >
> > > In short, using the mppe modules (which auto-load just fine) hose a
> > > connection.
> > >
> > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and
> > > mppe-stateless enabled):
> > > 1) At best I can make the client ping inside the VPN network, but no
> other
> > > operations occur.  No errors other than the occaisional GRE: Discarding
> out
> > > of order packet message.  I have another working VPN server and this
> occurs
> > > there, but all works just fine using same client.  With the broken
> system, I
> > > am unable to connect to Exchange Server, Access NT server shares, etc.
> > > 2) After a period of time, the connection drops by itself (as if I had
> > > disconnected manually).
> > > 3) With mppe-40 enabled, no communications (not even a ping) happen.  I
> am
> > > unable to ping the server's IP, nor can the server ping the client's IP.
> >
> > Unfortunately you will not get much help in the ppp list. You have to go
> after the authors of
> > the mppe. Using a hacked version of pppd means that all bets are off since
> it is
> > hard to know what those hacks have done to pppd.
> >
> >
> > >
> > > Encryption turned off at both client and in /etc/ppp/options (all mppe
> lines
> > > commented out):
> > > All works just fine and runs smoothly.
> > >
> > > * Authentication occurs correctly with an without 128/stateless enabled,
> > > MPPE modules autoload with no errors and ppp_generic shows it's being
> used
> > > by the ppp_mppe module.  Just whenever mppe module is used, limited
> > > communication occurs.
> > >
> > >
> > > In debug mode, the debug logs show only LCP echo and LCP echorep
> packets.
> > > No errors.
> >
> > There is a whole host of initial negotiation messages long befor
> > those LCP echo packets. That is where I would look for clues. And write to
> the
> > authors of mppe patches. or perhaps the mppe list will be helpful.
> >
> >
> >
> >
> >
> > --
> > William G. Unruh        Canadian Institute for          Tel:
> +1(604)822-3273
> > Physics&Astronomy          Advanced Research            Fax:
> +1(604)822-5324
> > UBC, Vancouver,BC        Program in Cosmology
> unruh at physics.ubc.ca
> > Canada V6T 1Z1               and Gravity
> www.theory.physics.ubc.ca/
> > For step by step instructions about setting up ppp under Linux, see
> >             http://www.theory.physics.ubc.ca/ppp-linux.html
> >
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 