[pptp-server] Re: PPP problems over VPN (MPPE)
Jim Roland
jroland at roland.net
Sun Sep 23 04:23:19 CDT 2001
LOL....That's why I said I didn't want to start a thread war...
Moving on...I would love to put IPSec, DES, or 3DES in...any
recommendations?
----- Original Message -----
From: "Justin Kreger" <lists at earthling.2y.net>
To: "Jim Roland" <jroland at roland.net>
Cc: "Bill Unruh" <unruh at physics.ubc.ca>; <linux-ppp at vger.kernel.org>; "Linux
PPTP" <pptp-server at lists.schulte.org>
Sent: Saturday, September 22, 2001 11:10 PM
Subject: Re: [pptp-server] Re: PPP problems over VPN (MPPE)
> The question becomes why complicate such a simple program, pppd, with junk
> that maybe 10-15% of people will ever need.
>
> I remember reading a comment from a pppd developer, and the gist of it
> read that They are only interrested in only doing things the right
> way, an example of such are the compression implamentations in pppd. PPPD
> supports 3 compression types, on linux, it only supports BsdComp -
> For legacy, and Deflate - because it only compresses when it possible can,
> it does not try to compress everything, thus itwill not make the
> information larger by compressing it.
>
> I can see a novice user trying to dial up to their isp with a normal
> modem, and setting all this junk like mppe, and mschap when its not
> needed, nor supported.
>
> In response to the first post, binaries exist for the newest version, you
> just have to look for them. BTW, lets not get into a "microsoft stold
> their gui code" argument, I remember when I first got online, and that was
> STILL raging , and that was back in like 93 or 94... Besides, we all know
> where apple got their gui code from.
>
> On a side note, IPSec is better, its not nearlly as point and click, but
> it's much more secure.
>
> Justin Kreger, MCP MCSE CCNA
> jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net
>
>
> P.S., we should all know where M.S. got their TCP/IP Stack from.... :)
>
> On Sat, 22 Sep 2001, Jim Roland wrote:
>
> > Thanks for your comments. However (no offense and not trying to start a
> > flame thread), I'm looking for solutions not rhetoric. I am a Linux
bigot
> > just like most people on the list, but I don't have time for anti-MS
> > sentiment right now, I need to provide a solution as soon as possible.
For
> > any of us Linux/Unix bigots to continue to gain acceptance, it's better
to
> > follow the old adage of getting more flies with honey. Besides, that's
what
> > Microsoft did early on, befriended Apple before stealing their code and
> > GUI...perhaps a lesson there.
> >
> > There are numerous RFCs and other papers, some/most provided by
Microsoft
> > for free, the explain PPTP and MPPE protocols, so Microsoft suing the
author
> > of the MPPE code is highly unlikely. Actually, I found a site with the
> > binaries already compiled and ready to go, however it's an older version
of
> > PPP. I need a newer version of PPP that works without these flaky
problems.
> >
> >
> >
> > ----- Original Message -----
> > From: "Bill Unruh" <unruh at physics.ubc.ca>
> > To: "Jim Roland" <jroland at roland.net>
> > Cc: <linux-ppp at vger.kernel.org>; "Linux PPTP"
> > <pptp-server at lists.schulte.org>
> > Sent: Saturday, September 22, 2001 6:33 PM
> > Subject: Re: PPP problems over VPN (MPPE)
> >
> >
> > > On Sat, 22 Sep 2001, Jim Roland wrote:
> > >
> > > > I've posted without a single response, so I'm going to try again...
> > > >
> > > > I want to preface my verbage below by asking why someone doesn't
just
> > come
> > > > out with a version of PPP with MPPE built in?! I am having to
deploy
> > >
> > > Because Microsoft made it proprietary. Do you want Linux ( or
yourself)
> > sued by
> > > them?
> > >
> > > > firewalls with VPN capabilities, prefer to use Linux, and have
better
> > things
> > > > to do with my time than waste it constantly compiling and tweaking
to
> > get
> > > > things working right, sometimes taking over a week full time until
it
> > works.
> > > >
> > > > My problem:
> > > > Client machine: Windows 2000 connecting to server via VPN (PPTP)
with
> > > > encryption set. Win2K in both normal crypto mode and with 128-bit
> > > > encryption pack added.
> > >
> > > Note that MS has an attrocious record re encryption. They like to
invent
> > thier own,
> > > without knowing much about it. I would not trust the encryption for
much
> > of anything.
> > >
> > > > Server machine: Red Hat Linux 6.2 and 7.1 (both tried, currently
7.1)
> > > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm)
> > >
> > > Get 2.4.1. 2.4.0 has a
> > > number of bugs in it.-- primarily in its inability to read any
options
> > files but
> > > the main /etc/ppp/options.
> > >
> > > >. Kernel version
> > > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site
(via
> > the
> > > > linux-2.4.0...gz file). PPP patched with ppp-2.4.0-mppe...gz from
> > > > mirror.binarix.com.
> > > >
> > > > In short, using the mppe modules (which auto-load just fine) hose a
> > > > connection.
> > > >
> > > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and
> > > > mppe-stateless enabled):
> > > > 1) At best I can make the client ping inside the VPN network, but no
> > other
> > > > operations occur. No errors other than the occaisional GRE:
Discarding
> > out
> > > > of order packet message. I have another working VPN server and this
> > occurs
> > > > there, but all works just fine using same client. With the broken
> > system, I
> > > > am unable to connect to Exchange Server, Access NT server shares,
etc.
> > > > 2) After a period of time, the connection drops by itself (as if I
had
> > > > disconnected manually).
> > > > 3) With mppe-40 enabled, no communications (not even a ping) happen.
I
> > am
> > > > unable to ping the server's IP, nor can the server ping the client's
IP.
> > >
> > > Unfortunately you will not get much help in the ppp list. You have to
go
> > after the authors of
> > > the mppe. Using a hacked version of pppd means that all bets are off
since
> > it is
> > > hard to know what those hacks have done to pppd.
> > >
> > >
> > > >
> > > > Encryption turned off at both client and in /etc/ppp/options (all
mppe
> > lines
> > > > commented out):
> > > > All works just fine and runs smoothly.
> > > >
> > > > * Authentication occurs correctly with an without 128/stateless
enabled,
> > > > MPPE modules autoload with no errors and ppp_generic shows it's
being
> > used
> > > > by the ppp_mppe module. Just whenever mppe module is used, limited
> > > > communication occurs.
> > > >
> > > >
> > > > In debug mode, the debug logs show only LCP echo and LCP echorep
> > packets.
> > > > No errors.
> > >
> > > There is a whole host of initial negotiation messages long befor
> > > those LCP echo packets. That is where I would look for clues. And
write to
> > the
> > > authors of mppe patches. or perhaps the mppe list will be helpful.
> > >
> > >
> > >
> > >
> > >
> > > --
> > > William G. Unruh Canadian Institute for Tel:
> > +1(604)822-3273
> > > Physics&Astronomy Advanced Research Fax:
> > +1(604)822-5324
> > > UBC, Vancouver,BC Program in Cosmology
> > unruh at physics.ubc.ca
> > > Canada V6T 1Z1 and Gravity
> > www.theory.physics.ubc.ca/
> > > For step by step instructions about setting up ppp under Linux, see
> > > http://www.theory.physics.ubc.ca/ppp-linux.html
> > >
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> >
>
More information about the pptp-server
mailing list