[pptp-server] Re: PPP problems over VPN (MPPE)

Jim Roland jroland at roland.net
Sun Sep 23 04:23:19 CDT 2001 

LOL....That's why I said I didn't want to start a thread war...

Moving on...I would love to put IPSec, DES, or 3DES in...any
recommendations?


----- Original Message -----
From: "Justin Kreger" <lists at earthling.2y.net>
To: "Jim Roland" <jroland at roland.net>
Cc: "Bill Unruh" <unruh at physics.ubc.ca>; <linux-ppp at vger.kernel.org>; "Linux
PPTP" <pptp-server at lists.schulte.org>
Sent: Saturday, September 22, 2001 11:10 PM
Subject: Re: [pptp-server] Re: PPP problems over VPN (MPPE)


> The question becomes why complicate such a simple program, pppd, with junk
> that maybe 10-15% of people will ever need.
>
> I remember reading a comment from a pppd developer, and the gist of it
> read that They are only interrested in only doing things the right
> way, an example of such are the compression implamentations in pppd.  PPPD
> supports 3 compression types, on linux, it only supports BsdComp -
> For legacy, and Deflate - because it only compresses when it possible can,
> it does not try to compress everything, thus itwill not make the
> information larger by compressing it.
>
> I can see a novice user trying to dial up to their isp with a normal
> modem, and setting all this junk like mppe, and mschap when its not
> needed, nor supported.
>
> In response to the first post, binaries exist for the newest version, you
> just have to look for them.  BTW, lets not get into a "microsoft stold
> their gui code" argument, I remember when I first got online, and that was
> STILL raging , and that was back in like 93 or 94...  Besides, we all know
> where apple got their gui code from.
>
> On a side note, IPSec is better, its not nearlly as point and click, but
> it's much more secure.
>
> Justin Kreger, MCP MCSE CCNA
> jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net
>
>
> P.S., we should all know where M.S. got their TCP/IP Stack from.... :)
>
> On Sat, 22 Sep 2001, Jim Roland wrote:
>
> > Thanks for your comments.  However (no offense and not trying to start a
> > flame thread), I'm looking for solutions not rhetoric.  I am a Linux
bigot
> > just like most people on the list, but I don't have time for anti-MS
> > sentiment right now, I need to provide a solution as soon as possible.
For
> > any of us Linux/Unix bigots to continue to gain acceptance, it's better
to
> > follow the old adage of getting more flies with honey.  Besides, that's
what
> > Microsoft did early on, befriended Apple before stealing their code and
> > GUI...perhaps a lesson there.
> >
> > There are numerous RFCs and other papers, some/most provided by
Microsoft
> > for free, the explain PPTP and MPPE protocols, so Microsoft suing the
author
> > of the MPPE code is highly unlikely.  Actually, I found a site with the
> > binaries already compiled and ready to go, however it's an older version
of
> > PPP.  I need a newer version of PPP that works without these flaky
problems.
> >
> >
> >
> > ----- Original Message -----
> > From: "Bill Unruh" <unruh at physics.ubc.ca>
> > To: "Jim Roland" <jroland at roland.net>
> > Cc: <linux-ppp at vger.kernel.org>; "Linux PPTP"
> > <pptp-server at lists.schulte.org>
> > Sent: Saturday, September 22, 2001 6:33 PM
> > Subject: Re: PPP problems over VPN (MPPE)
> >
> >
> > > On Sat, 22 Sep 2001, Jim Roland wrote:
> > >
> > > > I've posted without a single response, so I'm going to try again...
> > > >
> > > > I want to preface my verbage below by asking why someone doesn't
just
> > come
> > > > out with a version of PPP with MPPE built in?!  I am having to
deploy
> > >
> > > Because Microsoft made it proprietary. Do you want Linux ( or
yourself)
> > sued by
> > > them?
> > >
> > > > firewalls with VPN capabilities, prefer to use Linux, and have
better
> > things
> > > > to do with my time than waste it constantly compiling and tweaking
to
> > get
> > > > things working right, sometimes taking over a week full time until
it
> > works.
> > > >
> > > > My problem:
> > > > Client machine:  Windows 2000 connecting to server via VPN (PPTP)
with
> > > > encryption set.  Win2K in both normal crypto mode and with 128-bit
> > > > encryption pack added.
> > >
> > > Note that MS has an attrocious record re encryption. They like to
invent
> > thier own,
> > > without knowing much about it.  I would not trust the encryption for
much
> > of anything.
> > >
> > > > Server machine:  Red Hat Linux 6.2 and 7.1 (both tried, currently
7.1)
> > > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm)
> > >
> > >  Get 2.4.1. 2.4.0 has a
> > >  number of bugs in it.-- primarily in its inability to read any
options
> > files but
> > > the main /etc/ppp/options.
> > >
> > > >.  Kernel version
> > > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site
(via
> > the
> > > > linux-2.4.0...gz file).  PPP patched with ppp-2.4.0-mppe...gz from
> > > > mirror.binarix.com.
> > > >
> > > > In short, using the mppe modules (which auto-load just fine) hose a
> > > > connection.
> > > >
> > > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and
> > > > mppe-stateless enabled):
> > > > 1) At best I can make the client ping inside the VPN network, but no
> > other
> > > > operations occur.  No errors other than the occaisional GRE:
Discarding
> > out
> > > > of order packet message.  I have another working VPN server and this
> > occurs
> > > > there, but all works just fine using same client.  With the broken
> > system, I
> > > > am unable to connect to Exchange Server, Access NT server shares,
etc.
> > > > 2) After a period of time, the connection drops by itself (as if I
had
> > > > disconnected manually).
> > > > 3) With mppe-40 enabled, no communications (not even a ping) happen.
I
> > am
> > > > unable to ping the server's IP, nor can the server ping the client's
IP.
> > >
> > > Unfortunately you will not get much help in the ppp list. You have to
go
> > after the authors of
> > > the mppe. Using a hacked version of pppd means that all bets are off
since
> > it is
> > > hard to know what those hacks have done to pppd.
> > >
> > >
> > > >
> > > > Encryption turned off at both client and in /etc/ppp/options (all
mppe
> > lines
> > > > commented out):
> > > > All works just fine and runs smoothly.
> > > >
> > > > * Authentication occurs correctly with an without 128/stateless
enabled,
> > > > MPPE modules autoload with no errors and ppp_generic shows it's
being
> > used
> > > > by the ppp_mppe module.  Just whenever mppe module is used, limited
> > > > communication occurs.
> > > >
> > > >
> > > > In debug mode, the debug logs show only LCP echo and LCP echorep
> > packets.
> > > > No errors.
> > >
> > > There is a whole host of initial negotiation messages long befor
> > > those LCP echo packets. That is where I would look for clues. And
write to
> > the
> > > authors of mppe patches. or perhaps the mppe list will be helpful.
> > >
> > >
> > >
> > >
> > >
> > > --
> > > William G. Unruh        Canadian Institute for          Tel:
> > +1(604)822-3273
> > > Physics&Astronomy          Advanced Research            Fax:
> > +1(604)822-5324
> > > UBC, Vancouver,BC        Program in Cosmology
> > unruh at physics.ubc.ca
> > > Canada V6T 1Z1               and Gravity
> > www.theory.physics.ubc.ca/
> > > For step by step instructions about setting up ppp under Linux, see
> > >             http://www.theory.physics.ubc.ca/ppp-linux.html
> > >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > --- To unsubscribe, go to the url just above this line. --
> >
>

More information about the pptp-server mailing list