[pptp-server] Re: PPP problems over VPN (MPPE)

[Jeff Shanholtz]

Two things don't make sense to me yet.

After applying the patches, you still have to enable the options in the
options file, right? So I don't understand why incorporating the patches
into the official version would force ISP's to support it. And I'm sure
there are other PPP options that only 10-15% of users actually use,
aren't there? Could it really boil down to anti-MS bigotry on the
developers' part?

And as to the legality of incorporating the patches into the official
version of PPP without paying licensing fees, how is posting the patches
on the PoPToP site not just as illegal?

FYI I'm not anti-MS and I'm not anti-Linux; I use both and appreciate
both for their respective strengths and acknowledge MS's and the Linux
community's right to do things in their own ways. I'm also new to
PoPToP, so I claim no expertise on the subject. However, I, too, get
tired of dealing with kernel patches and compiles so like Jim, I am also
very interested in the reasons this stuff is required.


-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Justin Kreger
Sent: Saturday, September 22, 2001 9:10 PM
To: Jim Roland
Cc: Bill Unruh; linux-ppp at vger.kernel.org; Linux PPTP
Subject: Re: [pptp-server] Re: PPP problems over VPN (MPPE)


The question becomes why complicate such a simple program, pppd, with
junk
that maybe 10-15% of people will ever need.

I remember reading a comment from a pppd developer, and the gist of it 
read that They are only interrested in only doing things the right
way, an example of such are the compression implamentations in pppd.
PPPD
supports 3 compression types, on linux, it only supports BsdComp -
For legacy, and Deflate - because it only compresses when it possible
can,
it does not try to compress everything, thus itwill not make the
information larger by compressing it.

I can see a novice user trying to dial up to their isp with a normal
modem, and setting all this junk like mppe, and mschap when its not
needed, nor supported.

In response to the first post, binaries exist for the newest version,
you
just have to look for them.  BTW, lets not get into a "microsoft stold
their gui code" argument, I remember when I first got online, and that
was
STILL raging , and that was back in like 93 or 94...  Besides, we all
know
where apple got their gui code from.

On a side note, IPSec is better, its not nearlly as point and click, but
it's much more secure.

Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net


P.S., we should all know where M.S. got their TCP/IP Stack from.... :)

On Sat, 22 Sep 2001, Jim Roland wrote:

> Thanks for your comments.  However (no offense and not trying to start
a
> flame thread), I'm looking for solutions not rhetoric.  I am a Linux
bigot
> just like most people on the list, but I don't have time for anti-MS
> sentiment right now, I need to provide a solution as soon as possible.
For
> any of us Linux/Unix bigots to continue to gain acceptance, it's
better to
> follow the old adage of getting more flies with honey.  Besides,
that's what
> Microsoft did early on, befriended Apple before stealing their code
and
> GUI...perhaps a lesson there.
> 
> There are numerous RFCs and other papers, some/most provided by
Microsoft
> for free, the explain PPTP and MPPE protocols, so Microsoft suing the
author
> of the MPPE code is highly unlikely.  Actually, I found a site with
the
> binaries already compiled and ready to go, however it's an older
version of
> PPP.  I need a newer version of PPP that works without these flaky
problems.
> 
> 
> 
> ----- Original Message -----
> From: "Bill Unruh" <unruh at physics.ubc.ca>
> To: "Jim Roland" <jroland at roland.net>
> Cc: <linux-ppp at vger.kernel.org>; "Linux PPTP"
> <pptp-server at lists.schulte.org>
> Sent: Saturday, September 22, 2001 6:33 PM
> Subject: Re: PPP problems over VPN (MPPE)
> 
> 
> > On Sat, 22 Sep 2001, Jim Roland wrote:
> >
> > > I've posted without a single response, so I'm going to try
again...
> > >
> > > I want to preface my verbage below by asking why someone doesn't
just
> come
> > > out with a version of PPP with MPPE built in?!  I am having to
deploy
> >
> > Because Microsoft made it proprietary. Do you want Linux ( or
yourself)
> sued by
> > them?
> >
> > > firewalls with VPN capabilities, prefer to use Linux, and have
better
> things
> > > to do with my time than waste it constantly compiling and tweaking
to
> get
> > > things working right, sometimes taking over a week full time until
it
> works.
> > >
> > > My problem:
> > > Client machine:  Windows 2000 connecting to server via VPN (PPTP)
with
> > > encryption set.  Win2K in both normal crypto mode and with 128-bit
> > > encryption pack added.
> >
> > Note that MS has an attrocious record re encryption. They like to
invent
> thier own,
> > without knowing much about it.  I would not trust the encryption for
much
> of anything.
> >
> > > Server machine:  Red Hat Linux 6.2 and 7.1 (both tried, currently
7.1)
> > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm)
> >
> >  Get 2.4.1. 2.4.0 has a
> >  number of bugs in it.-- primarily in its inability to read any
options
> files but
> > the main /etc/ppp/options.
> >
> > >.  Kernel version
> > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site
(via
> the
> > > linux-2.4.0...gz file).  PPP patched with ppp-2.4.0-mppe...gz from
> > > mirror.binarix.com.
> > >
> > > In short, using the mppe modules (which auto-load just fine) hose
a
> > > connection.
> > >
> > > Encryption turned on at Client and in /etc/ppp/options (mppe-128
and
> > > mppe-stateless enabled):
> > > 1) At best I can make the client ping inside the VPN network, but
no
> other
> > > operations occur.  No errors other than the occaisional GRE:
Discarding
> out
> > > of order packet message.  I have another working VPN server and
this
> occurs
> > > there, but all works just fine using same client.  With the broken
> system, I
> > > am unable to connect to Exchange Server, Access NT server shares,
etc.
> > > 2) After a period of time, the connection drops by itself (as if I
had
> > > disconnected manually).
> > > 3) With mppe-40 enabled, no communications (not even a ping)
happen.  I
> am
> > > unable to ping the server's IP, nor can the server ping the
client's IP.
> >
> > Unfortunately you will not get much help in the ppp list. You have
to go
> after the authors of
> > the mppe. Using a hacked version of pppd means that all bets are off
since
> it is
> > hard to know what those hacks have done to pppd.
> >
> >
> > >
> > > Encryption turned off at both client and in /etc/ppp/options (all
mppe
> lines
> > > commented out):
> > > All works just fine and runs smoothly.
> > >
> > > * Authentication occurs correctly with an without 128/stateless
enabled,
> > > MPPE modules autoload with no errors and ppp_generic shows it's
being
> used
> > > by the ppp_mppe module.  Just whenever mppe module is used,
limited
> > > communication occurs.
> > >
> > >
> > > In debug mode, the debug logs show only LCP echo and LCP echorep
> packets.
> > > No errors.
> >
> > There is a whole host of initial negotiation messages long befor
> > those LCP echo packets. That is where I would look for clues. And
write to
> the
> > authors of mppe patches. or perhaps the mppe list will be helpful.
> >
> >
> >
> >
> >
> > --
> > William G. Unruh        Canadian Institute for          Tel:
> +1(604)822-3273
> > Physics&Astronomy          Advanced Research            Fax:
> +1(604)822-5324
> > UBC, Vancouver,BC        Program in Cosmology
> unruh at physics.ubc.ca
> > Canada V6T 1Z1               and Gravity
> www.theory.physics.ubc.ca/
> > For step by step instructions about setting up ppp under Linux, see
> >             http://www.theory.physics.ubc.ca/ppp-linux.html
> >
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> --- To unsubscribe, go to the url just above this line. --
> 

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --