[pptp-server] Re: PPP problems over VPN (MPPE)

Bill Unruh unruh at physics.ubc.ca
Sun Sep 23 11:59:46 CDT 2001 

On Sat, 22 Sep 2001, Jim Roland wrote:

] Thanks for your comments.  However (no offense and not trying to start a
] flame thread), I'm looking for solutions not rhetoric.  I am a Linux bigot

I understand, but you asked why you could find no ready made solution. It IS a
proprietary protocol. Just because MS has published the details does not remove its
proprietary nature, nor MS or hifn willingness to prosecute if a distributor of
Linux included it. Futhermore they would also use it as evidence of the perfidity
of the opensource community, describing them as a nest of pirates.

] just like most people on the list, but I don't have time for anti-MS
] sentiment right now, I need to provide a solution as soon as possible.  For
] any of us Linux/Unix bigots to continue to gain acceptance, it's better to
] follow the old adage of getting more flies with honey.  Besides, that's what
] Microsoft did early on, befriended Apple before stealing their code and
] GUI...perhaps a lesson there.

You have a few options. The first is to figure out why your current 2.4.0version
does not work. I suggested that you look at and publish the negotiation phase of
pppd to see if perhaps we could see some problems there. Your description was too
sparse for anyone to be able to provide you with help, which is what you say you
want. You MUST give as much information as possible in order to get help.
They once you have 2.4.0 working ( making sure you do not trigger the 2.4.0 bugs
such as using ausilliary options files-- put everything into /etc/ppp/options. Do
not use either options.ttyS? or a user options file. ) youcan then transfer the
patches to 2.4.1, altering them as necessary to make sure they work.

Secondly, send messages to the people who developed the MPPE patch to see if they
have suggestions, or if there are known problems.

]
] There are numerous RFCs and other papers, some/most provided by Microsoft
] for free, the explain PPTP and MPPE protocols, so Microsoft suing the author
] of the MPPE code is highly unlikely.  Actually, I found a site with the
] binaries already compiled and ready to go, however it's an older version of
] PPP.  I need a newer version of PPP that works without these flaky problems.
]
]
]
] ----- Original Message -----
] From: "Bill Unruh" <unruh at physics.ubc.ca>
] To: "Jim Roland" <jroland at roland.net>
] Cc: <linux-ppp at vger.kernel.org>; "Linux PPTP"
] <pptp-server at lists.schulte.org>
] Sent: Saturday, September 22, 2001 6:33 PM
] Subject: Re: PPP problems over VPN (MPPE)
]
]
] > On Sat, 22 Sep 2001, Jim Roland wrote:
] >
] > > I've posted without a single response, so I'm going to try again...
] > >
] > > I want to preface my verbage below by asking why someone doesn't just
] come
] > > out with a version of PPP with MPPE built in?!  I am having to deploy
] >
] > Because Microsoft made it proprietary. Do you want Linux ( or yourself)
] sued by
] > them?
] >
] > > firewalls with VPN capabilities, prefer to use Linux, and have better
] things
] > > to do with my time than waste it constantly compiling and tweaking to
] get
] > > things working right, sometimes taking over a week full time until it
] works.
] > >
] > > My problem:
] > > Client machine:  Windows 2000 connecting to server via VPN (PPTP) with
] > > encryption set.  Win2K in both normal crypto mode and with 128-bit
] > > encryption pack added.
] >
] > Note that MS has an attrocious record re encryption. They like to invent
] thier own,
] > without knowing much about it.  I would not trust the encryption for much
] of anything.
] >
] > > Server machine:  Red Hat Linux 6.2 and 7.1 (both tried, currently 7.1)
] > > running PoPToP 1.0.1 and ppp 2.4.0-2 (redhat source rpm)
] >
] >  Get 2.4.1. 2.4.0 has a
] >  number of bugs in it.-- primarily in its inability to read any options
] files but
] > the main /etc/ppp/options.
] >
] > >.  Kernel version
] > > 2.4.2-2 with mppe patches provided from mirror.binarix.com's site (via
] the
] > > linux-2.4.0...gz file).  PPP patched with ppp-2.4.0-mppe...gz from
] > > mirror.binarix.com.
] > >
] > > In short, using the mppe modules (which auto-load just fine) hose a
] > > connection.
] > >
] > > Encryption turned on at Client and in /etc/ppp/options (mppe-128 and
] > > mppe-stateless enabled):
] > > 1) At best I can make the client ping inside the VPN network, but no
] other
] > > operations occur.  No errors other than the occaisional GRE: Discarding
] out
] > > of order packet message.  I have another working VPN server and this
] occurs
] > > there, but all works just fine using same client.  With the broken
] system, I
] > > am unable to connect to Exchange Server, Access NT server shares, etc.
] > > 2) After a period of time, the connection drops by itself (as if I had
] > > disconnected manually).
] > > 3) With mppe-40 enabled, no communications (not even a ping) happen.  I
] am
] > > unable to ping the server's IP, nor can the server ping the client's IP.
] >
] > Unfortunately you will not get much help in the ppp list. You have to go
] after the authors of
] > the mppe. Using a hacked version of pppd means that all bets are off since
] it is
] > hard to know what those hacks have done to pppd.
] >
] >
] > >
] > > Encryption turned off at both client and in /etc/ppp/options (all mppe
] lines
] > > commented out):
] > > All works just fine and runs smoothly.
] > >
] > > * Authentication occurs correctly with an without 128/stateless enabled,
] > > MPPE modules autoload with no errors and ppp_generic shows it's being
] used
] > > by the ppp_mppe module.  Just whenever mppe module is used, limited
] > > communication occurs.
] > >
] > >
] > > In debug mode, the debug logs show only LCP echo and LCP echorep
] packets.
] > > No errors.
] >
] > There is a whole host of initial negotiation messages long befor
] > those LCP echo packets. That is where I would look for clues. And write to
] the
] > authors of mppe patches. or perhaps the mppe list will be helpful.
] >
] >
] >
] >
] >
] > --
] > William G. Unruh        Canadian Institute for          Tel:
] +1(604)822-3273
] > Physics&Astronomy          Advanced Research            Fax:
] +1(604)822-5324
] > UBC, Vancouver,BC        Program in Cosmology
] unruh at physics.ubc.ca
] > Canada V6T 1Z1               and Gravity
] www.theory.physics.ubc.ca/
] > For step by step instructions about setting up ppp under Linux, see
] >             http://www.theory.physics.ubc.ca/ppp-linux.html
] >
]
]

-- 
William G. Unruh        Canadian Institute for          Tel: +1(604)822-3273
Physics&Astronomy          Advanced Research            Fax: +1(604)822-5324
UBC, Vancouver,BC        Program in Cosmology           unruh at physics.ubc.ca
Canada V6T 1Z1               and Gravity           www.theory.physics.ubc.ca/
For step by step instructions about setting up ppp under Linux, see
            http://www.theory.physics.ubc.ca/ppp-linux.html

More information about the pptp-server mailing list