[pptp-server] MPPE issue--packets stop flowing with 2nd client or re-establishing PPP

Jim Roland jroland at roland.net
Tue Sep 25 00:07:14 CDT 2001 

Perhaps you have seen this without me having to spam up email with sending 2
samples of debug and messages logs.  No errors come up except discussion
about pptpd buffering and reordering packets.  This was normal at working
and non-working moments.

I am running the following:
RedHat 7.1
kernel 2.4.2-2
ppp-2.4.0 (via source code)
pptpd-1.0.1 (upgraded to 1.1.2 to eliminate "GRE: Discarded out of order
packet" errors)
linux-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to kernel)
ppp-2.4.0-openssl-0.9.6-mppe.patch.gz (patches to pppd)
[Linux PPTP server]
[Windows 2000 client]


I am having 2 strange problems:
1) Single client only:  All works fine if ppp_mppe module is NOT already
loaded into memory when I establish a VPN connection.
    * I leave a window pinging an IP on the inside of the VPN and watch the
/var/log/messages log on the VPN box for errors.
    * If I disconnect the VPN connection, re-establish a few seconds or
minutes later (before a cronjob for rmmod runs removing ppp_mppe), packets
stop pinging the instant the "MPPE 128 bit, stateless compression enabled"
message comes up on.
    * Packets do flow ping during the time between IP address assignment and
the "MPPE 128-bit..." entry in the log.  As soon as the MPPE message comes
up, packets stop flowing (no ping, no communication at all).
    Workaround:  If I put in a line such as "/sbin/rmmod -ar ppp_mppe" in
the /etc/ppp/ip-down script, all works fine for a SINGLE CLIENT only...
        This workaround unregisters the MPPE module when PPPd exits.  When I
reestablish a connection again, the module is reloaded into memory and all
works like it should.

2) Multiple clients:  I am presently unable to make a 2nd client work with
the above programs and patches (packet flow confirmed by infinite pinging
window to an IP on the inside of the VPN).
    * I connect client #1.  MPPE registers, a few notes in the messages log
about PPTPd buffering out of order packets, and all flows fine.
    * I connect client #2.  Packets flow as soon as the IP address is
assigned, but immediately stop after "MPPE  128-bit" message comes up.
    * Even though client #2 stops communicating, client #1 keeps running
fine.


** Other issue:  For whatever reason, the MPPE-40 option ("mppe-40") in
/etc/ppp/options, if the 40-bit is enabled, no packets flow at all anywhere.
As soon as I only allow mppe-128 and mppe-stateless to work (only those two
enabled), packets work as noted above.

** I have already tried running pptpd with a single local IP and multiple
local IPs in /etc/pptpd.conf (remote IPs are always multiple) and there is
no change.

** I downloaded the generic ppp_mppe_compressed_data_fix.diff and tried to
apply to the ppp_mppe.c file (in ppp-2.4.0 and it's patches noted above, the
.c file is located in /usr/src/linux-2.4.2/drivers/net/ppp_mppe.c)...The
patch will not apply at all (hunks not found).


Please help!!  I have got to make this work for multiple simultaneous
clients.

Regards,
Jim Roland, RHCE

More information about the pptp-server mailing list