[pptp-server] MPPE refused by pppd even when enabled?

Charlie Brady charlieb at e-smith.com
Mon Jan 28 10:18:21 CST 2002


On Mon, 28 Jan 2002, Andrew Kohlsmith wrote:

> Windows 98 client with "require data encryption" checked.
> ppp 2.4.1 with MPPE patch
> PoPToP v1.1.2
> kernel 2.1.17 with 2.4.16's MPPE patch (module verified to be loaded)
> OpenSSL 0.96
>
> When the client connects we reject MPPE.  Any idea why?
>
> Jan 28 10:58:06 fw pppd[19916]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 31> <lzs
> 0 1 4>]
> Jan 28 10:58:06 fw pppd[19916]: sent [CCP ConfRej id=0x1 <mppe 1 0 0 31> <lzs
> 0 1 4>]

They are requesting compression - we don't do compression.

> Jan 28 10:58:06 fw pppd[19916]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 31> <lzs

      3                   2                   1
    1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             |H|                               |M|S|L|D|     |C|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The 'C' bit is used by MPPC [4] and is not discussed further in this
   memo.  The 'D' bit is obsolete; although some older peers may attempt
   to negotiate this option, it SHOULD NOT be accepted.  If the 'L' bit
   is set (corresponding to a value of 0x20 in the least significant
   octet), this indicates the desire of the sender to negotiate the use
   of 40-bit session keys.  If the 'S' bit is set (corresponding to a
   value of 0x40 in the least significant octet), this indicates the
   desire of the sender to negotiate the use of 128-bit session keys.
   If the 'M' bit is set (corresponding to a value of 0x80 in the least
   significant octet), this indicates the desire of the sender to
   negotiate the use of 56-bit session keys.  If the 'H' bit is set
   (corresponding to a value of 0x01 in the most significant octet),
   this indicates that the sender wishes to negotiate the use of
   stateless mode, in which the session key is changed after the
   transmission of each packet (see section 10, below).  In the
   following discussion, the 'S', 'M' and 'L' bits are sometimes
   referred to collectively as "encryption options".

   All other bits are reserved and MUST be set to 0.

Hence they are requesting 40bit stateless encryption, with MPPC, and also
setting the obsolete D bit in the request.

They are also requesting lzs compression, which pppd doesn't do.

--
Charlie Brady                         charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group        http://www.e-smith.com/
Mitel Networks Corporation            http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000  Fax: +1 (613) 564 7739





More information about the pptp-server mailing list