[pptp-server] Encryption is getting NAKed by e-smith ppp-2.4. 0-15
Charlie Brady
charlieb at e-smith.com
Thu Mar 21 14:14:16 CST 2002
On Wed, 20 Mar 2002, Frank Cusack wrote:
> On Wed, Mar 20, 2002 at 03:51:37PM -0800, Michael St. Laurent wrote:
> > sentinel pppd[20521]: sent [CCP ConfReq id=0x1 <mppe 1 0 0 60>]
> > sentinel pppd[20521]: rcvd [CCP ConfReq id=0x4 <mppe 1 0 0 e1>]
> > sentinel pppd[20521]: sent [CCP ConfNak id=0x4 <mppe 1 0 0 60>] << (1)
> > sentinel pppd[20521]: rcvd [CCP ConfNak id=0x1 <mppe 1 0 0 40>]
> > sentinel pppd[20521]: rcvd [CCP ConfReq id=0x6 <mppe 1 0 0 40>] << (2)
> > sentinel pppd[20521]: sent [CCP ConfRej id=0x6 <mppe 1 0 0 40>]
> > sentinel pppd[20521]: LCP terminated by peer (El^G3^@<M-Mt^@^@^BM-f)
>
> Looks like a bug in ppp_mppe.
The CCP negotiation is done by pppd, not the ppp_mpppe module.
> In line (1), ppp_mppe is Nak'ing with
> multiple enc options (40+128), it's supposed to Nak with one choice.
Are you sure? Should it not Nak with anything that it can do which the
peer has requested.
> Also, it's Nak includes an option not in the original ConfReq.
Which one?
> The client seems to handle this fine, but then ppp_mppe decides for
> some reason it doesn't like the clients new ConfReq (line (2),
Line 2 is from client to server. And yes, the server then says it doesn't
like it.
> where the client requests a subset of what the server said it would
> support).
Yep, it looks OK, but then so does the server's initial NAK to me (60 in
response to e1).
> Maybe since the Nak went out bad, the server wants the next request to
> be the same as it's Nak.
>
> The client disconnects after ppp_mppe rejects MPPE.
Specifically, when it rejects the final offer of CCP negotiation.
> Since the client support 128, you can probably workaround this by disabling
> 40-bit support in ppp_mppe.
Which is recommended in any case.
--
Charlie Brady charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group http://www.e-smith.com/
Mitel Networks Corporation http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
More information about the pptp-server
mailing list