pppd and MPPE - a usable version anywhere ? - PPP

This is a discussion on pppd and MPPE - a usable version anywhere ? - PPP ; I beleive the question had already been asked, but I was not able to find a comp.protocols.ppp archive on the web, so I post my question here : I try to set up a VPN using : pptp - ppp ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: pppd and MPPE - a usable version anywhere ?

  1. pppd and MPPE - a usable version anywhere ?

    I beleive the question had already been asked,
    but I was not able to find a comp.protocols.ppp archive on the web,
    so I post my question here :

    I try to set up a VPN using : pptp - ppp - a windoz box
    + when I connect from windoz to my linux vpn server specifying 'no' or 'should,
    if possible' encryption mechanism, the ppp session succeed
    - but when I force encryption to occur from my windoz station, I got a failure
    on the link establishement

    some interesting log are :
    <<
    ....
    Apr 29 00:27:08 quarantaine pppd[2342]: local IP address 192.9.200.189
    Apr 29 00:27:08 quarantaine pppd[2342]: remote IP address 192.9.200.100
    Apr 29 00:27:08 quarantaine pppd[2342]: Script /etc/ppp/ip-up started (pid
    2344)
    Apr 29 00:27:08 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x2 0>]
    Apr 29 00:27:08 quarantaine pppd[2342]: sent [CCP ConfReq id=0x3]
    Apr 29 00:27:08 quarantaine pppd[2342]: Script /etc/ppp/ip-up finished (pid
    2344), status = 0x0
    Apr 29 00:27:11 quarantaine pppd[2342]: sent [CCP ConfReq id=0x3]
    Apr 29 00:27:14 quarantaine pppd[2342]: sent [CCP ConfReq id=0x3]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x3 0>]
    Apr 29 00:27:15 quarantaine pppd[2342]: sent [CCP ConfReq id=0x4]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x3 0>]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x3 0>]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfReq id=0x8 e1>]
    Apr 29 00:27:15 quarantaine pppd[2342]: sent [CCP ConfRej id=0x8 60>]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x4 0>]
    Apr 29 00:27:15 quarantaine pppd[2342]: sent [CCP ConfReq id=0x5]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x5 0>]
    Apr 29 00:27:15 quarantaine pppd[2342]: sent [CCP ConfReq id=0x6]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x6 0>]
    Apr 29 00:27:15 quarantaine pppd[2342]: sent [CCP ConfReq id=0x7]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x7 0>]
    Apr 29 00:27:15 quarantaine pppd[2342]: sent [CCP ConfReq id=0x8]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x8 0>]
    Apr 29 00:27:15 quarantaine pppd[2342]: sent [CCP ConfReq id=0x9]
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [CCP ConfNak id=0x9 0>]
    Apr 29 00:27:15 quarantaine pppd[2342]: sent [CCP ConfReq id=0xa]
    Apr 29 00:27:15 quarantaine pptpd[2341]: CTRL: Received PPTP Control Message
    (type: 15)
    Apr 29 00:27:15 quarantaine pptpd[2341]: CTRL: Got a SET LINK INFO packet with
    standard ACCMs
    Apr 29 00:27:15 quarantaine pppd[2342]: rcvd [LCP TermReq id=0x9
    "(\37777777665']\000<\37777777715t\000\000\002\37777777746"]
    Apr 29 00:27:15 quarantaine pppd[2342]: LCP terminated by peer
    ((M-5']^@
    >>


    I understood the following :
    - windoz request a mppe level e1 ()
    - pppd reply it can supply mppe level 60 ()
    - windoz decide to close the connection in sending mppe level 0 ( 0>)
    which is Nak'ed by pppd and ends in make it close the connection

    I tried different pppd
    - from http://www.advancevpn.com/public/ppp-2.4.1.tar.gz
    (with the patch
    http://www.advancevpn.com/public/ppp...-mppe-patch.gz)
    - from ftp://ftp.samba.org/pub/ppp/ppp-2.4.2b3.tar.gz

    both version should fully support mppe, but I get the same prb : works ok w/out
    mppe but failing w/ mppe

    about my config :
    i compiled a new kernel with the mppe patch (2.4.24)
    compiled ppp support in the kernel (mppe support also)
    all on debian 3.0

    also sometimes, I also get these error message (depending on the windoz machine
    I use - different win2k and one winXPpro) :
    <<
    Apr 29 20:15:17 quarantaine pptpd[1919]: CTRL: Received PPTP Control Message
    (type: 15)
    Apr 29 20:15:17 quarantaine pptpd[1919]: CTRL: Got a SET LINK INFO packet with
    standard ACCMs
    Apr 29 20:15:17 quarantaine pptpd[1919]: CTRL: Received PPTP Control Message
    (type: 15)
    Apr 29 20:15:17 quarantaine pptpd[1919]: CTRL: Ignored a SET LINK INFO packet
    with real ACCMs!
    Apr 29 20:15:18 quarantaine pppd[1920]: sent [CCP ConfReq id=0x2]
    >>


    should I disable some asyncmap ?

    Any idea to help me setting up the pptp with MPPE support would be greatlly
    appreciated as it is the only mean to have decent security for this protocol.

    Stephane


  2. Re: pppd and MPPE - a usable version anywhere ? yes it is

    i find my solution ))

    DATE : 30th avril 2004

    i write the date because i mppe/mppc is a work in progress, so my solution here
    is supposed to change in the futur

    look out for a true stable ppp version 2.4.2

    for now I use the 2.4.3b3 from cvs

    here is the link where you can find all details about my (Jan Dubiec's)
    solution :
    http://www.polbox.com/h/hs001/

    here are my tips to help anyone concerned :
    1 - you have to install a supported kernel >= 2.4.21 is recommended
    2 - download the corresponding patch and patch the kernel this way :
    cd /usr/src/linux (where linux is the root of your kernel source tree)
    zcat ../linux-x.x.x-mppe-mppc.patch.gz | patch -p1 -b
    (-b is for make a backup, --dry-run can be used to see what would be made)

    then do your
    copy your old .config (cp /boot/config .config)
    make oldconfig
    make xconfig (delect MPPE/MPPC in network device support)
    > i advice you to put all this in the kernel, not in module as pptp stateless

    mode and encryption eat cpu
    make dep
    make modules install
    make install

    then download the cvs ppp package
    apply the recommended patch :
    ppp-2.4.2-cvs20030715.tar.gz
    ppp-2.4.2-mppe-mppc-0.82.patch.gz
    gunzip the ppp cvs file
    cd ppp-2.4.2
    zcat ../ppp-2.4.2-mppe-mppc-0.82.patch.gz | patch -p1 -b
    ..configure
    make
    then you can just copy the pppd/pppd file in /usr/sbin/pppd if you have a
    debian distro

    at this point, you have a kernel ok and a pppd ok to support mppe and mppc

    it last only the configuration :
    here is a pptp-options file :
    require-mschap-v2 # and NOT chapms-v2 !!!
    mppe required,stateless,no40,no56
    # requireD and NOT require,
    # use no40,no56 to force the use of 128 key encryption

    i used the 2.4.24 kernel patch , works greeeat for me
    i can see in syslog :
    pppd[9802]:MPPE 128-bit stateless compression enabled

    i deeply thanx Jan Dubiec for his usefull precious page

    these word is to let internet search engine to find this news
    MPPC MPPE PPP PPPD PPTP SOLUTION



+ Reply to Thread