gws-1 ~ # emerge --info Portage 2.1-r2 (default-linux/x86/no-nptl, gcc-3.4.6, glibc-2.3.6-r4, 2.6.17-gentoo-r4 i686) ================================================================= System uname: 2.6.17-gentoo-r4 i686 Pentium III (Coppermine) Gentoo Base System version 1.12.4 ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i386-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -mtune=i686 -pipe -g -ggdb" CHOST="i386-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/mozilla/defaults/pref /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=pentium3 -mtune=i686 -pipe -g -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildpkg ccache distcc distlocks metadata-transfer sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="ftp://cs.ubishops.ca/pub/gentoo http://adelie.polymtl.ca/ ftp://gentoo.arcticnetwork.ca/pub/gentoo/ http://gentoo.arcticnetwork.ca/ http://gentoo.mirrored.ca/ ftp://gentoo.mirrored.ca/ " MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="x86 3dfx GAPING_SECURITY_HOLE X aac aalib acl alsa amr apm arts asf async automount autoreplace avi bash-completion berkdb bitmap-fonts bonjour cdparanoia cdr cli connectionstatus contactnotes crypt css cups dga directfb dlloader dri dts dv dvb dvd dvdr dvdread eds emboss encode esd faillog fbcon foomaticdb fortran gadu gdbm ggi gif gimp gimpprint gphoto2 gpm grammar gstreamer gtk gtk2 i8x0 imlib ipod ipv6 isdnlog jabber jack joystick jpeg kde kerberos ldap ldapsam libcaca libg++ libwww lirc live lzo mad matroska matrox mikmod mmx mmxext motif mozcalendar mozdevelop mozilla mp3 mpeg mplayer mythtv nas ncurses nls nsplugin ogg opengl oss pam pcntl pcre pdflib perl png posix ppds pppd python qt3 qt4 quicktime readline real reflection rtc samba sdl session spell spl sse ssl subversion svga syslog tcpd theora truetype truetype-fonts type1-fonts v4l v4l2 vorbis win32codecs winbind xanim xml xmms xorg xv xvid xvmc zlib elibc_glibc input_devices_keyboard input_devices_mouse input_devices_evdev kernel_linux userland_GNU video_cards_apm video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i740 video_cards_i810 video_cards_imstt video_cards_mga video_cards_neomagic video_cards_nsc video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS --- Problem description attached ---
Created attachment 94913 [details] detailed problem description
Please, use description for descriptions and keep summary short. Also please avoid posting description into attachments, it makes search useless.
1) This quote from man page explains what require-mppe option means: Require the use of MPPE (Microsoft Point to Point Encryption). This option disables all other compression types. This option enables both 40-bit and 128-bit encryption. In order for MPPE to successfully come up, you must have authenticated with either MS-CHAP or MS-CHAPv2. 2) the server refuses to accept MPPE: rcvd [CCP ConfNak id=0x1 <mppe -H -M +S +L -D +C>] Conclusion: pppd do exactly what you've told it to do, namely to refuse connection if the peer don't accept MPPE.
This was mainly a request for an enhancement not a bug - see test# 2 where the server authenticates only if there is no MPPE but will ask for encryption to be activated once the connection has been established and the user authenticated.
ah, ok. Did you tried to enable mppe-mppc patch? It has an entire different set of mppe options.
(In reply to comment #5) > ah, ok. > Did you tried to enable mppe-mppc patch? It has an entire different set of mppe > options. > AFAIK mppe-mppc patch applies only to kernels prior to 2.6.15 (http://gentoo-wiki.com/HOWTO_PPP_Dial_In_Server#Patch_the_kernel) and it needs some tricks to get it installed on nwere kernels. As stated at http://pptpclient.sourceforge.net/howto-diagnosis.phtml#mppc the error in that case would be different ("Unsupported protocol 0x2145 eceived"). More than that, we are looking at encryption (H/M/S/L flags - http://pptpclient.sourceforge.net/howto-diagnosis.phtml#mppe_bits).
(In reply to comment #2) > Please, use description for descriptions and keep summary short. Also please > avoid posting description into attachments, it makes search useless. > Hopefully this summary describes well enough the issue. Also, when I opened the case, I tried to use the description for the details but it complained about the post being too long - the suggestion was to use an attachment: <quote> Additional Comments: (this is where you put 'emerge --info') If your emerge --info is too long, please create an attachment containing it. </quote> Thanks.
Indeed, you need to use a patched kernel <=2.6.13 if you want to take full advantage of mppe-mppc patch, but, as https://forums.gentoo.org/viewtopic-t-194696-highlight-.html shows, mppe-mppc is compatible with vanilla kernels on MPPE part, which means you can use the set of MPPE options available there. It seems the server don't accept simple MPPE, asking you to enable MPPC: sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>] ... rcvd [CCP ConfNak id=0x1 <mppe -H -M +S +L -D +C>] The way I see it, you have 2 options: a) Disable MPPC on server b) Enable mppe-mppc USE flag and install an older kernel, patched with mppe-mppc.
(In reply to comment #8) > The way I see it, you have 2 options: > a) Disable MPPC on server > b) Enable mppe-mppc USE flag and install an older kernel, patched with > mppe-mppc. > This and looking at http://pptpclient.sourceforge.net/protocol-security.phtml make me believe that it is too much headache for an outdated technology. Also, it looks like I might be the only one dealing with this unusual configuration. In the same time who would want to downgrade the kernel just for PPTP to work? I have enoough information now to push for a better solution. Let's change the issue to low priority for now.
Closed as INVALID.
