the patch including the /usr/portage/net-dialup/ppp/ppp-2.4.2-r2 ebuild is in version 0.82 - The actually patch version is 1.0. Users on the Gentoo Forum has requested this Bug Report - So I do it. Problem with ppp 2.4.2 and patch 0.82 --> no PPTP connection to an PPTP Gateway with MPPE-128 compression is possible, only if ppp and kernel is patch withe the actually patches which can be find on http://www.polbox.com/h/hs001/ Reproducible: Always Steps to Reproduce: 1. 2. 3.
hi, small HOWTO: Install a working PPTP VPN under gentoo 1. Get sources 2. Patch kernel 3. Config and install kernel 4. Change ebuild from pppd 2.4.2 and install pptp it 5. Edit config files 6. Finish =================== Introducing: =================== First, sorry for my english ;-) I wasted weeks to get a working PPTP VPN. I needed under Debian only a few minutes to install everything, but under gentoo ... :-/ In gentoo-user-de mailinglists, Karsten Schulz was an angel for and got me the right tipps, so i decided to write a short howto, in hope, everything is clear. =================== 1. Get sources: =================== I using for my working servers only the grsec-sources (2.4.26 actual). (this patch is also for 2.6.6 avaible) # emerge grsec-sources # ln -sf /usr/src/linux-2.4.26-grsec-2.0 /usr/src/linux Get the needed kernel patch: # cd /usr/src # wget http://www.polbox.com/h/hs001/linux-2.4.26-mppe-mppc-1.0.patch.gz Now the patch for pppd 2.4.2: # cd /usr/portage/net-dialup/ppp/files/2.4.2 # wget http://www.polbox.com/h/hs001/ppp-2.4.2-mppe-mppc-1.0.patch.gz Note: there is also a patch, which is compatible with the old 2.4.1 pppd options, ---- but i didn't try it. =================== 2. Patch the kernel: =================== # cd /usr/src/linux # zcat ../linux-2.4.26-mppe-mppc-1.0.patch.gz | patch -p1 =================== 3. Install =================== Configure you're kernel as usual: # make menuconfig [...] you need the new module "ppp_mppe_mppc" under network devices (where also ppp is). Don't forget ip-gre !! ================== 4. pppd ebuild ================== We install a newer patch, than gentoo's portage has, so we have to change the ebuild "ppp.ppp-2.4.2-r2.ebuild": From : epatch ${FILESDIR}/${PV}/stdopt-mppe-mppc-0.82.patch.gz to: epatch ${FILESDIR}/${PV}/ppp-2.4.2-mppe-mppc-1.0.patch.gz Note: It's possible, that you have to change the MD5 sum from the patch. ---- After that, you can install the new pppd 2.4.2: emerge /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild Yeah, you have to install a (for gentoo) unstable package, but better that, as headache ;-) Now you can install pptpd also, if you don't have it already :-) ====================== 5. Change config files ====================== pppd brings some new changes for the configs, so we need to change some lines.: This is my file: /etc/ppp/options.pptpd: lock #debug name * proxyarp bsdcomp 0 refuse-pap refuse-chap refuse-mschap require-mschap-v2 ms-wins 192.168.1.1 ms-dns 192.168.1.1 mtu 1450 mru 1450 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 nodeflate In most howtos, you have also the option: require-mschap but in my cases, pppd didn't like it, don't know why. I changed also my /etc/modules.d/ppp: alias char-major-108 ppp_generic alias /dev/ppp ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-13 n_hdlc alias tty-ldisc-14 ppp_synctty alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias net-pf-24 pppoe alias net-pf-47 ip_gre alias ppp-compress-18 ppp_mppe_mppc after that: # update-modules =========== 6. Finish =========== Reboot you're maschine with the new kernel und load this modules: ppp_mppe_mppc ip_gre Make sure, that pptp is running: # ps ax | grep pptpd now open a second console and do: # tail -f /var/log/debug Know connect to the server from a windows maschine and look what happens. In my cases, it was working, otherwise, put the debug options in /etc/pptpd.conf. You can also find a good help at: http://pptpclient.sourceforge.net/howto-diagnosis.phtml hope this helps :-) mfg/wfg Denny Schierz
Good job, Denny! Your howto works for me.
It was written on the pptp client homepage that the mppc algorithm is patented. see http://pptpclient.sourceforge.net/howto-diagnosis.phtml#mppc http://www.samba.org/ftp/unpacked/ppp/README
Sorry it tooks so long, but I was never sure how I got this bug in the first place... After reading the patch author's comments, and ppp statement about the patent issues, I have a problem implementing this for several reasons: 1) the technology sucks 2) the patches are kernel-version specific and goes beyond ppp 3) the associated legal issues If people really need this, and the options provided on the sourceforge URL above don't meet their needs, then I feel like that's your decision to make, so due to the above issues you are on your own.
Not doing anything is not a solution. Unless that has changed recently, the pppd contains a mppc patch. This patch is a) outdated from the point of view of mppc eager people b) disables plain mppe without mppc because it changes the pppd<->kernel interface and the latest mppe-only patches no longer work Note also that the mppe-only patch changes only ppp and only requires module (re)loading if ppp was compiled into modules (and pppd unpatched). I must admit that the pppd mppc patch probably does not contain the patented technology, only the kernel patch does. However, the ppp people support the mppe-only solution which works in most cases and is not patent-encumbered. They could even eventually push the patch into the kernel so that it works out of the box.
Ok, you get a patch update to 1.0, but if you need more, then please try one of the newer ebuilds (they even have a USE flag and newer patch).
