Summary: | net-dialup/ppp - enhacement: enable MPPE on the client after CHAP authentication succeeds | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Viorel Tabara <gentoo> |
Component: | Current packages | Assignee: | Gentoo Dialup Developers <net-dialup> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | Lowest | ||
Version: | 2006.0 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | detailed problem description |
Description
Viorel Tabara
2006-08-23 00:01:11 UTC
Created attachment 94913 [details]
detailed problem description
Please, use description for descriptions and keep summary short. Also please avoid posting description into attachments, it makes search useless. 1) This quote from man page explains what require-mppe option means: Require the use of MPPE (Microsoft Point to Point Encryption). This option disables all other compression types. This option enables both 40-bit and 128-bit encryption. In order for MPPE to successfully come up, you must have authenticated with either MS-CHAP or MS-CHAPv2. 2) the server refuses to accept MPPE: rcvd [CCP ConfNak id=0x1 <mppe -H -M +S +L -D +C>] Conclusion: pppd do exactly what you've told it to do, namely to refuse connection if the peer don't accept MPPE. This was mainly a request for an enhancement not a bug - see test# 2 where the server authenticates only if there is no MPPE but will ask for encryption to be activated once the connection has been established and the user authenticated. ah, ok. Did you tried to enable mppe-mppc patch? It has an entire different set of mppe options. (In reply to comment #5) > ah, ok. > Did you tried to enable mppe-mppc patch? It has an entire different set of mppe > options. > AFAIK mppe-mppc patch applies only to kernels prior to 2.6.15 (http://gentoo-wiki.com/HOWTO_PPP_Dial_In_Server#Patch_the_kernel) and it needs some tricks to get it installed on nwere kernels. As stated at http://pptpclient.sourceforge.net/howto-diagnosis.phtml#mppc the error in that case would be different ("Unsupported protocol 0x2145 eceived"). More than that, we are looking at encryption (H/M/S/L flags - http://pptpclient.sourceforge.net/howto-diagnosis.phtml#mppe_bits). (In reply to comment #2) > Please, use description for descriptions and keep summary short. Also please > avoid posting description into attachments, it makes search useless. > Hopefully this summary describes well enough the issue. Also, when I opened the case, I tried to use the description for the details but it complained about the post being too long - the suggestion was to use an attachment: <quote> Additional Comments: (this is where you put 'emerge --info') If your emerge --info is too long, please create an attachment containing it. </quote> Thanks. Indeed, you need to use a patched kernel <=2.6.13 if you want to take full advantage of mppe-mppc patch, but, as https://forums.gentoo.org/viewtopic-t-194696-highlight-.html shows, mppe-mppc is compatible with vanilla kernels on MPPE part, which means you can use the set of MPPE options available there. It seems the server don't accept simple MPPE, asking you to enable MPPC: sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>] ... rcvd [CCP ConfNak id=0x1 <mppe -H -M +S +L -D +C>] The way I see it, you have 2 options: a) Disable MPPC on server b) Enable mppe-mppc USE flag and install an older kernel, patched with mppe-mppc. (In reply to comment #8) > The way I see it, you have 2 options: > a) Disable MPPC on server > b) Enable mppe-mppc USE flag and install an older kernel, patched with > mppe-mppc. > This and looking at http://pptpclient.sourceforge.net/protocol-security.phtml make me believe that it is too much headache for an outdated technology. Also, it looks like I might be the only one dealing with this unusual configuration. In the same time who would want to downgrade the kernel just for PPTP to work? I have enoough information now to push for a better solution. Let's change the issue to low priority for now. Closed as INVALID. |