Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 51744

Summary: no PPTP connection using mppe-128 is possible
Product: Gentoo Linux Reporter: Benjamin <benjamin200>
Component: Current packagesAssignee: Steve Arnold <nerdboy>
Status: VERIFIED WONTFIX    
Severity: normal CC: hramrach, marchino
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.polbox.com/h/hs001/
Whiteboard:
Package list:
Runtime testing required: ---

Description Benjamin 2004-05-22 11:12:06 UTC
the patch including the /usr/portage/net-dialup/ppp/ppp-2.4.2-r2 ebuild is in version 0.82 - The actually patch version is 1.0. Users on the Gentoo Forum has requested this Bug Report - So I do it.

Problem with ppp 2.4.2 and patch 0.82 --> no PPTP connection to an PPTP Gateway with MPPE-128 compression is possible, only if ppp and kernel is patch withe the actually patches which can be find on http://www.polbox.com/h/hs001/ 

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Denny Schierz 2004-06-25 13:21:28 UTC
hi,

small HOWTO:


Install a working PPTP VPN under gentoo

1. Get sources

2. Patch kernel

3. Config and install kernel

4. Change ebuild from pppd 2.4.2 and install pptp it

5. Edit config files

6. Finish

===================
Introducing:
===================

First, sorry for my english ;-)

I wasted weeks to get a working PPTP VPN. I needed under Debian only a few minutes 
to install everything, but under gentoo ... :-/
In gentoo-user-de mailinglists, Karsten Schulz was an angel for and got me the right 
tipps, so i decided to write a short howto, in hope, everything is clear.

===================
1. Get sources:
===================

I using for my working servers only the grsec-sources (2.4.26 actual).
(this patch is also for 2.6.6 avaible)

# emerge grsec-sources

# ln -sf /usr/src/linux-2.4.26-grsec-2.0 /usr/src/linux

Get the needed kernel patch:

# cd /usr/src
# wget http://www.polbox.com/h/hs001/linux-2.4.26-mppe-mppc-1.0.patch.gz


Now the patch for pppd 2.4.2:

# cd /usr/portage/net-dialup/ppp/files/2.4.2

# wget http://www.polbox.com/h/hs001/ppp-2.4.2-mppe-mppc-1.0.patch.gz

Note:	there is also a patch, which is compatible with the old 2.4.1 pppd options, 
----	but i didn't try it.

===================
2. Patch the kernel:
===================

# cd /usr/src/linux

# zcat ../linux-2.4.26-mppe-mppc-1.0.patch.gz | patch -p1


===================
3. Install 
===================

Configure you're kernel as usual:

# make menuconfig 

[...]

you need the new module "ppp_mppe_mppc" under network devices (where also ppp is).
Don't forget ip-gre !!

==================
4. pppd ebuild
==================

We install a newer patch, than gentoo's portage has, so we have to change the 
ebuild "ppp.ppp-2.4.2-r2.ebuild":

From :

epatch ${FILESDIR}/${PV}/stdopt-mppe-mppc-0.82.patch.gz

to: 

epatch ${FILESDIR}/${PV}/ppp-2.4.2-mppe-mppc-1.0.patch.gz


Note:	It's possible, that you have to change the MD5 sum from the patch.
----

After that, you can install the new pppd 2.4.2:

emerge  /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild

Yeah, you have to install a (for gentoo) unstable package, but better that,
as headache ;-)


Now you can install pptpd also, if you don't have it already :-)

======================
5. Change config files
======================

pppd brings some new changes for the configs, so we need to change some lines.:

This is my file:

/etc/ppp/options.pptpd:

lock
#debug
name *
proxyarp
bsdcomp 0
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
ms-wins 192.168.1.1
ms-dns 192.168.1.1
mtu 1450
mru 1450
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
nodeflate

In most howtos, you have also the option:

require-mschap

but in my cases, pppd didn't like it, don't know why.


I changed also my /etc/modules.d/ppp:

alias char-major-108    ppp_generic
alias /dev/ppp          ppp_generic
alias tty-ldisc-3       ppp_async
alias tty-ldisc-13      n_hdlc
alias tty-ldisc-14      ppp_synctty
alias ppp-compress-21   bsd_comp
alias ppp-compress-24   ppp_deflate
alias ppp-compress-26   ppp_deflate
alias net-pf-24         pppoe
alias net-pf-47         ip_gre
alias ppp-compress-18 ppp_mppe_mppc

after that:

# update-modules

===========
6. Finish
===========

Reboot you're maschine with the new kernel und load this modules:

ppp_mppe_mppc
ip_gre

Make sure, that pptp is running:

# ps ax | grep pptpd

now open a second console and do:

# tail -f /var/log/debug

Know connect to the server from a windows maschine and look what happens.

In my cases, it was working, otherwise, put the debug options in /etc/pptpd.conf.

You can also find a good help at:

http://pptpclient.sourceforge.net/howto-diagnosis.phtml


hope this helps :-)

mfg/wfg Denny Schierz
Comment 2 Karsten Schulz 2004-06-25 23:45:42 UTC
Good job, Denny! Your howto works for me.
Comment 3 Michal Suchanek 2004-07-29 07:05:06 UTC
It was written on the pptp client homepage that the mppc algorithm is patented.
see 
http://pptpclient.sourceforge.net/howto-diagnosis.phtml#mppc
http://www.samba.org/ftp/unpacked/ppp/README
Comment 4 Steve Arnold gentoo-dev 2004-11-07 11:08:51 UTC
Sorry it tooks so long, but I was never sure how I got this bug in the first place...

After reading the patch author's comments, and ppp statement about the patent 
issues, I have a problem implementing this for several reasons:

1) the technology sucks

2) the patches are kernel-version specific and goes beyond ppp

3) the associated legal issues

If people really need this, and the options provided on the sourceforge URL 
above don't meet their needs, then I feel like that's your decision to make, 
so due to the above issues you are on your own.  
Comment 5 Michal Suchanek 2004-11-07 17:09:21 UTC
Not doing anything is not a solution.
Unless that has changed recently, the pppd contains a mppc patch.
This patch is 
a) outdated from the point of view of mppc eager people
b) disables plain mppe without mppc because it changes the pppd<->kernel interface and the latest mppe-only patches no longer work

Note also that the mppe-only patch changes only ppp and only requires module (re)loading if ppp was compiled into modules (and pppd unpatched).

I must admit that the pppd mppc patch probably does not contain the patented technology, only the kernel patch does.

However, the ppp people support the mppe-only solution which works in most cases and is not patent-encumbered. They could even eventually push the patch into the kernel so that it works out of the box.
Comment 6 Steve Arnold gentoo-dev 2004-11-07 19:49:44 UTC
Ok, you get a patch update to 1.0, but if you need more, then please try one of 
the newer ebuilds (they even have a USE flag and newer patch).