1748197 Members
2731 Online
108759 Solutions
New Discussion юеВ

Re: MPPE

 
James Roper
Advisor

MPPE

I have just set up a wireless network in my home, and have decided to use a VPN to control access to the internet (I've been told not to trust WEP). My gateway is running linux, I have patched a 2.4.20 kernel with mppe, compiled it as a module, and the module seems to be inserting fine. I'm using poptop, and have patched ppp 2.4.2 to support mppe. So everything should be ok? However, when my clients try to connect, they say that they failed to negotiate mppe (well my linux laptop says that, my windows 95 client just doesn't connect). When I tell the clients not to use encryption, it works fine. I'm pretty sure it's a server side problem, as my laptop works fine with the VPN at uni. Attached is my pptpd configuration file. Any ideas?
If my whole world were fake, then none of it would be fake, because reality is what is real to me
7 REPLIES 7
Steven E. Protter
Exalted Contributor

Re: MPPE

I'm wondering what kind of control VPN gives. Are you trying to limit who gets in or who gets out.

If the either have fixed IP addresses. iptables with SNAT running might avoid this isssue and provide better performance. I don't know how to make it log, but thats probably possible as well.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Stuart Browne
Honored Contributor

Re: MPPE

Ok. That looks like your ppp options file for pptpd.

What's your /etc/pptpd.conf say?

Also, do you have your user/pass pairs listed in your 'chap-secrets' file?

Another thing to look at is the way you are running 'pptpd'. We've had issues using it when launched from inetd, and find it more stable in the stand-alone mode.

Turn on the 'pptpd' debugging, and watch what it says in your 'messages' log file. It gives you some very good infomation about what is occuring during the VPN handshake.
One long-haired git at your service...
James Roper
Advisor

Re: MPPE

From /var/log/messages:

Sep 9 14:05:56 barbara pptpd[14104]: CTRL: Client 192.168.1.104 control connection started
Sep 9 14:05:57 barbara pptpd[14104]: CTRL: Starting call (launching pppd, opening GRE)
Sep 9 14:05:57 barbara pptpd[14104]: Buffering out-of-order packet; got 1 after 4294967295
Sep 9 14:05:57 barbara pptpd[14104]: Packet reorder timeout waiting for 0
Sep 9 14:05:57 barbara pptpd[14104]: Buffering out-of-order packet; got 2 after 0
Sep 9 14:05:57 barbara pptpd[14104]: CTRL: Client 192.168.1.104 control connection finished

Also pppd said in syslog:
Sep 9 14:05:57 barbara pppd[14105]: MSCHAP-v2 peer authentication succeeded for jazzy
Sep 9 14:05:57 barbara pppd[14105]: LCP terminated by peer (MPPE required but peer negotiation failed)

My pptpd.conf file minus comments says:
speed 115200
option /etc/ppp/pptpd-options
debug
localip 192.168.56.100-254
remoteip 192.168.55.100-254

I'm pretty sure chap-secrets is right, because pppd says MSCHAP-v2 authentication was alright. And it works fine when I tell the clients not to require authention.
If my whole world were fake, then none of it would be fake, because reality is what is real to me
James Roper
Advisor

Re: MPPE

Sorry that was meant to be it works fine when I tell the clients not to require MPPE, and to require MSCHAP-v2.
If my whole world were fake, then none of it would be fake, because reality is what is real to me
Stuart Browne
Honored Contributor

Re: MPPE

Some other things of which you should have:

in /etc/modules.conf:

alias char-major-108 ppp_generic
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate

These modules should live under /lib/modules// somewhere. These are the encryptino and compression modules that are used.

The 'ppp_mppe' is created by a patch to the kernel, the remaining should come with the kernel anyway.

Apart from that, everything looks pretty good.

I have to admit I've not tried this with a 2.4.20 kernel, only the stock RH8 (manually patch) 2.4.18 kernel.
One long-haired git at your service...
James Roper
Advisor

Re: MPPE

Nope, it still doesn't work. After removing the module, and connecting, syslog says that the ppp_mppe module is loaded fine. But I still get the same error. I'm thinking of trying the older version of ppp, maybe poptop doesn't work with ppp 2.4.2? We'll see what happens...
If my whole world were fake, then none of it would be fake, because reality is what is real to me
Stuart Browne
Honored Contributor

Re: MPPE

Can't say, not tried it. Am using RH8's 2.4.1 here.
One long-haired git at your service...