[ale] pptp and ppp continued

[Wandered Inn]

Bao Ha wrote:
> 
> mppe is actually an implementaion of Micrsoft encryption
> solution.  PPP uses it to support Microsoft's RAS serevrs.
> It should already in the PPP source tree, at least since
> 2.3.7 I think.

Right, but I've got ppp-2.4.0 and I can not find any reference to mppe
in the source tree.  I can in the ppp-2.3.5 source.  This is the part
that confuses me.  ppp-2.3.5 apparently will create additional kernel
modules.  The docs for ppp-2.4.0 say that it no longer contains the
kernel source because the latest kernels contain the uptodate ppp
implementation.  Problem with that is, I can not find any references to
mppe in my kernel source (2.2.18).

> 
> PPTP is a different package.  It uses PPP to tunnel its
> communication streams, and takes advantages of mppe if
> configured.

Right.  As I noted in an earlier post, the log file appears to indicate
that the server does not respond, since I see a 'send lcp' but there are
no 'rec lcp' messages.  I get a message that says the 'send lcp' message
was received 9 times and the process then exitted.  The pptp process is
still up though.  When I put a sniffer on the outgoing ppp0, I see
communication going between my box and the vpn server, so I don't know
what's going on with this.  It's like the vpn end of things is working,
but it's really not, because I can change my password/id in chap-secrets
and I get the same output.  One would expect some kind of auth. failure
logged somewhere.

I also see references to other folks receiving 'rec lcp' requests, I
don't even get that far.

> 
> May be the following example will be somewhat clearer.  You
> will need PPP with CHAT/MS-CHATv1,v2 and MPPE 40/128 bit
> encryption to talk to an NT RAS.  No VPN!  Just to be dialing
> into some purposely secure setup with RC4 (mppe) encryption, as
> recommended by Microsoft, configured by brain-dead MCSEs.
> 
> If you have access to a Win2K system, you can turn things
> off and on with the advanced setup to see what the NT RAS
> server wants.  Or you can load your option file with the
> following goodies:
> +chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless

I've seen references to the above options in various emails to the pptp
list, but I've never found any documentation that tells you to use
these, what they do.  My assumption is I could stick them on the command
line as well, but there are no references in the man page for any of
these items either.  The README.MSCHAP document provided with ppp
doesn't mention these settings either.  I'm going to stick them all in
there and see what happens, I'll post my results to the list. 

> 
> You still need PPTP add-on to establish a VPN tunnel.  And
> VPN could be un-encrypted, or 40/128 bit encryption if mppe
> is turned on.
> 
> RC4 algorithm is owned by RSA Data Security.  Your PPP package
> may not have MPPE due to the US export/import regulation.

I got libdes for this purpose, at least I think it provides this
functionality.  Damn, I don't want to be an expert on this stuff, I just
want to use it. :)

> 
> More confused!  Wait until I am babling about IPSec!

Give me some time, I'll be headed down the freeswan road next. :)

> 
> Bao
> 
> -----Original Message-----
> From: owner-ale at ale.org [mailto:owner-ale at ale.org]On Behalf Of Wandered
> Inn
> Sent: Wednesday, January 17, 2001 8:08 AM
> To: ALE
> Subject: [ale] pptp and ppp continued
> 
> I've been searching for information on pptp and ppp and found some
> confusing information.
> 
> There are a large number of references to ppp-2.3.? and mppe (Microsoft
> point to point support), yet I find no references to mppe and
> ppp-2.4.0.  Also, there's absolutely no mention of mppe in the source
> tree of ppp-2.4.0.
> 
> Has anyone else attempted to get pptp support into a version of ppp that
> is later then 2.3.? ?
> 
> --
> Until later: Geoffrey           esoteric at denali.atlnet.com
> 
> "Great spirits have always found violent opposition from mediocre minds.
> The
> latter cannot understand it when a man does not thoughtlessly submit to
> hereditary prejudices but honestly and courageously uses his
> intelligence."
> - Albert Einstein
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
> body.

--
Until later: Geoffrey		esoteric at denali.atlnet.com

"Great spirits have always found violent opposition from mediocre minds.
The
latter cannot understand it when a man does not thoughtlessly submit to
hereditary prejudices but honestly and courageously uses his
intelligence."
- Albert Einstein
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.