pkg/42589: PPTP mppe-lkm-0.0.4nb2 does not work with mppe compressed links on NetBSD

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/42589: PPTP mppe-lkm-0.0.4nb2 does not work with mppe compressed links on NetBSD
From: dave%turbocat.de@localhost
Date: Thu, 7 Jan 2010 01:15:01 +0000 (UTC)

>Number:         42589
>Category:       pkg
>Synopsis:       PPTP mppe-lkm-0.0.4nb2 does not work with mppe compressed 
>links on NetBSD
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 07 01:15:00 +0000 2010
>Originator:     David Wetzel
>Release:        NetBSD 5.0_STABLE
>Organization:
>Environment:
NetBSD hilly 5.0_STABLE NetBSD 5.0_STABLE (SLIMALIX51) #4: Mon Jan  4 09:50:43 
CET 2010  dave@netbsd5:/usr/src/sys/arch/i386/compile/SLIMALIX51 i386

>Description:
I have those installed:
pptp-1.7.0nb2       PPTP client package for Microsoft VPN servers (no 
encryption yet)
mppe-lkm-0.0.4nb2   NetBSD kernel module for MPPE compression with PPP

(http://pptpclient.sourceforge.net says supports 128-bit stateless encryption 
using MPPE)

Is the MPPE kernel module broken?

dmesg said: MPPE: loaded into ppp at slot 3

I was able to connect to the remote machine using a snow leopard mac and a 
ubuntu 9.10 machine, but not with a NetBSD 5..


thanks!

David 


pppd call tunnel debug nodetach
Using interface ppp0
Connect: ppp0 <--> /dev/ttyp1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x9b057f45> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1200> <asyncmap 0x0> <auth chap MS-v2> <magic 
0x58a0a15c> <pcomp> <accomp>]
sent [LCP ConfAck id=0x1 <mru 1200> <asyncmap 0x0> <auth chap MS-v2> <magic 
0x58a0a15c> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x9b057f45> <pcomp> <accomp>]
rcvd [CHAP Challenge id=0xdf <30aSOMEHASHEREba6>, name = "pptpd"]
sent [CHAP Response id=0xdf <6267SOMEHASHEREf1708>, name = "XXX"]
rcvd [CHAP Success id=0xdf "S=CCDD55377A133CA312ED37E92EE26BD85716CC22"]
CHAP authentication succeeded
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x1]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
rcvd [IPCP TermAck id=0x1]
rcvd [CCP ConfAck id=0x1]
MPPE 40-bit stateless transmit compression enabled
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x2]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
rcvd [IPCP TermAck id=0x1]
rcvd [CCP ConfAck id=0x2]
MPPE 40-bit stateless transmit compression enabled
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x3]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
rcvd [IPCP TermAck id=0x1]
rcvd [CCP ConfAck id=0x3]
MPPE 40-bit stateless transmit compression enabled
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x4]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfAck id=0x4]
MPPE 40-bit stateless transmit compression enabled
rcvd [IPCP TermAck id=0x1]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x5]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfAck id=0x5]
MPPE 40-bit stateless transmit compression enabled
rcvd [IPCP TermAck id=0x1]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x6]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
rcvd [IPCP TermAck id=0x1]
rcvd [CCP ConfAck id=0x6]
MPPE 40-bit stateless transmit compression enabled
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x7]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfAck id=0x7]
MPPE 40-bit stateless transmit compression enabled
rcvd [IPCP TermAck id=0x1]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x8]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfAck id=0x8]
MPPE 40-bit stateless transmit compression enabled
rcvd [IPCP TermAck id=0x1]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0x9]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfAck id=0x9]
MPPE 40-bit stateless transmit compression enabled
rcvd [IPCP TermAck id=0x1]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfReq id=0xa]
sent [CCP ConfAck id=0x1 <mppe +H -M -S +L -D -C>]
sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfAck id=0xa]
MPPE 40-bit stateless transmit compression enabled
rcvd [IPCP TermAck id=0x1]
IPCP: timeout sending Config-Requests
sent [LCP TermReq id=0x2 "No network protocols running"]
rcvd [LCP TermAck id=0x2]
Connection terminated.
Waiting for 1 child processes...
 script /usr/pkg/sbin/pptp vpn.example.net --nolaunchpppd, pid 1647
Script /usr/pkg/sbin/pptp vpn.example.net --nolaunchpppd finished (pid 1647), 
status = 0x0

----------------------

dave@hilly#cat /etc/ppp/peers/tunnel
pty "/usr/pkg/sbin/pptp vpn.example.net --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name XXX
remotename tunnel
file /etc/ppp/options.pptp    (which is a link to /etc/ppp/options)
ipparam tunnel

----------------------
cat /etc/ppp/options
# Lock the port
lock
# We don't need the tunnel server to authenticate itself
noauth
debug
novj
#-ipv6
# We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
# (you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
refuse-chap
refuse-mschap

# Compression
# Turn off compression protocols we know won't be used
nobsdcomp
nodeflate

nomppe-40
#nomppe-128
noipdefault
#nomppe-stateful
usepeerdns
#require-mppe
#require-mppe-128


>How-To-Repeat:
try to connect to a server which is configured like this: (maybe a linux box)

# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
# {{{
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}

>Fix:
maybe use this as code base?

http://poptop.cvs.sourceforge.net/viewvc/poptop/kernelmod/2.6/

Prev by Date: Re: PR/42568 CVS commit: src/sbin
Next by Date: Re: PR/42568 CVS commit: src/sbin
Previous by Thread: PR/42568 CVS commit: src/sbin
Next by Thread: Re: pkg/42589: PPTP mppe-lkm-0.0.4nb2 does not work with mppe compressed links on NetBSD
Indexes:

Home | Main Index | Thread Index | Old Index