Subject: Re: MSCHAP support in pppd
To: John Klos <>
From: None <>
List: tech-net
Date: 02/22/2001 10:10:30
On Wed, Feb 21, 2001 at 04:12:42PM -0500, John Klos wrote:
> I am trying to get pptpd (poptop) running on a NetBSD 1.5 system. It works
> by using pppd to connect two machines over a sort of vpn.
> The built-in pppd appears to work, but it seems I cannot authenticate
> a Windows client.
> There are some docs amongst the poptop files that talk about patching pppd
> for Linux in order to support MSCHAP.
> Does NetBSD's pppd support MSCHAP? If not, are there patches or something?

Yes, via the ppp-mppe package.  I've recently been through this whole
process, here's how I got mine (mostly) working:

  + build and install the net/poptop package
  + build and install the net/ppp-mppe package
  + add the following line to /etc/lkm.conf:

        /usr/pkg/lkm/mppe.o  -  -  -  -  AFTERMOUNT

  + add the following line to /etc/rc.conf:


  + create /etc/pptp.conf:

        speed 115200

  + create /etc/ppp/chap-secrets:

        user   servername   password   *

  + create /etc/ppp/options:

        ## turn pppd syslog debugging on

        ## change 'servername' to whatever you specify as your server name in chap-secrets
        name servername


        ## MPPE support


  + add pptpd to /etc/rc.local:

        /usr/pkg/sbin/pptpd -d

  + reboot (or add the LKM and run pptpd by hand)

Now, a little background.  The machine that I'm running this on is fully pulled to -current.
And I had to make a small change to the kernel:

  *** /sys/net/ppp-comp.h Tue Feb 20 13:36:36 2001
  --- /sys/net/ppp-comp.h.orig    Thu Feb 22 10:05:43 2001
  *** 111,117 ****
     * Max # bytes for a CCP option
  ! #define CCP_MAX_OPTION_LENGTH 64
     * Parts of a CCP packet.
  --- 111,117 ----
     * Max # bytes for a CCP option
  ! #define CCP_MAX_OPTION_LENGTH 32
     * Parts of a CCP packet.

Otherwise the "compress" (really encryption) negotiation would not work
since NetBSD's if_ppp.c was truncating the CCP options to 32 bytes.

And finally, although I can use Win98/2K to VPN in via PPTP, I still can't
browse my internal network (  If anyone knows how to get
browsing working, I'd really appreciate the help.  I've got a hunch that
I'm having IP routing issues due to the fact that the local and remote
PPTP IP addresses are on the internal network.

Paul Dokas                                  
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."