From: Phil Mayers <p.mayers@imperial.ac.uk>
To: linux-ppp@vger.kernel.org
Subject: final repost - MPPE incorrect REJECT/NAK behaviour (was Re: Windows
Date: Sun, 19 Feb 2006 22:49:51 +0000 [thread overview]
Message-ID: <43F8F60F.70106@imperial.ac.uk> (raw)
[-- Attachment #1: Type: text/plain, Size: 1612 bytes --]
Phil Mayers wrote:
>>
>> I've discovered that the problem is the WM2005 PPTP client PPP layer
>> sets none of the 40, 56 or 128 bit MPPE flags, and pppd instantly
>> terminates the connection when this happens. A win2k VPN server NAKs
>> with the preferred keysize.
>>
>> sent [CHAP Challenge id=0x3e <CHAL>, name = "pptpd"]
>> rcvd [CHAP Response id=0x3e <RESP>, name = "user"]
>> sent [CHAP Success id=0x3e "S=BYTES"]
>> sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
>> rcvd [CCP ConfReq id=0x0 <mppe -H -M -S -L -D +C>]
>> sent [LCP TermReq id=0x2 "MPPE required but peer negotiation failed"]
>> sent [CCP ConfRej id=0x0 <mppe -H -M -S -L -D +C>]
>
> I have also seen this yesterday with a windows ME client. In this
> instance the patch fixed the connection completely, so I'm inclined to
> think it's correct.
>
> Does anyone have any comments on the pppd patch?
>
I am assuming no-one has an opinion on this? If not I'll bung it into
our local SVN vendor repo and leave it at that, though obviously I'd far
rather not maintain it locally.
To summarise - some PPP clients (windows mobile 2005, windows ME) send
the 40, 56 and 128 bits as zero. Win2k servers NAK with the preferred
bit set, linux pppd REJECTS with "MPPE required".
This message and the reply refer to the problem some time ago:
http://marc.theaimsgroup.com/?l=linux-ppp&m=107533972806878&w=2
http://marc.theaimsgroup.com/?l=linux-ppp&m=107534084207793&w=2
...and the OP indicates the "forked" ppp 2.4.1 did the right thing.
Attached is a patch to fix the behaviour, which I have confirmed as
working here.
Cheers,
Phil
[-- Attachment #2: mppe_nak_fix.patch --]
[-- Type: text/x-patch, Size: 562 bytes --]
--- ppp-2.4.3/pppd/ccp.c 2006-02-08 14:28:03.000000000 +0000
+++ ppp-2.4.3/pppd/ccp.c 2006-02-08 14:30:45.000000000 +0000
@@ -1157,9 +1157,16 @@
break;
}
} else {
- /* Neither are set. */
- newret = CONFREJ;
- break;
+ /* Neither are set. NAK with the best we support */
+ if (ao->mppe & MPPE_OPT_128)
+ ho->mppe |= MPPE_OPT_128;
+ else if (ao->mppe & MPPE_OPT_40)
+ ho->mppe |= MPPE_OPT_40;
+ else {
+ newret = CONFREJ;
+ break;
+ }
+ newret = CONFNAK;
}
/* rebuild the opts */
next reply other threads:[~2006-02-19 22:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-19 22:49 Phil Mayers [this message]
2006-02-19 23:02 ` final repost - MPPE incorrect REJECT/NAK behaviour (was Re: Windows mobile 2005 clients) James Cameron
2006-02-19 23:40 ` final repost - MPPE incorrect REJECT/NAK behaviour (was Re: Windows Phil Mayers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43F8F60F.70106@imperial.ac.uk \
--to=p.mayers@imperial.ac.uk \
--cc=linux-ppp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).