ppp_mppe+pptp for 2.6.14?

ppp_mppe+pptp for 2.6.14?

[Daniel Drake]

Hi,

If there are no known issues it would be nice to push this for inclusion in 
2.6.14. The relevant patches from -mm are named 
ppp_mppe-add-ppp-mppe-encryption-module.patch and 
ppp_mppe-add-ppp-mppe-encryption-module-update.patch

Judging by the feedback I get from Gentoo users, there is high demand for this :)

Thanks,
Daniel

re: ppp_mppe+pptp for 2.6.14?

[Anshuman Gholap]

---------- Forwarded message ----------
From: Anshuman Gholap <anshu.pg@gmail.com>
Date: Aug 29, 2005 10:57 PM
Subject: Re: ppp_mppe+pptp for 2.6.14?
To: Daniel Drake <dsd@gentoo.org>

I might die by excitement if this is implemented :D. 

for years and years i am waiting for some inbuilt solution to this . 

here is my saga on a forum 
http://www.neowin.net/forum/index.php?showtopic=318733&view=findpost&p=585899290

regards,
anshuman gholap
hosting server admin 
india.


On 8/29/05, Daniel Drake  <dsd@gentoo.org> wrote:
> Hi,
> 
> If there are no known issues it would be nice to push this for inclusion in 
> 2.6.14. The relevant patches from -mm are named
> ppp_mppe-add-ppp-mppe-encryption-module.patch and
> ppp_mppe-add-ppp-mppe-encryption-module-update.patch
> 
> Judging by the feedback I get from Gentoo users, there is high demand for this :) 
> 
> Thanks,
> Daniel
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
>  More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>

Re: ppp_mppe+pptp for 2.6.14?

[Matt Domsch]

On Mon, Aug 29, 2005 at 06:12:20PM +0100, Daniel Drake wrote:
> Hi,
> 
> If there are no known issues it would be nice to push this for inclusion in 
> 2.6.14. The relevant patches from -mm are named 
> ppp_mppe-add-ppp-mppe-encryption-module.patch and 
> ppp_mppe-add-ppp-mppe-encryption-module-update.patch
> 
> Judging by the feedback I get from Gentoo users, there is high demand for 
> this :)


This patch has been working fine for me for several weeks now.

I've asked James Cameron, pptp project lead, to try a test to force
the server side to issue a CCP DOWN, to make sure the client-side
kernel ppp_generic module does the right thing and drops packets.  I
don't have a testbed that allows such, but he does.

Thanks,
Matt

-- 
Matt Domsch
Software Architect
Dell Linux Solutions linux.dell.com & www.dell.com/linux
Linux on Dell mailing lists @ http://lists.us.dell.com

Re: ppp_mppe+pptp for 2.6.14?

[James Cameron]

[-- Attachment #1: Type: text/plain, Size: 956 bytes --]

On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote:
> I've asked James Cameron, pptp project lead, to try a test to force
> the server side to issue a CCP DOWN, to make sure the client-side
> kernel ppp_generic module does the right thing and drops packets.

I'm still working on this; tried Matt's patch against 2.6.13 last night,
but it seems 2.6.13 has broken raw sockets for pptp and pptpd ...
ENOPROTOOPT returned from the read() on the raw socket carrying the GRE
stream from pptp to the net.  Wasn't happening with 2.6.12.5.

My plan is to try Matt's patch against 2.6.12.5, and try 2.6.13 bare, to
isolate the cause of the ENOPROTOOPT changed behaviour.

The previous version of Matt's patch (before the SC_MUST_COMP feature)
is working fine for me with 2.6.12.5.

(If anyone has any ideas on raw socket breakage, let me know.  2.6.13
changed net/ipv4/raw.c but the changes look to me to be minor.)

-- 
James Cameron

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: ppp_mppe+pptp for 2.6.14?

[James Cameron]

[-- Attachment #1: Type: text/plain, Size: 1881 bytes --]

My problems with ENOPROTOOPT were due to lack of coffee.  They were
caused by ICMP protocol unreachable responses from the test server
because I'd taken away it's pppd.  My mistake.

On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote:
> I've asked James Cameron, pptp project lead, to try a test to force
> the server side to issue a CCP DOWN, to make sure the client-side
> kernel ppp_generic module does the right thing and drops packets.

I've tested this now with a host running kernel 2.6.13 with Matt's
SC_MUST_COMP patch to the kernel and to ppp 2.4.4b1, sending SIGUSR2 to
the pppd while flooding the connection with pings from the server.

The result is an LCP TermReq from the server to the client, after which
no further data packets appear.  All the data packets up to the LCP
TermReq are encrypted.  The client sends an LCP TermAck, then takes down
the interface.  There's sign of CCP down, in that a CCP ConfReq appears
from the server just after the LCP TermReq.

I'm not sure this is an adequate test, and will take advice on that.

Test configuration;

- server, 2.6.13 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptpd 1.3.1
- client, 2.6.12.5 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptp 1.5.0

Client side pppd log fragment;

local  IP address 10.8.0.2
remote IP address 10.8.0.1
Script /etc/ppp/ip-up started (pid 5036)
Script /etc/ppp/ip-up finished (pid 5036), status = 0x0
rcvd [LCP TermReq id=0x2 "MPPE disabled"]
LCP terminated by peer (MPPE disabled)
Connect time 0.4 minutes.
Sent 262920 bytes, received 262920 bytes.
Script /etc/ppp/ip-down started (pid 5048)
sent [LCP TermAck id=0x2]
rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
Discarded non-LCP packet when LCP not open
Script /etc/ppp/ip-down finished (pid 5048), status = 0x0
Connection terminated.
Modem hangup

-- 
James Cameron

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

RE: ppp_mppe+pptp for 2.6.14?

[Matt_Domsch]

james.cameron@hp.com wrote:
> On Mon, Aug 29, 2005 at 05:10:34PM -0500, Matt Domsch wrote:
>> I've asked James Cameron, pptp project lead, to try a test to force
>> the server side to issue a CCP DOWN, to make sure the client-side
>> kernel ppp_generic module does the right thing and drops packets.
> 
> I've tested this now with a host running kernel 2.6.13 with Matt's
> SC_MUST_COMP patch to the kernel and to ppp 2.4.4b1, sending SIGUSR2
> to the pppd while flooding the connection with pings from the server.
> 
> The result is an LCP TermReq from the server to the client, after
> which no further data packets appear.  All the data packets up to the
> LCP TermReq are encrypted.  The client sends an LCP TermAck, then
> takes down the interface.  There's sign of CCP down, in that a CCP
> ConfReq appears from the server just after the LCP TermReq.    
> 
> I'm not sure this is an adequate test, and will take advice on that.
> 
> Test configuration;
> 
> - server, 2.6.13 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptpd
> 1.3.1 
> - client, 2.6.12.5 + SC_MUST_COMP, ppp 2.4.4b1 + SC_MUST_COMP, pptp
> 1.5.0 
> 
> Client side pppd log fragment;
> 
> local  IP address 10.8.0.2
> remote IP address 10.8.0.1
> Script /etc/ppp/ip-up started (pid 5036) Script /etc/ppp/ip-up
> finished (pid 5036), status = 0x0 rcvd [LCP TermReq id=0x2 "MPPE
> disabled"] LCP terminated by peer (MPPE disabled) Connect time 0.4
> minutes.   
> Sent 262920 bytes, received 262920 bytes.
> Script /etc/ppp/ip-down started (pid 5048) sent [LCP TermAck id=0x2]
> rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>] Discarded non-LCP
> packet when LCP not open Script /etc/ppp/ip-down finished (pid 5048),
> status = 0x0 Connection terminated.   
> Modem hangup


This looks good.  One more thing I would ask, please repeat with a
server that doesn't have the SC_MUST_COMP pppd patch.  On SIGUSR2
the unmodified server should still send CCP DOWN to the client, which
should start dropping packets.

Thanks,
Matt

-- 
Matt Domsch
Software Architect
Dell Linux Solutions linux.dell.com & www.dell.com/linux
Linux on Dell mailing lists @ http://lists.us.dell.com