# (solved) pptpclient and ppp-2.4.3-mppe-mppc-1.1.patch.gz

## zaiyon

Hi, I'm having problems with pptpclient connecting to a microsoft vpn server.

The ebuild of ppp-2.4.3 said it's using ppp-2.4.3-mppe-mppc-1.1.patch.gz if I enabled the use flag mppe-mppc, so I did it and einfo said it patched successfully.

I also patched my kernel for mppe and compiled it as a module.

first of all my config files:

```

# cat /etc/ppp/peers/vpn

pty        "pptp $VPN_SERVER --nolaunchpppd"

name       $VPN_USER

remotename PPTP

#require-mppe-128

mppe required

file /etc/ppp/options.pptp

ipparam vpn

```

The commented line require-mppe-128 does not work, I followed the gentoo howto from pptpclient.sourceforge.net and searched the web, this should really work. And that is the reason why I believe that my problem is related to my ppp mppe patch.

replacing: mppe required with the line commented out delivers me the following output:

```

# pon vpn debug dump logfd 2 nodetach

/usr/sbin/pppd: In file /etc/ppp/peers/vpn: unrecognized option 'require-mppe-128'

```

So I wasn't able to follow the howto in detail.

```

# cat /etc/ppp/options.pptp

lock

noauth

nobsdcomp

nodeflate

```

[edit]

I'll post the relevant part of my chap-secrets too, but I don't think it's wrong.

```

# Secrets for authentication using CHAP

# client                server                  secret                IP addresses

$VPN_USER          PPTP                     $VPN_PASSWD    *

PPTP                    $VPN_USER               $VPN_PASSWD    *

```

[/edit]

This happens when I try to connect via vpn:

```

# pon vpn debug dump logfd 2 nodetach

pppd options in effect:

debug           # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

dump            # (from command line)

noauth          # (from /etc/ppp/options.pptp)

name $VPN_USER           # (from /etc/ppp/peers/vpn)

remotename PPTP         # (from /etc/ppp/peers/vpn)

                # (from /etc/ppp/options.pptp)

pty pptp $VPN_SERVER --nolaunchpppd           # (from /etc/ppp/peers/vpn)

ipparam vpn             # (from /etc/ppp/peers/vpn)

nobsdcomp               # (from /etc/ppp/options.pptp)

nodeflate               # (from /etc/ppp/options.pptp)

mppe xxx # [don't know how to print value]              # (from /etc/ppp/peerspn)

using channel 29

Using interface ppp0

Connect: ppp0 <--> /dev/pts/3

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xd28223e8> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4cc29f> <pcomp> <accomp> <mrru 1400> <endpoint [MAC:00:06:5b:f8:26:ef]>]

sent [LCP ConfRej id=0x1 <mrru 1400>]

rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xd28223e8> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x2 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4cc29f> <pcomp> <accomp> <endpoint [MAC:00:06:5b:f8:26:ef]>]

sent [LCP ConfAck id=0x2 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4cc29f> <pcomp> <accomp> <endpoint [MAC:00:06:5b:f8:26:ef]>]

rcvd [LCP EchoReq id=0x0 magic=0xef4cc29f]

sent [LCP EchoRep id=0x0 magic=0xd28223e8]

rcvd [CHAP Challenge id=0x70 <4bb6d7b78b62f4b55fb8c695dd94d76d>, name = "pptp"

sent [CHAP Response id=0x70 <1f60eb645fc9dbcb1ecf3de1c770d3670000000000000000df2f35024bcf1a81dbb3648e3f9f32f0164f9712c9c04300>, name = "$VPN_USER"]

rcvd [CHAP Success id=0x70 "S=E9A0157EF3B98EB6501BA6B4D3A9C6CDF508FAF8"]

sent [CCP ConfReq id=0x1 <mppe -H +M +S +L -D +C>]

rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]

sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]

rcvd [LCP TermReq id=0x3 "MPPE required but peer negotiation failed"]

LCP terminated by peer (MPPE required but peer negotiation failed)

sent [LCP TermAck id=0x3]

rcvd [CCP ConfRej id=0x1 <mppe -H +M +S +L -D +C>]

Discarded non-LCP packet when LCP not open

Script pptp $VPN_SERVER --nolaunchpppd finished (pid 3852), status = 0x0

Connection terminated.

tcflush failed: Input/output error

using channel 30

Using interface ppp0

Connect: ppp0 <--> /dev/pts/5

Waiting for 1 child processes...

  script pptp $VPN_SERVER --nolaunchpppd, pid 3889

sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xe6ccbc2c> <pcomp> <accomp>]

sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xe6ccbc2c> <pcomp> <accomp>]

sending SIGTERM to process 3889

Script pptp $VPN_SERVER --nolaunchpppd finished (pid 3889), status = 0x0

tcflush failed: Bad file descriptor

```

```

sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]

rcvd [LCP TermReq id=0x3 "MPPE required but peer negotiation failed"]

```

Sorry, but I just don't understand this message, I've been searching the web a lot, without beeing able to figure it out.

But I found a lot of people having similair problems, in their case, it was an issue with the patch.

Thx for help in advance

----------

## zaiyon

Well, I somehow solved it myself. It are the new ppp mppe options, wich work like this:

mppe required,stateless,no128 (e.g)

well, I just had to activate "stateless" too, so if anyone has problems like this...

----------

## ekoontz

Thanks, your long description and log output was very helpful! I successfully patched my 2.6.10 kernel (got the patch from http://www.gfxcafe.com/VPN%20Howto.html) , 

Patched the kernel with :

```

cd /usr/src

ln -s linux-2.6.10-gentoo-r6 linux-2.6.10

patch -p0 < linux-2.6.10-mppe-mppc-1.2.patch

```

Then did "make menuconfig" and enabled the "Microsoft PPP compression/encryption (MPPC/MPPE)" and then saved the config and "make modules && make modules install" and then "modprobe ppp_mppe_mppc".

emerged pppd with :

```
USE="mppe-mppc" emerge ppp
```

(note that portage calls it ppp, not pppd)

set up my /etc/ppp/peers/vpn as :

```

pty        "pptp vpn.mycompany.com --nolaunchpppd"

name       ekoontz

mppe stateless

file /etc/ppp/options.pptp

ipparam vpn

refuse-eap

usepeerdns

```

set up my /etc/ppp/chap-secrets as :

```

# Secrets for authentication using CHAP

# client        server  secret                  IP addresses

ekoontz PAVPN   mypassword

```

And then I invoked "pon" as you showed :

```

root@localhost # pon vpn debug dump logfd 2 nodetach

pppd options in effect:

debug           # (from command line)

nodetach                # (from command line)

logfd 2         # (from command line)

dump            # (from command line)

noauth          # (from /etc/ppp/options.pptp)

refuse-eap              # (from /etc/ppp/peers/vpn)

name ekoontz            # (from /etc/ppp/peers/vpn)

                # (from /etc/ppp/options.pptp)

pty pptp vpn.mycompany.com --nolaunchpppd            # (from /etc/ppp/peers/vpn)

mru 1000                # (from /etc/ppp/options.pptp)

mtu 1000                # (from /etc/ppp/options.pptp)

lcp-echo-failure 10             # (from /etc/ppp/options.pptp)

lcp-echo-interval 10            # (from /etc/ppp/options.pptp)

ipparam vpn             # (from /etc/ppp/peers/vpn)

usepeerdns              # (from /etc/ppp/peers/vpn)

mppe xxx # [don't know how to print value]              # (from /etc/ppp/peers/vpn)

using channel 4

Using interface ppp0

Connect: ppp0 <--> /dev/pts/4

sent [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x46a40bb3> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x60982538> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:9f.13.b9.5c.21.cf.42.25.ac.49.c5.0d.b0.3b.97.be.00.00.00.00]> < 17 04 10 89>]

sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 10 89>]

rcvd [LCP ConfAck id=0x1 <mru 1000> <asyncmap 0x0> <magic 0x46a40bb3> <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x60982538> <pcomp> <accomp> <endpoint [local:9f.13.b9.5c.21.cf.42.25.ac.49.c5.0d.b0.3b.97.be.00.00.00.00]>]

sent [LCP ConfNak id=0x1 <auth chap 07>]

rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x60982538> <pcomp> <accomp> <endpoint [local:9f.13.b9.5c.21.cf.42.25.ac.49.c5.0d.b0.3b.97.be.00.00.00.00]>]

sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x60982538> <pcomp> <accomp> <endpoint [local:9f.13.b9.5c.21.cf.42.25.ac.49.c5.0d.b0.3b.97.be.00.00.00.00]>]

sent [LCP EchoReq id=0x0 magic=0x46a40bb3]

rcvd [CHAP Challenge id=0x0 <7552c9edafdbcac8951fe708f2c35b3b>, name = "PAVPN"]

sent [CHAP Response id=0x0 <c0fde9e2c192fe687361ccc59918d84f00000000000000007a4d7eeebef26c7edf843b4e98f8264729c7cc4d0bb988cb00>, name = "ekoontz"]

rcvd [LCP EchoRep id=0x0 magic=0x60982538]

rcvd [CHAP Success id=0x0 "S=35D2AF2593102C328A2CF0609DBBD0F9FEF1AE9C"]

sent [CCP ConfReq id=0x1 <mppe +H +M +S +L -D +C> <deflate 15> <deflate(old#) 15> <bsd v1 15>]

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

rcvd [CCP ConfReq id=0x4 <mppe +H +M +S +L -D +C>]

sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D +C>]

rcvd [IPCP ConfReq id=0x5 <addr 10.1.3.50>]

sent [IPCP ConfAck id=0x5 <addr 10.1.3.50>]

rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]

sent [CCP ConfReq id=0x2 <mppe +H +M +S +L -D +C>]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D +C>]

sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D +C>]

rcvd [CCP ConfNak id=0x2 <mppe +H -M +S -L -D +C>]

sent [CCP ConfReq id=0x3 <mppe +H -M +S -L -D +C>]

rcvd [IPCP ConfNak id=0x2 <addr 10.1.3.64> <ms-dns1 10.1.5.2> <ms-dns3 10.1.5.1>]

sent [IPCP ConfReq id=0x3 <addr 10.1.3.64> <ms-dns1 10.1.5.2> <ms-dns3 10.1.5.1>]

rcvd [CCP ConfAck id=0x3 <mppe +H -M +S -L -D +C>]

MPPC/MPPE 128-bit stateless compression enabled

rcvd [IPCP ConfAck id=0x3 <addr 10.1.3.64> <ms-dns1 10.1.5.2> <ms-dns3 10.1.5.1>]

local  IP address 10.1.3.64

remote IP address 10.1.3.50

primary   DNS address 10.1.5.2

secondary DNS address 10.1.5.1

Script /etc/ppp/ip-up started (pid 9068)

Script /etc/ppp/ip-up finished (pid 9068), status = 0x1

```

Voila..success at last!!   :Very Happy: 

(Getting the options right in /etc/ppp/peers/vpn was just pure trial and error and luck..) 

Next task : figure out how to set up routing..

----------

## ekoontz

figured out routing; with reference to http://pptpclient.sourceforge.net/routing.phtml, "Client to LAN" section :

```

route add -net 10.1.0.0 netmask 255.255.0.0 dev ppp0

```

End result :

```

hiros-item ekoontz # route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.1.3.50       *               255.255.255.255 UH    0      0        0 ppp0

192.168.0.0     *               255.255.255.0   U     0      0        0 ath0

10.1.0.0        *               255.255.0.0     U     0      0        0 ppp0

loopback        localhost       255.0.0.0       UG    0      0        0 lo

default         192.168.0.1     0.0.0.0         UG    0      0        0 ath0

hiros-item ekoontz # ifconfig

ath0      Link encap:Ethernet  HWaddr 00:80:C8:17:A2:2C

          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:12414 errors:3981 dropped:0 overruns:0 frame:3981

          TX packets:11057 errors:1 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:199

          RX bytes:11572520 (11.0 Mb)  TX bytes:1186443 (1.1 Mb)

          Interrupt:5 Memory:d0b40000-d0b50000

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:98 errors:0 dropped:0 overruns:0 frame:0

          TX packets:98 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:6836 (6.6 Kb)  TX bytes:6836 (6.6 Kb)

ppp0      Link encap:Point-to-Point Protocol

          inet addr:10.1.3.62  P-t-P:10.1.3.50  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric:1

          RX packets:1115 errors:0 dropped:0 overruns:0 frame:0

          TX packets:950 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3

          RX bytes:351120 (342.8 Kb)  TX bytes:52668 (51.4 Kb)

```

----------

