# gentoo to connect to a microsoft VPN (MS CHAP)

## tgnb

What do i have to install / configure / use to connect my gentoo box to a Microsoft VPN using the ms chap protocol. Do i have to compile ppp and other things into the kernel?

----------

## mksoft

CHAP is not a vpn it's an authentication protocol (like PAP).

Assuming that you mean pptp, you'll need ppp support in the kernel and pptpclient package (this is how we connect here with ADSL).

pptp is described as:

```
$ emerge -s pptpclient

[ Results for search key : pptpclient ]

[ Applications found : 1 ]

*  net-dialup/pptpclient

      Latest version Available: 1.1.0

      Latest version Installed: [ Not Installed ]

      Homepage: http://pptpclient.sourceforge.net

      Description: Linux client for the proprietary Microsoft Point-to-Point

      Tunneling Protocol, PPTP. Allows connection to a PPTP based VPN as used

      by employers and some cable and ADSL service providers.

```

----------

## tgnb

ok, i recompiled the kernel with ppp support and emerged the pptpclient

i went to their site and read the documentation:

http://pptpclient.sourceforge.net/howto-redhat.html#setup

after going through these steps (they slightly differ due to a newer version i think) i  get an error when trying to start the connection:

/usr/sbin/pppd: In file /etc/ppp/options.pptp: unrecognized option 'mppe-40'

the file /etc/ppp/options.pptp is generated by the script in the earlier steps of the documentation. I have a feeling I am missing something else still? Any ideas?

BTW, i knew that CHAP was just the authentication protocol of the MS VPN connection. I only threw that in the text so people would know the tunnel i want to create needs support for it.

----------

## ee99ee2

Well I'm having the same problem. I need to connect to a PPTP server on a Windows 2000 box using MS-CHAP authentacation. Back in RedHat, I had the same problem as I am here in Gentoo, and someone told me I need to recompile PPP and apply a patch b/c by default it doesn't support PAP or CHAP? Maybe they said it only doesn't support CHAP. Actually, I'm not sure exactly what they said, but I remember it involved me patching PPP to support CHAP.

Basicly, I want to know how to do that, or where I can read how to do that, or something. I've looked all over Google, and haven't been able to find much of anything yet.

By the way, if u can find how to do it in OpenBSD, that'd be even better... b/c my router runs OpenBSD, and I'd really like for it to connect to the VPN server and serve my whole subnet and not just me.

Right now, the only way I can get on the VPN that I need to connect to is open up my Windows 2000 client in VMware and connect to it from there. (I also enabled remote routing and access so it serves my whole subnet... not a good thing, but a must at times).

Suggestions/ideas/links would be great... Thanks.

-ee99ee2

----------

## mksoft

 *tgnb wrote:*   

> ok, i recompiled the kernel with ppp support and emerged the pptpclient
> 
> i went to their site and read the documentation:
> 
> http://pptpclient.sourceforge.net/howto-redhat.html#setup
> ...

 

I've read the Debian HOWTO on the same site and it says the kernel and pppd must be pacthed for mppe support (the same in the error you've got), have you  applied the patches  :Question: 

----------

## tgnb

Ok, I did a little bit of research.

For the first step described in the Debian-HOWTO I have to patch the kernel for mppe. Since I use Gentoo and not Debian I can't do the apt-get command to simply fetch the kernel patch. I had to go on a hunt for it. Also, the Howto describes the procedure for the 2.2.19 kernel. The link to the source file on the debian website is dead, so I went searching other places.

I found what i believe is the latest version at ftp://ftp.debian.org/debian/pool/main/k/kernel-patch-mppe/

I downloaded and extracted the file. in the file are some text files as well as:

linux-2.2.19-openssl-0.9.5-mppe.patch

linux-2.4.16-openssl-0.9.6b-mppe.patch

Although the file seems to apply specifically for a 2.4.16 kernel with openssl-0.9.6b installed the texts mention this patch should work with any 2.4.18+ kernel and I didn't find another mention of openssl.

But the included README.Debian file gives instructions how to use Debian in order to patch the kernel with these files and states that "If you want to do the patching manually, you can find the diff-file in /usr/src/kernel-patches".

Then i also read http://www.linuxhq.com/patch-howto.html on how to patch the kernel.

I opened the linux-2.4.16-openssl-0.9.6b-mppe.patch in a text editor and found that it start similar to the way the howto describes.

Then i went on the hunt for the diff file but could only find what i think is an older version kernel-patch-mppe_1.0-1.diff.gz instead of the 1.1-1 version.

This file also starts similar to the way the howto describes.

So my question for now is, wich of these files can i use to patch my kernel? And does this patch require openssl-0.9.6b?

----------

## UrbanNightmare

I did a rsync and found that ppp-2.4.1-r9 was suppost to include the patches for ppp to include mppe.  But this didn't seem to work.  If any one has had some success with this can you please let me know.

Stephen Atkins

atkinss@telusplanet.net

----------

## tgnb

AFAIK both the kernel AND pppd need patching. Did you get your kernel patched? If so.. how  :Smile: 

Thanks

----------

## UrbanNightmare

No I didn't patch my kernel.  From what I have understood you don't need to the ppp r9 would do it for you and recompile the modules needed.  I have since downloaded the pptp-mppe from source forge and have copied the mppe.o into the /lib/modules/<kernel ver>/misc dir and I can load it no problem.  Still can't seem to connect tho.

Stephen Atkins

atkinss@telusplanet.net

----------

## rob_94110

I managed to get PPTP working with MPPE today.  It took a bit of experimentation but in the end the recipe is pretty straightforward.

Emerge ppp-2.4.1-r9, pptpclient-1.1.0 and gentoo-sources-2.4.19-r7.  Grab the MPPE kernel patch from ftp://planetmirror.com/pub/mppe/linux-2.4.16-openssl-0.9.6b-mppe.patch.gz and apply it.

Follow the usual kernel configuration process, making sure that PPP is configured as a module in the network device support section.  Make sure that support for "async serial ports" is enabled.  (You can probably compile them into the kernel if you prefer.)

Build the kernel and modules.  You'll find a small compilation error in ppp_mppe.c: it uses a deprecated header file, so just replace the <linux/malloc.h> with <linux/slab.h>.  Then install the modules and kernel.

You will probably need to add the following in /etc/modules.d/ppp:

```
alias ppp-compress-18   ppp_mppe
```

and then run update-modules.

Finally run pptp-command to set up and start the PPTP tunnel.

Good luck,

Rob.

----------

## bonfigleo

Rob,

I wish that I were you.  :Smile: 

I have followed your instructions exactly but still have problems.  I got the kernel patched.  I edited ppp_mppe.c.  Got the kernel compiled.  I did "emerge ppp pptpclient" that completed successfully.  I added the alias to the ppp file.  I ran update-modules.

I ran the pptp-command and set up a chap secrets and a tunnel.  When I attempt to connect to the tunnel it times out.  I have tried both of the route settings.

I have a feeling that I'm missing something simple.  Anyone see what it could be?

Thanks,

Matt

----------

## bluz

That's weird that the tunnel times out without any error messages at all.  The errors for pptp are actually in the syslog file.  

The other thing you can do is run pptp from the command line with the debug option, such as:

pptp <host> debug

This will dump each packet to the log file so you can see why it's not connecting.  If it's timing out, it could be that the other side is resetting the tunnel due to a misconfiguration.

Good luck!

BLUz

----------

## tgnb

I followed rob_94110's instructions and with some modifications got it working  :Smile:  (well kinda, I can connect but now only have to figure out the correct routing during the tunnel setup)

Here are the updated instructions:

I emerged ppp, pptpclient and already had gentoo-sources

After emerging ppp I fixed the permissions of the /etc/modules.d/ppp file because they were set wrong after emerging and that would cause update-modules to fail (as mentioned here https://forums.gentoo.org/viewtopic.php?t=23180).

```
# ls cd /etc/modules.d/

#chmod 0644 ppp
```

I downloaded linux-2.4.19-openssl-0.9.6b-mppe.patch.gz from ftp://planetmirror.com/pub/mppe/

as it is newer than the one rob_94110 had mentioned.

I applied the patch to the kernel.

```
# cd /usr/src/linux

# patch -p1 < /path/to/extracted/patchfile.patch

```

I tried compiling the ppp support stuff statically into the kernel first but that didnt work. 

I didnt get any compilation errors in ppp_mppe.c (i think) so i didnt edit it as suggested in the post, when compiling the ppp support as modules.

I added the alias line into /etc/modules.d/ppp

```
alias ppp-compress-18   ppp_mppe
```

I then ran update-modules again

I booted with the newly compiled kernel and used pptp-command to set up the CHAP secrets and the tunnel and am able to connect.

---

Although I am connected, I still have some routing problems to figure out, but ifconfig now shows my new networking device  :Smile: 

hope this helps someone

----------

## bluz

Hey tgnb, 

Congrats on getting the pptp connection working.  As far as the routing line goes, i don't think they've fixed that yet?  Last I heard you had to either script it yourself to add the routes or you could just manually add them.  I do the latter. 

So if the pptp connection gives me 192.168.1.44, i would add to my route

route add -net 192.168.1.0/24 gw 192.168.1.44

Bluz

----------

## tgnb

heh thanks bluz for the routing tip

my situation was slightly different but got it working thanks to your help  :Smile: 

I noticed also that over at the pptp homepage they have some new docs on routing to establish a site to site vpn.

http://pptpclient.sourceforge.net/routing.phtml

----------

## Gaidin

Thanks for the updated instructions. You have renewed my belief that getting a vpn connection to a Microsoft VPN server is possible.  :Smile: 

I'm emerging the newer software now and going to go hack at it again.

Gaidin

Edit: Wow I guess I've never posted before on these forums. Been browsing them for quite a while though.

----------

## Frayday

Hey guys,

Please take a look at:

https://forums.gentoo.org/viewtopic.php?t=29265

What am i doing wrong?  :Sad: 

Thanks in advance  :Smile: 

Dave

----------

## mrGeniXus

Yes, I am also getting this error.  I attempted to patch the kernel (using the appropriate patch from this site: http://www.polbox.com/h/hs001/ ) as best I could, but the patch ran several hours and never succeeded.  Not sure what I did wrong.

I have re-emerged pppd and pptpcleint both as instructed on http://pptpclient.sourceforge.net/howto-gentoo.phtml

I also tried the unstable versions ala

```

ACCEPT_KEYWORDS="~x86" emerge pppd

USE="crypt" ACCEPT_KEYWORDS="~x86" emerge pptpclient

```

I assume, my problem is the lack of mppe support in kernel.

but as I said, I couldn't get it to take. any suggestions?

also seems to work on workstation but not laptop

thanks very much.

----------

