[Poptop-server] PPTP working, MPPE not

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

I am trying to get pptp to work between a RedHat 7.2 client and server.

PPTP and MS-CHAPv2 are working nicely (so the basic setup is OK), but
MPPE isn't.  I'm using the ppp-2.4.1-mppe3 package plus the kernel
ppp_mppe.o module from kernel-2.4.9-31mppe.i386.rpm (but a compiled-it-
myself mppe module made no difference).

This is what I have in the logs (I include a full session, pptp and pppd
log):

May  8 10:25:36 mobile pptp[23831]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:580]: Client connection established.
May  8 10:25:37 mobile pptp[23831]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:708]: Outgoing call established (call ID 0, peer's call ID 0). 
May  8 10:25:37 mobile pppd[23832]: pppd 2.4.1 started by root, uid 0
May  8 10:25:37 mobile pppd[23832]: using channel 13
May  8 10:25:37 mobile pppd[23832]: Using interface ppp0
May  8 10:25:37 mobile pppd[23832]: Connect: ppp0 <--> /dev/pts/4
May  8 10:25:37 mobile pppd[23832]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xac5b7092> <pcomp> <accomp>]
May  8 10:25:39 mobile pppd[23832]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xac5b7092> <pcomp> <accomp>]
May  8 10:25:40 mobile pppd[23832]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xac5b7092> <pcomp> <accomp>]
May  8 10:25:40 mobile pppd[23832]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap 81> <magic 0x93f2ed11> <pcomp> <accomp>]
May  8 10:25:40 mobile pppd[23832]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap 81> <magic 0x93f2ed11> <pcomp> <accomp>]
May  8 10:25:40 mobile pppd[23832]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xac5b7092> <pcomp> <accomp>]
May  8 10:25:40 mobile pppd[23832]: cbcp_lowerup
May  8 10:25:40 mobile pppd[23832]: want: 2
May  8 10:25:40 mobile pppd[23832]: rcvd [CHAP Challenge id=0x1 <641a9a7fde16a9b1e6a312a15fafb13d>, name = "XXXX"]
May  8 10:25:40 mobile pppd[23832]: sent [CHAP Response id=0x1 <364278f63897e17d5dee34ab8cf3376a0000000000000000f017972f2ebd78e6fc253b9aad6c89b5e1f465f59b9701f900>, name = "XXXX"]
May  8 10:25:40 mobile pppd[23832]: rcvd [CHAP Success id=0x1 "S=A489A330D35A2862516207542270AE365E738E5B"]
May  8 10:25:40 mobile pppd[23832]: Remote message: S=A489A330D35A2862516207542270AE365E738E5B
May  8 10:25:40 mobile pppd[23832]: sent [IPCP ConfReq id=0x1 <addr 193.149.48.163> <compress VJ 0f 01>]
May  8 10:25:40 mobile pppd[23832]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:40 mobile pppd[23832]: rcvd [IPCP ConfReq id=0x1 <addr 192.168.100.1> <compress VJ 0f 01>]
May  8 10:25:40 mobile pppd[23832]: sent [IPCP ConfAck id=0x1 <addr 192.168.100.1> <compress VJ 0f 01>]
May  8 10:25:40 mobile pppd[23832]: rcvd [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:40 mobile pppd[23832]: sent [CCP ConfAck id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:40 mobile pppd[23832]: rcvd [IPCP ConfNak id=0x1 <addr 192.168.1.201>]
May  8 10:25:40 mobile pppd[23832]: sent [IPCP ConfReq id=0x2 <addr 192.168.1.201> <compress VJ 0f 01>]
May  8 10:25:40 mobile pppd[23832]: rcvd [CCP ConfAck id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:40 mobile pppd[23832]: Received bad configure-ack:  1a 04 78 00 18 04 78 00 15 03 2f
May  8 10:25:40 mobile pppd[23832]: rcvd [IPCP ConfAck id=0x2 <addr 192.168.1.201> <compress VJ 0f 01>]
May  8 10:25:40 mobile pppd[23832]: local  IP address 192.168.1.201
May  8 10:25:40 mobile pppd[23832]: remote IP address 192.168.100.1
May  8 10:25:40 mobile pppd[23832]: Script /etc/ppp/ip-up started (pid 23849)
May  8 10:25:40 mobile pppd[23832]: Script /etc/ppp/ip-up finished (pid 23849), status = 0x0

-> up to here, everything is looking fine (except the CCP line, but
there are more of that below).

May  8 10:25:43 mobile pppd[23832]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:43 mobile pppd[23832]: rcvd [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:43 mobile pppd[23832]: sent [CCP ConfAck id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:43 mobile pppd[23832]: rcvd [CCP ConfAck id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:43 mobile pppd[23832]: Received bad configure-ack:  1a 04 78 00 18 04 78 00 15 03 2f

This part is what worries me.   If I understand this correctly, MPPE is
pretending to be a PPP compression layer, and CCP doesn't come up
properly.

May  8 10:25:46 mobile pppd[23832]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:46 mobile pppd[23832]: rcvd [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:46 mobile pppd[23832]: sent [CCP ConfAck id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:46 mobile pppd[23832]: rcvd [CCP ConfAck id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:25:46 mobile pppd[23832]: Received bad configure-ack:  1a 04 78 00 18 04 78 00 15 03 2f

... this repeats for a while (snipped).

[..]
May  8 10:26:04 mobile pppd[23832]: Received bad configure-ack:  1a 04 78 00 18 04 78 00 15 03 2f
May  8 10:26:07 mobile pppd[23832]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:26:07 mobile pppd[23832]: rcvd [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:26:07 mobile pppd[23832]: sent [CCP ConfAck id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:26:07 mobile pppd[23832]: rcvd [CCP ConfAck id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
May  8 10:26:07 mobile pppd[23832]: Received bad configure-ack:  1a 04 78 00 18 04 78 00 15 03 2f
May  8 10:26:10 mobile pppd[23832]: CCP: timeout sending Config-Requests 

Eventually it gives up.

The pptp/gre tunnel is working fine at this point, but it is NOT
encrypting anything, so the whole excercise is kind of moot.

So... any suggestions what this message could mean?  Where shall I go
hunting?  I assumed a problem with my compiled-it-myself ppp_mppe
module, but as it happens with the "official" module as well, this is
unlikely.

In the packet path, there is no NAT device.  There is a firewall, but 
outgoing TCP and GRE are permitted.  

The server end has similar messages in its log...

gert
-- 
Gert Doering
Mobile communications ... right now writing from *back from Ripe42*