[Devil-Linux-discuss] Is there a problem with MPPE in Devil-Linux release 1.2.9?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Good afternoon,

I searched in the forums but did not find the answer to my question.  If =
this has already been answered, could you please direct me to the =
answer?  I was until recently using Devil-Linux 1.2.5 with and accepted =
inbound PPTP connections without any problems.  I have upgraded to =
Devil-Linux 1.2.9 last week and revised all my configurations and rules. =
 With a nearly identical configuration to what I had before, PPTP =
connections can no longer be accepted when using MPPE encryption (see =
example 1 below).

At first I suspected that perhaps I had a bad firewall rule preventing =
GRE traffic.  However, when I remove the "mppe-required" line in =
"/etc/ppp/options.pptpd", I only get an error saying the client insists =
on using MPPE.  So when I disable MPPE encryption on the client side as =
well, then the client successfully connects (see example 2 below). I do =
get a GRE checksum error, but I am not using a Windows client during =
that specific test, so perhaps something changed in the algorythm the =
client is using.

I want to know how I could get MPPE working with Devil-Linux 1.2.9 and =
also how to enforce it in the configuration file.

Thank you,

Marc Guimond

-----

Example 1:

Apr  7 17:05:34 src@firewall pptpd[3769]: MGR: Manager process started
Apr  7 17:05:34 src@firewall pptpd[3769]: MGR: Maximum of 11 connections =
available
Apr  7 17:05:36 src@firewall pptpd[3770]: CTRL: Client 70.80.201.112 =
control connection started
Apr  7 17:05:36 src@firewall pptpd[3770]: CTRL: Starting call (launching =
pppd, opening GRE)
Apr  7 17:05:36 src@firewall pppd[3771]: In file /etc/ppp/options.pptpd: =
unrecognized option 'mppe-required'
Apr  7 17:05:36 src@firewall pptpd[3770]: GRE: =
read(fd=3D6,buffer=3Deff6880,len=3D8196) from PTY failed: status =3D -1 =
error =3D Input/output error, usually caused by unexpected termination =
of pppd, check option syntax and pppd logs
Apr  7 17:05:36 src@firewall pptpd[3770]: CTRL: PTY read or GRE write =
failed (pty,gre)=3D(6,7)
Apr  7 17:05:36 src@firewall pptpd[3770]: CTRL: Reaping child PPP[3771]
Apr  7 17:05:36 src@firewall pptpd[3770]: CTRL: Client 70.80.201.112 =
control connection finished

Example 2:

Apr  7 17:23:38 src@firewall pptpd[4267]: MGR: Manager process started
Apr  7 17:23:38 src@firewall pptpd[4267]: MGR: Maximum of 11 connections =
available
Apr  7 17:23:40 src@firewall pptpd[4268]: CTRL: Client 70.80.201.112 =
control connection started
Apr  7 17:23:40 src@firewall pptpd[4268]: CTRL: Starting call (launching =
pppd, opening GRE)
Apr  7 17:23:40 src@firewall pppd[4269]: Plugin =
/usr/lib/pptpd/pptpd-logwtmp.so loaded.
Apr  7 17:23:40 src@firewall pppd[4269]: pppd 2.4.3 started by root, uid =
0
Apr  7 17:23:40 src@firewall kernel: divert: not allocating divert_blk =
for non-ethernet device ppp0
Apr  7 17:23:40 src@firewall pppd[4269]: Using interface ppp0
Apr  7 17:23:40 src@firewall pppd[4269]: Connect: ppp0 <--> /dev/pts/0
Apr  7 17:23:40 src@firewall pptpd[4268]: GRE: Bad checksum from pppd.
Apr  7 17:23:41 src@firewall pppd[4269]: found interface eth1 for proxy =
arp
Apr  7 17:23:41 src@firewall pppd[4269]: local  IP address 192.168.0.101
Apr  7 17:23:41 src@firewall pppd[4269]: remote IP address 192.168.0.102
Apr  7 17:32:40 src@firewall syslog-ng[597]: STATS: dropped 0
Apr  7 17:35:02 src@firewall pppd[4269]: LCP terminated by peer (User =
request)
Apr  7 17:35:02 src@firewall pppd[4269]: Connect time 11.4 minutes.
Apr  7 17:35:02 src@firewall pppd[4269]: Sent 0 bytes, received 0 bytes.
Apr  7 17:35:02 src@firewall pppd[4269]: Modem hangup
Apr  7 17:35:02 src@firewall pppd[4269]: Connection terminated.
Apr  7 17:35:02 src@firewall pptpd[4268]: CTRL: EOF or bad error reading =
ctrl packet length.
Apr  7 17:35:02 src@firewall pptpd[4268]: CTRL: couldn't read packet =
header (exit)
Apr  7 17:35:02 src@firewall pptpd[4268]: CTRL: CTRL read failed
Apr  7 17:35:02 src@firewall pptpd[4268]: CTRL: Reaping child PPP[4269]
Apr  7 17:35:02 src@firewall pppd[4269]: Exit.
Apr  7 17:35:02 src@firewall kernel: divert: no divert_blk to free, ppp0 =
not ethernet
Apr  7 17:35:02 src@firewall pptpd[4268]: CTRL: Client 70.80.201.112 =
control connection finished