Date: 12 May 2002 15:26:51 -0700 From: Matthew Braithwaite <matt@braithwaite.net> To: Matthew Braithwaite <matt@braithwaite.net> Cc: Archie Cobbs <archie@dellroad.org>, dgilbert@velocet.ca, freebsd-net@FreeBSD.ORG Subject: Re: mpd-netgraph problem. (SOLVED) Message-ID: <86r8khypck.fsf_-_@limekiller.braithwaite.net> In-Reply-To: <86bsbo6696.fsf@limekiller.braithwaite.net> References: <200205092357.g49Nvb204332@arch20m.dellroad.org> <86bsbo6696.fsf@limekiller.braithwaite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I solved my problem, but I need to retract a few things I said about it earlier: 1. Although I was told (by the folks who operate my VPN server) that I had to negotiate 128-bit encryption, I've succeeded with 40-bit encryption, using the ``LAN Manager'' hash. 2. Therefore, this whole business about MSCHAPv1/MSCHAPv2 is totally irrelevant, since the LAN Manager hash depends only on my password. 3. I have an alternate method of getting into my private network; I used that to ping the address I was assigned by the VPN server. When I did this I noticed that mpd was able to decrypt those pings successfully. In other words, only my transmit direction was broken: I could receive MPPE just fine. This test may be very useful for others who encounter the same symptoms, since the symptoms seem to have many possible causes. Anyway, the solution was to change the following function in ng_ppp.c (note, part of the kernel, not mpd) by removing the marked lines: static struct mbuf * ng_ppp_addproto(struct mbuf *m, int proto, int compOK) { - if (compOK && PROT_COMPRESSABLE(proto)) { - u_char pbyte = (u_char)proto; - - return ng_ppp_prepend(m, &pbyte, 1); - } else { u_int16_t pword = htons((u_int16_t)proto); return ng_ppp_prepend(m, &pword, 2); - } } If I had to make a wild-ass guess about why this works, it'd be that mpd supports MPPE but doesn't know how to do MPPC compression, so the peer isn't expecting the protocol field to be compressed. I don't care; it works now. :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86r8khypck.fsf_-_>