Skip site navigation (1)Skip section navigation (2) 
Date:      12 May 2002 15:26:51 -0700
From:      Matthew Braithwaite <matt@braithwaite.net>
To:        Matthew Braithwaite <matt@braithwaite.net>
Cc:        Archie Cobbs <archie@dellroad.org>, dgilbert@velocet.ca, freebsd-net@FreeBSD.ORG
Subject:   Re: mpd-netgraph problem. (SOLVED)
Message-ID:  <86r8khypck.fsf_-_@limekiller.braithwaite.net>
In-Reply-To: <86bsbo6696.fsf@limekiller.braithwaite.net>
References:  <200205092357.g49Nvb204332@arch20m.dellroad.org> <86bsbo6696.fsf@limekiller.braithwaite.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
I solved my problem, but I need to retract a few things I said about
it earlier:

1. Although I was told (by the folks who operate my VPN server) that I
   had to negotiate 128-bit encryption, I've succeeded with 40-bit
   encryption, using the ``LAN Manager'' hash.

2. Therefore, this whole business about MSCHAPv1/MSCHAPv2 is totally
   irrelevant, since the LAN Manager hash depends only on my password.

3. I have an alternate method of getting into my private network; I
   used that to ping the address I was assigned by the VPN server.
   When I did this I noticed that mpd was able to decrypt those pings
   successfully.  In other words, only my transmit direction was
   broken:  I could receive MPPE just fine.  This test may be very
   useful for others who encounter the same symptoms, since the
   symptoms seem to have many possible causes.

Anyway, the solution was to change the following function in ng_ppp.c
(note, part of the kernel, not mpd) by removing the marked lines:

    static struct mbuf *
    ng_ppp_addproto(struct mbuf *m, int proto, int compOK)
    {
-    	if (compOK && PROT_COMPRESSABLE(proto)) {
-    		u_char pbyte = (u_char)proto;
-    
-    		return ng_ppp_prepend(m, &pbyte, 1);
-    	} else {
    		u_int16_t pword = htons((u_int16_t)proto);
    
    		return ng_ppp_prepend(m, &pword, 2);
-    	}
    }

If I had to make a wild-ass guess about why this works, it'd be that
mpd supports MPPE but doesn't know how to do MPPC compression, so the
peer isn't expecting the protocol field to be compressed.  I don't
care; it works now. :-)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86r8khypck.fsf_-_>