From owner-freebsd-security  Wed Nov  1 21:13:42 2000
Delivered-To: freebsd-security@freebsd.org
Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26])
	by hub.freebsd.org (Postfix) with ESMTP id 3059B37B479
	for <security@FreeBSD.ORG>; Wed,  1 Nov 2000 21:13:34 -0800 (PST)
Received: from curve.dellroad.org (curve.dellroad.org [10.1.1.30])
	by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id VAA12322;
	Wed, 1 Nov 2000 21:13:26 -0800 (PST)
Received: (from archie@localhost)
	by curve.dellroad.org (8.11.0/8.11.0) id eA25DQO57527;
	Wed, 1 Nov 2000 21:13:26 -0800 (PST)
	(envelope-from archie)
From: Archie Cobbs <archie@dellroad.org>
Message-Id: <200011020513.eA25DQO57527@curve.dellroad.org>
Subject: Re: MPPE and US export restrictions.
In-Reply-To: <807044A67EA3D211B11D00A024E91A45F2D23C@exch.stack.ru>
 "from Tolpanov, Dmitry at Nov 2, 2000 11:46:53 am"
To: "Tolpanov, Dmitry" <tdn@stack.ru>
Date: Wed, 1 Nov 2000 21:13:25 -0800 (PST)
Cc: security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL82 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Tolpanov, Dmitry writes:
> I'm sorry if my question will be a little bit out of topic, but I think it
> is connected with security.
> I'm organizing PPTP service and interested in encryption of traffic. As PPTP
> server i'm using MPD port (mpd-3.2). I've installed it with MPPC and MPPE
> options (all necessary sources are included, as I understand). Now I start
> mpd with MPPC-MPPE options enabled.
> As PPTP client I have Win NT 4.0 Server. When I try to connect to PPTP
> server without enabled Encrypt option (NT) it is succeeded. But when I
> enable Encrypt option on NT the connection fails while everything is OK. 
> 
> Now I think may be my problems are because of US export restrictions, My NT
> and MPD simply do not support MPPE. I live in Russia. Recently US government
> canceled this restriction but my be my NT and FreeBSD(4.0) do not know about
> this.

The export stuff shouldn't be an issue. If you email me an mpd log
trace I can tell you why it's failing. Make sure you enable option
mpp-e128 if you're requiring "strong" encryption.

-Archie

__________________________________________________________________________
Archie Cobbs     *     Packet Design     *     http://www.packetdesign.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message