Works beautifully, once I'd figured out the correct pppd options to
pass. Thank you.
Curiously I couldn't get the server and client to use MS-CHAPv2 or
MPPE unless the "require-mschap-v2" and "require-mppe" options were
provided. I assumed the client and server would negotiate at the
'highest' common authentication and encryption level. Instead I found
I had to include these two options or else standard CHAP with no
encryption was used (or the connection failed totally if Windows was
told to _require_ encryption or MS-CHAP).
Some other observations:
- pptp connections seem more reliable now. Previously it could take
several attempts before a PPTP connection could be established
(particularly from Win98?). This seems to be fixed with this
MPPE/MS-CHAP implementation or perhaps its something else in 2.4.2.
Either way, good stuff!
- If I load the netfilter pptp connection tracking modules on the PPTP
server I can't connect at all from Win98. Win2k works fine. Will
test other clients soon. Lots of the following from poptop:
GRE: xmit failed from decaps_hdlc: Operation not permitted
...even with no firewall rules active. Unload the conntrack modules
it works fine. Strange! Previously, with the third party MPPE
patches connection attempts were less reliable with the conntrack
modules loaded but were workable. This is probably out of the scope
of our discussion but any thoughts welcome :)
Its great to have MPPE and MS-CHAPv2 support in the main pppd dist
now... one less patch to worry about. Hopefully the MPPE kernel patch
will make it to the mainline kernel soon too.
Thanks for your help,
Menno
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/