pppd cannot be configured to enable mppe but not require it

Is this symptom still reproducible in 8.10 alpha?

I can confirm that this problem is still existent in 8.10 release.

Trying to connect with a non-mppe client results in:

Nov 4 16:55:36 vpn-test pppd[24480]: sent [LCP TermReq id=0x2 "MPPE required but peer negotiation failed"]

It is impossible to configure mppe to be optional.

cite from README.MPPE:

if you turn it on, all other compression options
are disabled and MPPE *must* be negotiated successfully in both directions
(CCP is unidirectional) or the link will be disconnected. I think this is
reasonable since, if you want encryption, you want encryption. That is,
I am not convinced that optional encryption is useful.

-----------------------

So this intentionally made by the author. I tried to contact the Original Author, but didn't receive any answers.

I tried to change that behaviour but was only partly successful. Using the patch is is now possible to make MPPE optional, but it will be optional in any case. I couldn't find a really good solution which would add a additional config option. That didn't really work out. I might be able to provide a better patch, but currently that one is sufficient for me, since I only need optional MPPE support and no MPPE required solution.

I made a patch that add "mppe-optional" option to pppd config
Set both "require-mppe" and "mppe-optional" in pppd config at it works as expected, allowing both encrypted and non-encrypted connections.
Not sure it's clear way to do it, but it works well for me.

Hi!

I really liked your solution of the mppe-optional patch.
But I modified it to work with the mppc patch applied source (i.e. ppp-2.4.x-mppe-mppc-1.1.patch and linux-2.6.2x-mppc.patch).
Was nothing special, just adjusting a few line differences and so.
The main reason for that was, that OSX (since a few versions) does not connect to pptpd with mppe if mppe is set as an option, even this works flawlessly on windows clients.
Yes, you read right, the mppc patched version of pppd has mppe set to optionally if not requested otherwise in the options file.. .
So, with your patch I can use mppe required in the options file, but it's just optionally, and also behaves right for OSX.

The only Problem is, I can't get it to work with MPPC only (so MPPC withput MPPE). Which works when I don't use the mppe required option, but then I can't use it on OSX. The connection just gets dropped without an error message in the case of an MPPC but not MPPE requesting client.

As I'm not good enough at the debugging, possibly you are able to find a solution for that problem(s)?

Also I noticed, that both version (mppc enabled code or not, but mppc has to be disabled on the windows client) give an error when connection with mppe set as optionally instead of requested or disabled.

So it seems that the code really needs some corrections.

Thank you

Alex

Wow, great response here.. .

I've made some additions to the code of this dirty hack, so that it also works with the mppc enabled source.

Hopefully someone will renew ccp.c sometimes.. .

Alex

[Expired for ppp (Ubuntu) because there has been no activity for 60 days.]

I updated this patch a litte bit more. I had some issues with some other clients for example if you have a client with disabled mppe but enabled deflate compression. The attached patch should fix this.

this patch need to be used for vpn clients embeded in all android phones. Because android dosen't support MPPE (stupid)
please add this feature to upstream

Thanks everyone for patch.
Is there any chance it will be included in upstream ?
I bet a lot of people need this, just nor everyone post something to launchpad...

still need it

It is possible to create a PR on GitHub?
Do not forget: Description + Sign-off

Linked to:
- https://github.com/paulusmack/ppp/issues/57

Hello all,

I recall you:

It is possible to create a PR on GitHub?
Do not forget: Description + Sign-off

Linked to:
- https://github.com/paulusmack/ppp/issues/57

Thanks in advance.