Discussion:
pptp between NetBSD and Windows VPN server?
(too old to reply)
Martin Husemann
2012-11-16 13:35:49 UTC
Permalink
Hi folks,

has anyone successfully used a PPTP connection between a NetBSD machine
and a Windows VPN server?

I tried with the net/pptp package, but failed miserably.
Its examples all use MPPE options, which are (according to pppd(8)) not
available on NetBSD.

Are there any other software options?

Martin

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Gert Doering
2012-11-16 14:08:27 UTC
Permalink
Hi,
Post by Martin Husemann
has anyone successfully used a PPTP connection between a NetBSD machine
and a Windows VPN server?
I tried with the net/pptp package, but failed miserably.
Its examples all use MPPE options, which are (according to pppd(8)) not
available on NetBSD.
There's "pkgsrc/net/mppe-lkm", which adds MPPE as LKM...

----------- snip -----------
***@kirk:/usr/pkgsrc/net/mppe-lkm$ cat DESCR
To get encryption over a PPTP connection, you need the kernel to support the
MPPE algorithm. It is used as a PPP compression module, and the mppe-lkm
package provides a LKM (Loadable Kernel Module) that will install the
functionality into your NetBSD kernel.
----------- snip -----------

I'm not sure whether it still *works* - last time I tried it was some
5+ years ago on NetBSD/Sparc64 3.1, but at that time, pptp with mppe
worked fine.

(Admittedly, I was not talking to a Windows Server, but to a Linux box,
but that box also had Windows clients and enforced mppe, so I assume
it would have worked against a Windows Server as well)
Post by Martin Husemann
Are there any other software options?
You *might* want to read this:

http://www.heise.de/security/artikel/Der-Todesstoss-fuer-PPTP-1701365.html

and reconsider using PPTP for anything across networks that you do not
know and fully trust (it can still be *useful*, but never ever trustworthy).


I'm currently moving all my customers that are using PPTP towards OpenVPN
(happy to answer questions regarding OpenVPN).

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany ***@greenie.muc.de
fax: +49-89-35655025 ***@net.informatik.tu-muenchen.de
Martin Husemann
2012-11-16 14:33:23 UTC
Permalink
Post by Gert Doering
and reconsider using PPTP for anything across networks that you do not
know and fully trust (it can still be *useful*, but never ever trustworthy).
I'm a big fan of OpenVPN or simple IPsec tunnel mode solutions, however,
in this case I have no choice :-(

Martin

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Gert Doering
2012-11-16 14:41:22 UTC
Permalink
Hi,
Post by Martin Husemann
Post by Gert Doering
and reconsider using PPTP for anything across networks that you do not
know and fully trust (it can still be *useful*, but never ever trustworthy).
I'm a big fan of OpenVPN or simple IPsec tunnel mode solutions, however,
in this case I have no choice :-(
Yeah, customers... (waving that article might help).

Anyway, hope the pointer to mppe-lkm was helpful to make you-know-what work :)

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany ***@greenie.muc.de
fax: +49-89-35655025 ***@net.informatik.tu-muenchen.de

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Martin Husemann
2012-11-16 16:14:10 UTC
Permalink
Hmm, I made the pkg compile a kmod instead of an lkm with minor tweaks
(attached the modified file, Makefile needed sys/crypto/arc4/arc4.c added
and an include changed), however I still couldn't get pptp/pppd to
interoperate.

Will have to look in more details another day.

Martin
Mouse
2012-11-16 20:51:28 UTC
Permalink
Post by Martin Husemann
has anyone successfully used a PPTP connection between a NetBSD
machine and a Windows VPN server?
Not me. But, at work, we have a NetBSD/5.1 box which, among other
things, acts as a VPN server for Windows boxen using PPTP. (I know, I
know, PPTP...I didn't make that choice.)

I just now dug around, and it appears it's using net/pptp.

/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML ***@rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...