home *** CD-ROM | disk | FTP | other *** search
- PPP Support for MPPE (Microsoft Point to Point Encryption)
- ==========================================================
-
- Frank Cusack frank@google.com
- Mar 19, 2002
-
-
- DISCUSSION
-
- MPPE is Microsoft's encryption scheme for PPP links. It is pretty much
- solely intended for use with PPP over Internet links -- if you have a true
- point to point link you have little need for encryption. It is generally
- used with PPTP.
-
- MPPE is negotiated within CCP (Compression Control Protocol) as option
- 18. In order for MPPE to work, both peers must agree to do it. This
- complicates things enough that I chose to implement it as strictly a binary
- option, off by default. If you turn it on, all other compression options
- are disabled and MPPE *must* be negotiated successfully in both directions
- (CCP is unidirectional) or the link will be disconnected. I think this is
- reasonable since, if you want encryption, you want encryption. That is,
- I am not convinced that optional encryption is useful.
-
- While PPP regards MPPE as a "compressor", it actually expands every frame
- by 4 bytes, the MPPE overhead (encapsulation).
-
- Because of the data expansion, you'll see that ppp interfaces get their
- mtu reduced by 4 bytes whenever MPPE is negotiated. This is because
- when MPPE is active, it is *required* that *every* packet be encrypted.
- PPPD sets the mtu = MIN(peer mru, configured mtu). To ensure that
- MPPE frames are not larger than the peer's mru, we reduce the mtu by 4
- bytes so that the network layer never sends ppp a packet that's too large.
-
- There is an option to compress the data before encrypting (MPPC), however
- the algorithm is patented and requires execution of a license with Hifn.
- MPPC as an RFC is a complete farce. I have no further details on MPPC.
-
- Some recommendations:
-
- - Use stateless mode. Stateful mode is disabled by default. Unfortunately,
- stateless mode is very expensive as the peers must rekey for every packet.
- - Use 128-bit encryption.
- - Use MS-CHAPv2 only.
-
- Reference documents:
-
- <http://www.ietf.org/rfc/rfc3078.txt> MPPE
- <http://www.ietf.org/rfc/rfc3079.txt> MPPE Key Derivation
- <http://www.ietf.org/rfc/rfc2118.txt> MPPC
- <http://www.ietf.org/rfc/rfc2637.txt> PPTP
- <http://www.ietf.org/rfc/rfc2548.txt> MS RADIUS Attributes
-
- You might be interested in PoPToP, a Linux PPTP server. You can find it at
- <http://www.poptop.org/>
-
- RADIUS support for MPPE is from Ralf Hofmann, <ralf.hofmann@elvido.net>.
-
-
- BUILDING THE PPPD
-
- The userland component of PPPD has no additional requirements above
- those for MS-CHAP and MS-CHAPv2. The kernel, however, requires SHA-1
- and ARCFOUR. Public domain implementations of these are provided.
-
- Until such time as MPPE support ships with kernels, you can use
- the Linux 2.2 or 2.4 implementation that comes with PPPD. Run the
- ppp/linux/mppe/mppeinstall.sh script, giving it the location to your
- kernel source. Then add the CONFIG_PPP_MPPE option to your config and
- rebuild the kernel. The ppp_mppe.o module is added, and the ppp.o module
- (2.2) or ppp_generic.o (2.4) is modified (unfortunately). You'll need
- the new ppp.o/ppp_generic.o since it does the right thing for the 4
- extra bytes problem discussed above.
-
-
- CONFIGURATION
-
- See pppd(8) for the MPPE options. Under Linux, if your modutils is earlier
- than 2.4.15, you will need to add
-
- alias ppp-compress-18 ppp_mppe
-
- to /etc/modules.conf. (A patch for earlier versions of modutils is included
- with the kernel patches.)
-
-
-
