Startsida Utforska Hjälp
Logga in
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Gren: master
Grenar Taggar
csu3_am335x
/
EVSE
/
GPL
/
ppp-2.4.7
/
README.MPPE

README.MPPE 2.8 KB
Permalänk Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. PPP Support for MPPE (Microsoft Point to Point Encryption)
    2. 

  2. ==========================================================
    3. 

  3. 

  4. Frank Cusack		frank@google.com
    5. 

  5. Mar 19, 2002
    6. 

  6. 

  7. Updated by Paul Mackerras, Sep 2008
    8. 

  8. 

  9. 

  10. DISCUSSION
    11. 

  11. 

  12. MPPE is Microsoft's encryption scheme for PPP links.  It is pretty much
    13. 

  13. solely intended for use with PPP over Internet links -- if you have a true
    14. 

  14. point to point link you have little need for encryption.  It is generally
    15. 

  15. used with PPTP.
    16. 

  16. 

  17. MPPE is negotiated within CCP (Compression Control Protocol) as option
    18. 

  18. 18.  In order for MPPE to work, both peers must agree to do it.  This
    19. 

  19. complicates things enough that I chose to implement it as strictly a binary
    20. 

  20. option, off by default.  If you turn it on, all other compression options
    21. 

  21. are disabled and MPPE *must* be negotiated successfully in both directions
    22. 

  22. (CCP is unidirectional) or the link will be disconnected.  I think this is
    23. 

  23. reasonable since, if you want encryption, you want encryption.  That is,
    24. 

  24. I am not convinced that optional encryption is useful.
    25. 

  25. 

  26. While PPP regards MPPE as a "compressor", it actually expands every frame
    27. 

  27. by 4 bytes, the MPPE overhead (encapsulation).
    28. 

  28. 

  29. Because of the data expansion, you'll see that ppp interfaces get their
    30. 

  30. mtu reduced by 4 bytes whenever MPPE is negotiated.  This is because
    31. 

  31. when MPPE is active, it is *required* that *every* packet be encrypted.
    32. 

  32. PPPD sets the mtu = MIN(peer mru, configured mtu).  To ensure that
    33. 

  33. MPPE frames are not larger than the peer's mru, we reduce the mtu by 4
    34. 

  34. bytes so that the network layer never sends ppp a packet that's too large.
    35. 

  35. 

  36. There is an option to compress the data before encrypting (MPPC), however
    37. 

  37. the algorithm is patented and requires execution of a license with Hifn.
    38. 

  38. MPPC as an RFC is a complete farce.  I have no further details on MPPC.
    39. 

  39. 

  40. Some recommendations:
    41. 

  41. 

  42. - Use stateless mode.  Stateful mode is disabled by default.  Unfortunately,
    43. 

  43.   stateless mode is very expensive as the peers must rekey for every packet.
    44. 

  44. - Use 128-bit encryption.
    45. 

  45. - Use MS-CHAPv2 only.
    46. 

  46. 

  47. Reference documents:
    48. 

  48. 

  49.     <http://www.ietf.org/rfc/rfc3078.txt> MPPE
    50. 

  50.     <http://www.ietf.org/rfc/rfc3079.txt> MPPE Key Derivation
    51. 

  51.     <http://www.ietf.org/rfc/rfc2118.txt> MPPC
    52. 

  52.     <http://www.ietf.org/rfc/rfc2637.txt> PPTP
    53. 

  53.     <http://www.ietf.org/rfc/rfc2548.txt> MS RADIUS Attributes
    54. 

  54. 

  55. You might be interested in PoPToP, a Linux PPTP server.  You can find it at
    56. 

  56. <http://www.poptop.org/>
    57. 

  57. 

  58. RADIUS support for MPPE is from Ralf Hofmann, <ralf.hofmann@elvido.net>.
    59. 

  59. 

  60. 

  61. BUILDING THE PPPD
    62. 

  62. 

  63. The userland component of PPPD has no additional requirements above
    64. 

  64. those for MS-CHAP and MS-CHAPv2.
    65. 

  65. 

  66. MPPE support is now included in the mainline Linux kernel releases.
    67. 

  67. 

  68. 

  69. CONFIGURATION
    70. 

  70. 

  71. See pppd(8) for the MPPE options.  Under Linux, if your modutils is earlier
    72. 

  72. than 2.4.15, you will need to add
    73. 

  73. 

  74.     alias ppp-compress-18 ppp_mppe
    75. 

  75. 

  76. to /etc/modules.conf.
    77. 

  77. 

  78.