lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame^] | 1 | PPP Support for MPPE (Microsoft Point to Point Encryption) |
| 2 | ========================================================== |
| 3 | |
| 4 | Frank Cusack frank@google.com |
| 5 | Mar 19, 2002 |
| 6 | |
| 7 | Updated by Paul Mackerras, Sep 2008 |
| 8 | |
| 9 | |
| 10 | DISCUSSION |
| 11 | |
| 12 | MPPE is Microsoft's encryption scheme for PPP links. It is pretty much |
| 13 | solely intended for use with PPP over Internet links -- if you have a true |
| 14 | point to point link you have little need for encryption. It is generally |
| 15 | used with PPTP. |
| 16 | |
| 17 | MPPE is negotiated within CCP (Compression Control Protocol) as option |
| 18 | 18. In order for MPPE to work, both peers must agree to do it. This |
| 19 | complicates things enough that I chose to implement it as strictly a binary |
| 20 | option, off by default. If you turn it on, all other compression options |
| 21 | are disabled and MPPE *must* be negotiated successfully in both directions |
| 22 | (CCP is unidirectional) or the link will be disconnected. I think this is |
| 23 | reasonable since, if you want encryption, you want encryption. That is, |
| 24 | I am not convinced that optional encryption is useful. |
| 25 | |
| 26 | While PPP regards MPPE as a "compressor", it actually expands every frame |
| 27 | by 4 bytes, the MPPE overhead (encapsulation). |
| 28 | |
| 29 | Because of the data expansion, you'll see that ppp interfaces get their |
| 30 | mtu reduced by 4 bytes whenever MPPE is negotiated. This is because |
| 31 | when MPPE is active, it is *required* that *every* packet be encrypted. |
| 32 | PPPD sets the mtu = MIN(peer mru, configured mtu). To ensure that |
| 33 | MPPE frames are not larger than the peer's mru, we reduce the mtu by 4 |
| 34 | bytes so that the network layer never sends ppp a packet that's too large. |
| 35 | |
| 36 | There is an option to compress the data before encrypting (MPPC), however |
| 37 | the algorithm is patented and requires execution of a license with Hifn. |
| 38 | MPPC as an RFC is a complete farce. I have no further details on MPPC. |
| 39 | |
| 40 | Some recommendations: |
| 41 | |
| 42 | - Use stateless mode. Stateful mode is disabled by default. Unfortunately, |
| 43 | stateless mode is very expensive as the peers must rekey for every packet. |
| 44 | - Use 128-bit encryption. |
| 45 | - Use MS-CHAPv2 only. |
| 46 | |
| 47 | Reference documents: |
| 48 | |
| 49 | <http://www.ietf.org/rfc/rfc3078.txt> MPPE |
| 50 | <http://www.ietf.org/rfc/rfc3079.txt> MPPE Key Derivation |
| 51 | <http://www.ietf.org/rfc/rfc2118.txt> MPPC |
| 52 | <http://www.ietf.org/rfc/rfc2637.txt> PPTP |
| 53 | <http://www.ietf.org/rfc/rfc2548.txt> MS RADIUS Attributes |
| 54 | |
| 55 | You might be interested in PoPToP, a Linux PPTP server. You can find it at |
| 56 | <http://www.poptop.org/> |
| 57 | |
| 58 | RADIUS support for MPPE is from Ralf Hofmann, <ralf.hofmann@elvido.net>. |
| 59 | |
| 60 | |
| 61 | BUILDING THE PPPD |
| 62 | |
| 63 | The userland component of PPPD has no additional requirements above |
| 64 | those for MS-CHAP and MS-CHAPv2. |
| 65 | |
| 66 | MPPE support is now included in the mainline Linux kernel releases. |
| 67 | |
| 68 | |
| 69 | CONFIGURATION |
| 70 | |
| 71 | See pppd(8) for the MPPE options. Under Linux, if your modutils is earlier |
| 72 | than 2.4.15, you will need to add |
| 73 | |
| 74 | alias ppp-compress-18 ppp_mppe |
| 75 | |
| 76 | to /etc/modules.conf. |
| 77 | |
| 78 | |