Re: pptp server woes, revisited...

[Raan Young <raan@graand-visions.com>]

A week or so ago, I posted a message looking for help getting a
Microsoft VPN (via PPTP) to connect to an OpenBSD 2.8 system (acting
as the server).  Thanks to those who responded with ideas.

It turns out that my primary problem was a couple of bad options in
the pppd configuration and I now have a working PPTP connection
between a Win95 box and the OpenBSD server.


Originally, I was planning on posting a message which explained the
various steps and configurations needed to get this working, for the
sake of posterity.

However, I've just discovered that, while the connection is working,
the data is UNENCRYPTED! and in fact, if I attempt to require
encryption, I get an error about it not being supported... Gee, it
sure seems like a reasonable expectation that VPN tunneling would be
private (ie encrypted)!  My first inclination was to blame Microsoft.

But, it seems the problem is actually on the OpenBSD end.
Specifically, OpenBSD (even 2.9) seems to include a rather old version
(2.3.5) of the ppp package (which pptp builds on).  The ppp
distribution is up to version 2.4 something and encryption support for
the Microsoft pptp scheme has been available since 2.3.8 (albeit
apparently only for Linux).  It appears that adding encryption support
for OpenBSD would require not only updating to a newer ppp package,
but hacking the kernel to include the necessary changes there...  And
even at that I'd be having to convert Linux kernel patches to OpenBSD.

Am I missing something?  Is there an easier way to get this working
(with encryption)?  Should I give up?

Are there any packages that run on Win95/etc and implement IPSec so I
can create an encrypted tunnel that way?

Raan