1PPP Support for MPPE (Microsoft Point to Point Encryption) 2========================================================== 3 4Frank Cusack frank@google.com 5Mar 19, 2002 6 7Updated by Paul Mackerras, Sep 2008 8 9 10DISCUSSION 11 12MPPE is Microsoft's encryption scheme for PPP links. It is pretty much 13solely intended for use with PPP over Internet links -- if you have a true 14point to point link you have little need for encryption. It is generally 15used with PPTP. 16 17MPPE is negotiated within CCP (Compression Control Protocol) as option 1818. In order for MPPE to work, both peers must agree to do it. This 19complicates things enough that I chose to implement it as strictly a binary 20option, off by default. If you turn it on, all other compression options 21are disabled and MPPE *must* be negotiated successfully in both directions 22(CCP is unidirectional) or the link will be disconnected. I think this is 23reasonable since, if you want encryption, you want encryption. That is, 24I am not convinced that optional encryption is useful. 25 26While PPP regards MPPE as a "compressor", it actually expands every frame 27by 4 bytes, the MPPE overhead (encapsulation). 28 29Because of the data expansion, you'll see that ppp interfaces get their 30mtu reduced by 4 bytes whenever MPPE is negotiated. This is because 31when MPPE is active, it is *required* that *every* packet be encrypted. 32PPPD sets the mtu = MIN(peer mru, configured mtu). To ensure that 33MPPE frames are not larger than the peer's mru, we reduce the mtu by 4 34bytes so that the network layer never sends ppp a packet that's too large. 35 36There is an option to compress the data before encrypting (MPPC), however 37the algorithm is patented and requires execution of a license with Hifn. 38MPPC as an RFC is a complete farce. I have no further details on MPPC. 39 40Some recommendations: 41 42- Use stateless mode. Stateful mode is disabled by default. Unfortunately, 43 stateless mode is very expensive as the peers must rekey for every packet. 44- Use 128-bit encryption. 45- Use MS-CHAPv2 only. 46 47Reference documents: 48 49 <http://www.ietf.org/rfc/rfc3078.txt> MPPE 50 <http://www.ietf.org/rfc/rfc3079.txt> MPPE Key Derivation 51 <http://www.ietf.org/rfc/rfc2118.txt> MPPC 52 <http://www.ietf.org/rfc/rfc2637.txt> PPTP 53 <http://www.ietf.org/rfc/rfc2548.txt> MS RADIUS Attributes 54 55You might be interested in PoPToP, a Linux PPTP server. You can find it at 56<http://www.poptop.org/> 57 58RADIUS support for MPPE is from Ralf Hofmann, <ralf.hofmann@elvido.net>. 59 60 61BUILDING THE PPPD 62 63The userland component of PPPD has no additional requirements above 64those for MS-CHAP and MS-CHAPv2. 65 66MPPE support is now included in the mainline Linux kernel releases. 67 68 69CONFIGURATION 70 71See pppd(8) for the MPPE options. Under Linux, if your modutils is earlier 72than 2.4.15, you will need to add 73 74 alias ppp-compress-18 ppp_mppe 75 76to /etc/modules.conf. 77 78 79