$NetBSD: patch-ba,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $ --- /dev/null Wed Dec 31 16:00:00 1969 +++ README.MPPE Tue Jun 29 10:24:14 1999 @@ -0,0 +1,45 @@ +Just a few quick notes. + +MPPE support was started by Árpád Magosányi in 1994, +and was finished by Tim Hockin, Cobalt Networks Inc. +in 1999. If you helped, and I don't know it (which could be) please notify +the maintainer of this code, and it will be rectified. As far as I know, only i +Linux is supported (sorry - it's all we had available). + +MPPE - Microsoft Point-to-Point Encryption uses rc4 (40 or 128 bit) as a +bi-directional encryption algorithm. The keys are based on your MS-CHAP +authentication info, so you must use chapms or chapms-v2. Rc4 is owned by +RSA Data Security, and you may have to pay to use it, or not use it at all, +depending on your place of residence. No author listed in this file claims +any responsibility for misuse of this software. Copyright for some code is +owned by Eric Young (see ./linux/rc4.h for details). Depending on where you +got this code from (either in patch or tar.gz form), you may need to obtain +the actual rc4 code from a different site. The implementation of rc4 found in +the SSLeay package, by Eric Young, version 0.6.6. This package can be found +at ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/. Newer versions than 0.6.6 may +require some minor source code or header file changes. Once obtained, copy +rc4.h and rc4_enc.c to the linux/ subdir of this package. + +This is NOT a particularly secure mode of operation. For maximum possible +security using MPPE, it is advised in the RFC's to use the highest mode of +encryption that is legal, and to enable stateless mode (which renogotiates +keys with every packet). Even with these precautions, MPPE is not very secure, +but anything is better than nothing, right? + +That said, it seems to work pretty well, for what it is. MSChap-v2 support +was added by someone along the way, and MPPE needed some finishing. It +appears to work with Windows (tm) clients, with encryption specified. + +How to use it: +* Compile this pppd, and teh associated kernel modules. +* Add +chapms and/or +chapms-v2 to your pppd command line. +* Add mppe-40 and/or mppe-128 and/or mppe-stateless to your pppd command line. +* Either load ppp_mppe.o manually or put this line in your /etc/conf.modules. + alias ppp-compress-18 ppp_mppe +* Go for it. + + +For further reading: + Use the source, Luke. + draft-ietf-pppext-mppe-03.txt (any RFC site should have this) + draft-ietf-pppext-mppe-keys-00.txt (ditto)