Re: [lwip-users] PPP MPPE "Optional" Support

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] PPP MPPE "Optional" Support

From:	Sylvain Rochet
Subject:	Re: [lwip-users] PPP MPPE "Optional" Support
Date:	Fri, 12 Aug 2016 00:33:44 +0200
User-agent:	Mutt/1.5.23 (2014-03-12)

Hi Patrick,


On Wed, Aug 10, 2016 at 07:49:03PM -0400, Patrick Klos wrote:
> 
> It's been a long time since I was a PPP expert,

Well, from here you know more than me about PPP even if I'm maintaining 
the lwIP PPP stack for over 4 years now. So don't worry :p

By the way, thank you very much for your ability, better than mine, to 
find out what is wrong only from PPP packet traces :-)


> but if I remember correctly, the sequence of PPP negotiations is LCP 
> (which negotiates if/which authentication protocol will be used), 
> followed by authentication (if any), followed by other negotiations 
> (IPCP, CCP, etc).  If that's correct, then you won't have to enable 
> CCP (and/or MPPE) until after your LCP state machine reaches the 
> Opened state, so you'd know by then if MSCHAPv2 was negotiated or not?
>
> I can't say what the implications would be with the LwIP PPP as I 
> haven't used it.

The problem here is that MSCHAPv2 have to prepare keys for MPPE since 
MPPE keys are derived from MSCHAPv2 challenge hashes, therefore MPPE 
must currently be enabled before MSCHAPv2 authentication start.

We could argue whether we should always prepare keys even if MPPE is not 
enabled, which would add useless CPU cycles for users which built MPPE 
support but are actually not using it, but anyway, user is not supposed 
to change PPP options once the session is started :-)

 
> > Or is even that poor practice to change LCP options in the middle of the
> > negotiation?
> 
> CCP (where MPPE would be negotiated) is completely independent of LCP.  
> None of your LCP options would have to change once you've gotten to 
> the LCP Opened state.  Once LCP finishes, you'll know if you've 
> negotiated MSCHAPv2 and if you even need to enable CCP (and MPPE) 
> negotiations.

I can confirm that, LCP options are probably not going to change once 
authentication is started. I'm quite sure the protocol does not disallow 
renegotiating some options later, but obviously no one does that, I 
can't see any use case for wanting to do that either.

Anyway, I think Greg is just thinking that MPPE is a LCP option, while 
obviously it is not, that's all :)


Sylvain

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] PPP MPPE "Optional" Support, Greg Smith, 2016/08/10
- Re: [lwip-users] PPP MPPE "Optional" Support, Patrick Klos, 2016/08/11
  - Re: [lwip-users] PPP MPPE "Optional" Support, Sylvain Rochet <=
    - Re: [lwip-users] PPP MPPE "Optional" Support, Greg Smith, 2016/08/12
- Re: [lwip-users] PPP MPPE "Optional" Support, Sylvain Rochet, 2016/08/11
  - Re: [lwip-users] PPP MPPE "Optional" Support, Greg Smith, 2016/08/12
- Re: [lwip-users] PPP MPPE "Optional" Support, Greg Smith, 2016/08/10
  - Re: [lwip-users] PPP MPPE "Optional" Support, Sylvain Rochet, 2016/08/11
    - Re: [lwip-users] PPP MPPE "Optional" Support, Greg Smith, 2016/08/12

Prev by Date: Re: [lwip-users] PPP MPPE "Optional" Support
Next by Date: Re: [lwip-users] PPP MPPE "Optional" Support
Previous by thread: Re: [lwip-users] PPP MPPE "Optional" Support
Next by thread: Re: [lwip-users] PPP MPPE "Optional" Support
Index(es):
- Date
- Thread