pptp client
 getting started
 try it
 fedora core 1
 fedora core 2
 fedora core 3
 fedora core 4
 fedora core 5
 fedora core 6
 mandrake 9.0
 mandrake 10.0
 mandrake 10.1
 red hat 9
 red hat 8.0
 red hat 7.3
 suse 10.0
 suse 9.2
 suse 9.1
 suse 8.2
 support faq
 contact us

PPTP Client

Diagnosis HOWTO, Contributions

by Rob Gamble
12th August 2003

Date: 11 Aug 2003 13:27:53 -0400
To: james dot cameron at ...
From: robgamble at robgamble dot com
Subject: PPTP -> Win2000 Server Tip

First, let me say PPTP-linux is great, I really admire the good work you and your colleagues have put into it. I'm a Windows developer trying to gain proficiency in Linux since that's the way I see things going long-term. Your FAQ and distribution-specific instructions were so well written that I felt compelled to send you a note on a fix I stumbled across. If you think it's useful, perhaps it could be added to the troubleshooting page and possibly help others.

I was able to connect to my work VPN Win2K server, though I have a routing problem afterward. When I tried to connect to my home Win2K server from work, the "MPPE required but peer negotiation failed" message stopped me from connecting. I gathered from your excellent help that 40-bit encryption was being used by my home server and I don't have local Linux support for it installed. Since I have full control over my home VPN server and I'm lame at Linux, I looked for a solution on the server end. Here's what I found:

The "No Encryption" option in Remote Access Policies was enabled, apparently allowing 40-bit encryption when I tried to authenticate. I was able to force 128-bit encryption by removing the "No Encryption" option on my server (which I wanted anyway):

  1. In Program Files -> Administrative Tools -> Routing and Remote Access ...

  2. Navigate to Remote Access Policies. Right-click on the default policy (mine had only one), and choose Properties.

  3. From the Edit Policy dialog, press Edit Profile.
  4. From the Edit Profile dialog, navigate to the Encryption tab.

  5. Remove the No Encryption check box, press OK on all screens.

The changes will take effect immediately for all new connection attempts.

I hope this helps someone else, and thanks again for the great tools!

Rob Gamble
robgamble at robgamble.com