Arch Linux

At the moment I have no means of actually testing or using pptp. I have disowned the package and would like you to take over, if you are still interested.

I migrated to OpenVPN a long time ago.

Do you still support the package? If yes, I can send you updated aurball, otherwise, if you orphan the package here, I will re-submit new patched version. Thanks.

Also I had to add the following lines in PKGBUILD to adjust all paths to "/usr/bin":

# adjust ip path
sed -i 's#/bin/ip#/usr/bin/ip#' routing.c
sed -i 's#/usr/sbin/pppd#/usr/bin/pppd#' config.h
sed -i 's#/usr/sbin#/usr/bin#g' Makefile

Thanks for the package. Unfortunately I *have* to use pptp because of my ISP, which doesn't support any other protocols.

I upgraded the patch to 1.8.0 (also replaced "1.7.2" to "1.8.0" and checksums in PKGBUILD):

-----
Common subdirectories: pptp-1.8.0/Documentation and copy/Documentation
diff -u pptp-1.8.0/pptp.c copy/pptp.c
--- pptp-1.8.0/pptp.c 2013-10-23 11:10:46.000000000 +0300
+++ copy/pptp.c 2015-03-20 15:38:00.131705321 +0300
@@ -79,6 +79,7 @@
int disable_buffer = 0;
int test_type = 0;
int test_rate = 100;
+int missing_window = MISSING_WINDOW;

struct in_addr get_ip_address(char *name);
int open_callmgr(struct in_addr inetaddr, char *phonenr, int argc,char **argv,char **envp, int pty_fd, int gre_fd);
@@ -125,7 +126,9 @@
" --nohostroute Do not add host route towards <hostname>\n"
" --loglevel <level> Sets the debugging level (0=low, 1=default, 2=high)\n"
" --test-type <type> Damage the packet stream by reordering\n"
- " --test-rate <n> Do the test every n packets\n",
+ " --test-rate <n> Do the test every n packets\n"
+ " --missing-window <n> Activate 'missing window' validation and set tolerance\n"
+ " to <n> packages (300=default, 6000=recommended)\n",

version, progname, progname);
log("%s called with wrong arguments, program not started.", progname);
@@ -221,6 +224,7 @@
{"test-rate", 1, 0, 0},
{"rtmark", 1, 0, 0},
{"nohostroute", 0, 0, 0},
+ {"missing-window", 1, 0, 0},
{0, 0, 0, 0}
};
int option_index = 0;
@@ -309,6 +313,20 @@
#endif
} else if (option_index == 16) { /* --nohostroute */
nohostroute = 1;
+ } else if (option_index == 17) { /* --missing-window */
+ int x = atoi(optarg);
+ if (x <= 0) {
+ fprintf(stderr, "--missing-window must be integer greater than zero\n");
+ log("--missing-window must be integer greater than zero\n");
+ exit(2);
+ } else if (x < 300) {
+ fprintf(stderr, "--missing-window is set very low: default=300, recommended=6000 - proceeding anyway\n");
+ log("--missing-window is set very low: default=300, recommended=6000 - proceeding anyway\n");
+ } else {
+ fprintf(stderr, "--missing-window validation is active and set to: %d\n", x);
+ log("--missing-window validation is active and set to: %d\n", x);
+ missing_window = x;
+ }
}
break;
case '?': /* unrecognised option */
diff -u pptp-1.8.0/pptp_gre.c copy/pptp_gre.c
--- pptp-1.8.0/pptp_gre.c 2013-10-23 11:10:46.000000000 +0300
+++ copy/pptp_gre.c 2015-03-20 15:31:09.084996558 +0300
@@ -421,10 +421,10 @@
seq, seq_recv + 1);
stats.rx_underwin++;
/* sequence number too high, is it reasonably close? */
- } else if ( seq < seq_recv + MISSING_WINDOW ||
- WRAPPED(seq, seq_recv + MISSING_WINDOW) ) {
- stats.rx_buffered++;
- if ( log_level >= 1 )
+ } else if ( (missing_window == -1) ||
+ (seq < seq_recv + missing_window || WRAPPED(seq, seq_recv + missing_window)) ) {
+ stats.rx_buffered++;
+ if ( log_level >= 2 )
log("%s packet %d (expecting %d, lost or reordered)",
disable_buffer ? "accepting" : "buffering",
seq, seq_recv+1);
diff -u pptp-1.8.0/pqueue.h copy/pqueue.h
--- pptp-1.8.0/pqueue.h 2013-10-23 11:10:46.000000000 +0300
+++ copy/pqueue.h 2015-03-20 15:31:09.084996558 +0300
@@ -9,7 +9,10 @@
extern int packet_timeout_usecs;

/* assume packet is bad/spoofed if it's more than this many seqs ahead */
-#define MISSING_WINDOW 300
+/* default is NOT to check - command line override via '--missing-window <n>'*/
+/* default value is 300 - recommended is 6000 for high speed data rates*/
+#define MISSING_WINDOW -1
+extern int missing_window;

/* Packet queue structure: linked list of packets received out-of-order */
typedef struct pqueue {
------

In the initial post here I said that pptp had been compromised. Today I read a very comprehensive article about this. Have a look at this: https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ - in summary this details how pptp (more specific MS-CHAPv2) can be compromised. Furthermore they offer a 'service' to do it for you (they deliver the hash of the password needed). Don't take it on faith, have a look at this German article: http://heise.de/-1701365 - they actually tested that 'service'. It works. I am sure that there are English media covering the same topic as well.
Telling you this here is part of due diligence. Consider pptp obsolete and switch to an alternative like OpenVPN. The encryption included with pptp is broken.

Added a simple adjustment to the loglevel to prevent logging of 'lost or reordered' packets. This used to heavily grow several logs without any benefit.

After some discussion I decided to implement both approaches together. The default behavior of this package is to disable the validation, but '--missing-window <n>' can be used to turn it back on. When 'pon' is used to establish a tunnel modify "/etc/ppp/peers/<my-VPN>". Usually you find something like 'pty "pptp <URL-to-VPN> --nolaunchpppd"' in this file, just append '--missing-window 300' to revert to default behavior.

This is pptpclient patched to remove the "MISSING_WINDOW" check. This check was designed as a safeguard against spoofing/bad packages in general. Sadly it also tends to collapse the established tunnel at 'high' data rates. There is another patch that simply alters the "MISSING_WINDOW" threshold to a much higher value while introducing the command line option to set it to a specific value. However, I chose to remove the check altogether because there is no gain in setting the value. It does not protect against spoofing and security with pptp has been compromised in several other ways anyway. Feel free to check the link below for more detail and the alternate patch:

https://bugs.launchpad.net/ubuntu/+source/pptp-linux/+bug/681617