(Feature) MPPE-128 traffic crypting + traffic compression options in VPN Server page

[GoogleCodeExporter]

Dear Gurus, help me please in PPTP VPN Server configuring.
I don't know how to turn on traffic compression in VPN Server options (by 
defaults?).
I have 7Mbit/s DSL connection in office and 3Mbit/s LAN at home (medical 
database on home router Asus RT-N56U). Unfortunately I have extremely slow 
upload speed ~10KB/s in the office. It slows down remote database calls and 
prevents remote database update with papers and books.

What is the expected output? What do you see instead?
I want to see several options for traffic compression in VPN Server page. Or 
any advise how to turn it on in terminal.

What version of the product are you using? On what operating system?
Firmware 1.0.1.8d-p3

Original issue reported on code.google.com by skurydi...@gmail.com on 28 Mar 2012 at 9:21

[GoogleCodeExporter]

Hi again, =)

Do you have the database in router or other host?..
(I'll check for compression now)

Original comment by d...@soulblader.com on 28 Mar 2012 at 10:20

[GoogleCodeExporter]

You know, I think it will not work with compression. You can try to install 
OpenVPN. It uses lzo compression (it's switched on in config by default)

But if you use some database as mysql or pgsql on the router, it requires more 
system memory than the device has. So slow speed may be caused with it.

Original comment by d...@soulblader.com on 28 Mar 2012 at 10:39

[GoogleCodeExporter]

There are several mppe-mppc(!) patches for PPTPD VPN Server:
http://www.opennet.ru/base/net/vpn_tune.txt.html

I don't need OpenVPN installation for its huge sysadmin options.
PPTPD VPN Server is quite enough for my private usage.

Original comment by skurydi...@gmail.com on 28 Mar 2012 at 11:30

[GoogleCodeExporter]

Surprisingly, there is following line in /tmp/ppp/options.pptpd:
+mppc

But VPN-compresion (mppc) is not available... =)

Original comment by skurydi...@gmail.com on 28 Mar 2012 at 11:43

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Microsoft PPP *compression*/encryption (*MPPC*/*MPPE*):
http://mppe-mppc.alphacron.de/

MPPC must be preconfigured in Kernel:
http://www.adamsinfo.com/linux-pptp-poptop-vpn-setup-with-mppe-and-mppc/

I suppose, this patch would be applied in new version of firmware (in
kernel).

SSV.

Original comment by skurydi...@gmail.com on 28 Mar 2012 at 1:15

[GoogleCodeExporter]

I've checked the source and I can see that changes to the kernel have been 
already applied by Padavan. PPP supports compression. You can also see it in 
syslog when the device boot: "kernel:  PPP MPPE Compression module registered".

How do you check that it doesn't work?.. 
This option always switched on on server, and if it a client also supports this 
type of compression, then traffic is compressed.

Original comment by d...@soulblader.com on 28 Mar 2012 at 3:21

[GoogleCodeExporter]

I always check the options of VPN connection in Win7. I had never seen any
sessions with compression being activated...
Don't know why.
How can I monitor pptpd vpn status via terminal?

Original comment by skurydi...@gmail.com on 28 Mar 2012 at 5:07

[GoogleCodeExporter]

Is this feature switched on in Windows client configuration?
I think the answer is 'yes', because it is switched on by default as far as I 
remember...

Original comment by d...@soulblader.com on 29 Mar 2012 at 1:43

[GoogleCodeExporter]

Autoconfiguration is switched on.

Windows7 x64:

C:\Users\skurydinsv>ipconfig /all

...
...

Адаптер PPP VPN-ASUS:

   DNS-суффикс подключения . . . . . :
   Описание. . . . . . . . . . . . . : VPN-ASUS
   Физический адрес. . . . . . . . . :
   DHCP включен. . . . . . . . . . . : Нет
   Автонастройка включена. . . . . . : Да(!)
   IPv4-адрес. . . . . . . . . . . . : 192.168.xxx.xxx(Основной)
   Маска подсети . . . . . . . . . . : 255.255.255.255
   Основной шлюз. . . . . . . . . : 0.0.0.0
   DNS-серверы. . . . . . . . . . . : 192.168.xxx.xxx
   NetBios через TCP/IP. . . . . . . . : Включен

...
...

Original comment by skurydi...@gmail.com on 29 Mar 2012 at 7:36

Attachments:

• Screen.jpg

[GoogleCodeExporter]

ASUS logs uncork great surprise on enabled compession(as router thinks):

Mar 29 11:25:36 pptpd[1812]: CTRL: Client X.X.X.X control connection started
Mar 29 11:25:36 pptpd[1812]: CTRL: Starting call (launching pppd, opening GRE)
Mar 29 11:25:36 pppd[1813]: Plugin pptp.so loaded.
Mar 29 11:25:36 pppd[1813]: PPTP plugin version 0.8.5 compiled for pppd-2.4.5
Mar 29 11:25:36 pppd[1813]: pppd 2.4.5 started by admin, uid 0
Mar 29 11:25:36 pppd[1813]: Using interface ppp1
Mar 29 11:25:36 pppd[1813]: Connect: ppp1 <--> pptp (X.X.X.X)
Mar 29 11:25:39 pptpd[1812]: CTRL: Ignored a SET LINK INFO packet with real 
ACCMs!
Mar 29 11:25:39 pppd[1813]: MPPE 128-bit stateless compression enabled(!!!)
Mar 29 11:25:39 pppd[1813]: found interface br0 for proxy arp
Mar 29 11:25:39 pppd[1813]: local  IP address X.X.X.X
Mar 29 11:25:39 pppd[1813]: remote IP address X.X.X.X
Mar 29 11:25:39 ip-up.pptpd: ifname: ppp1, local IP: X.X.X.X, remote IP: 
X.X.X.X, login: xxx
Mar 29 11:41:59 dropbear[1883]: Child connection from X.X.X.X:XXX
Mar 29 11:42:16 dropbear[1883]: pubkey auth succeeded for 'XXX' with key md5 
XXX from X.X.X.X:XXX

I don't know how to check the efficiency of this "compression" by the 
terminal...

Original comment by skurydi...@gmail.com on 29 Mar 2012 at 7:56

[GoogleCodeExporter]

Ёп..... ))))
А нафига вы все это время на англ писали? ))))
Последнее - никак не проверить. Если 
поключена флешка к роутеру, и установлен 
Optware - поставьте лучше OpenVPN. Ничего сложного 
в установке нет. Тот пакет, который в 
загрузках - уже с конфигурацией. Т.е. вам 
нужно будет всего лишь запустить установку 
пакета и добавить учетки в файлик. Всё. На 
выходе получите гораздо более высокую 
скорость подключения по VPN. Для винды нужно 
будет установить софт, но клиентов полно, 
даже портабл.

Original comment by d...@soulblader.com on 29 Mar 2012 at 3:44

[GoogleCodeExporter]

OK

29 ����� 2012 �. 18:45 ������������ <rt-n56u@googlecode.com> �������:

Original comment by skurydi...@gmail.com on 29 Mar 2012 at 4:58

[GoogleCodeExporter]

I like English. It's quicker in typing :)

Original comment by skurydi...@gmail.com on 29 Mar 2012 at 5:13

[GoogleCodeExporter]

I can't say, that OpenVPN is quick to configure, as it is recommended:
http://openvpn.net/index.php/open-source/documentation/howto.html#quick

I need to generate CA, several keys, great trouble with certificate exhange and 
user id... It is very time-consuming, and I'm not a programmer or sysadmin...
I hope, OpenVPN would be provided in the next Padavan firmware with friendly 
web face and friendly wizards...

Original comment by skurydi...@gmail.com on 29 Mar 2012 at 7:02

[GoogleCodeExporter]

No, you dont need to generate anything yourself. =))
I've added the scripts which does all required config itself.
So, when you execute install, first it will install the package, then you'll 
need to fill the 6 short fields (it will ask the info for CA and you can just 
press <Enrer> on each, because fields have default values):
------------------------------------------------

Country                 
Province                
City                    
Organization            
Organization unit       
Common name             
Email address           

------------------------------------------------

After that you need to add accounts to /opt/etc/openvpn/secrets. Just username 
and password. Copy /opt/etc/openvpn/keys/ca.crt to machine you'd like to 
connect from. (I uploaded my ca.crt to web folder on dropbox, so I can use it 
from any machine)

Start the server. /opt/etc/init.d/S20openvpn start
That's it! You'll get ready-for-connections OpenVPN server.

Does it seem hard for you now?

Original comment by d...@soulblader.com on 30 Mar 2012 at 4:25

[GoogleCodeExporter]

Several guys from my provider subnet would have the same CAs?

Original comment by skurydi...@gmail.com on 30 Mar 2012 at 6:31

[GoogleCodeExporter]

It is the open or shared cert.  The algorithm is - you (your router as server) 
has open and private keys. Client should get shared cert from server, and has 
his private key. Then both sides generate pseudo-random key and crypt data with 
it.
For example, when you visit some https website, your are able to view its 
public key.
CA.crt is the same file.
And these guys from your provider should sing-in with their login and password 
(each user has his own account). Or you can reconfigure it so, that server will 
use only certificates (without user accounts).

Original comment by d...@soulblader.com on 30 Mar 2012 at 7:49

[GoogleCodeExporter]

This source will tell you the details better than me - 
http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange )))

Original comment by d...@soulblader.com on 30 Mar 2012 at 8:02

[GoogleCodeExporter]

As for me, I vote for PPTP VPN Server. It is a bit slower, but much more
easier in configuration, than OpenVPN.
It has no troubles with lost UDP packets in Windows and subnet
configuring...
OpenVPN - is the choice for Gurus :)

In PPTP VPN I need only RSA keys...
Is it possible to provide private and public key usage, like in built-in
SSH-server?

As for me, I would like to see new firmware with working built-in
transmission-daemon+GUI (working for all torrents!) + working configurable
Samba (for each separate folder) + working Download Master (maybe
recompiled by Padavan?!) + PPTP VPN Server (with RSA key pair) + HTTPS(!)
web face for "my.router".
I am ready to pay for this features...
What is recommended donation? :)

I am an end-user and have no time to study great Linux forums...
It must be as easy, as Google Android usage.

Sincerely, Serge Skurydin.

Original comment by skurydi...@gmail.com on 30 Mar 2012 at 9:18

[GoogleCodeExporter]

You know, I've seen Poptop used with crypto keys...
What do you mean?..

I set this topic to 'invalid' as it seems the header question was resolved

Original comment by d...@soulblader.com on 30 Mar 2012 at 12:03

• Changed state: Invalid

[GoogleCodeExporter]

Sorry, I wanted to say that I had never seen Poptop using crypt keys...

Original comment by d...@soulblader.com on 30 Mar 2012 at 1:57