Discussion:
PPTP after removing of userland ppp(8)
(too old to reply)
Атанас Владимиров
2014-03-19 22:39:50 UTC
Permalink
Hi,
I was running PPTP client pptp-1.7.2p4 with userland ppp(8). It was a basic
setup from pptp(8) manual page and specifically "PPTP on a router" example.
What are my alternatives to run PPTP to connect to Microsoft VPN server?
May I use ppp(4) and pppd(8) and if so can you point me to the right
direction.
Thanks for your time.
Atanas
Stefan Sperling
2014-03-19 23:15:57 UTC
Permalink
Post by Атанас Владимиров
Hi,
I was running PPTP client pptp-1.7.2p4 with userland ppp(8). It was a basic
setup from pptp(8) manual page and specifically "PPTP on a router" example.
What are my alternatives to run PPTP to connect to Microsoft VPN server?
May I use ppp(4) and pppd(8) and if so can you point me to the right
direction.
Thanks for your time.
Atanas
ppp(8) used net/pptp as a pseudo-device via pipes to a pptp process.

With pppd(8) I don't think there is support for using a pipe to
a separate process as a device. Perhaps there is another way
to make pptp work with pppd. I don't know.

npppd supports PPTP but I believe it's currently server-side only.
One possible path forward would be PPTP-client support in npppd.
I don't know if there are any plans for this and I don't have any
such plans myself.

Even though I'm still listed as maintainer of net/pptp I haven't used
it in a long time. If net/pptp goes away I won't miss it.
YASUOKA Masahiko
2014-03-20 00:50:09 UTC
Permalink
On Thu, 20 Mar 2014 00:39:50 +0200
Post by Атанас Владимиров
I was running PPTP client pptp-1.7.2p4 with userland ppp(8). It was a basic
setup from pptp(8) manual page and specifically "PPTP on a router" example.
What are my alternatives to run PPTP to connect to Microsoft VPN server?
May I use ppp(4) and pppd(8) and if so can you point me to the right
direction.
I think having good ppp client implementation and l2tp client in base
is the good direction. I myself will try to do my best for that
direction.

--yasuoka
Атанас Владимиров
2014-03-20 08:38:06 UTC
Permalink
Post by Stefan Sperling
ppp(8) used net/pptp as a pseudo-device via pipes to a pptp process.
With pppd(8) I don't think there is support for using a pipe to
a separate process as a device. Perhaps there is another way
to make pptp work with pppd. I don't know.
npppd supports PPTP but I believe it's currently server-side only.
One possible path forward would be PPTP-client support in npppd.
I don't know if there are any plans for this and I don't have any
such plans myself.
Yes, it's only server-side
Even though I'm still listed as maintainer of net/pptp I haven't used
it in a long time. If net/pptp goes away I won't miss it.
From FAQ:

PPTP
Post by Stefan Sperling
The Point to Point Tunneling Protocol (PPTP) is a proprietary Microsoft
protocol. A pptp client is available which interfaces with pppd(8)<http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&sektion=8> and
is capable of connecting to the PPTP-based Virtual Private Networks (VPN)
used by some cable and xDSL providers. pptp itself must be installed from
packages <http://www.openbsd.org/faq/faq15.html#PkgMgmt> or ports<http://www.openbsd.org/faq/faq15.html#Ports>.
Further instructions on setting up and using pptp are available in the man
page which is installed with the pptp package.
Is the following patch correct:
--- faq6.html Mon Dec 2 09:06:04 2013
+++ faq6.html.new Thu Mar 20 10:35:38 2014
@@ -982,7 +982,7 @@
The Point to Point Tunneling Protocol (PPTP) is a proprietary Microsoft
protocol.
A pptp client is available which interfaces with
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&amp;sektion=8
">pppd(8)</a>
+<a href="
http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&amp;sektion=8&amp;manpath=OpenBSD+5.4
">ppp(8)</a>
and is capable of connecting to the PPTP-based Virtual Private Networks
(VPN)
used by some cable and xDSL providers.
pptp itself must be installed from <a
href="faq15.html#PkgMgmt">packages</a>
Stefan Sperling
2014-03-20 18:06:51 UTC
Permalink
Post by Stefan Sperling
A pptp client is available which interfaces with
-<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&amp;sektion=8
">pppd(8)</a>
+<a href="
http://www.openbsd.org/cgi-bin/man.cgi?query=ppp&amp;sektion=8&amp;manpath=OpenBSD+5.4
">ppp(8)</a>
So people were confused about which PPP implementation can interface
with net/pptp? I'm not surprised.

I intend to remove the net/pptp port altogether unless someone can
provide a working configuration using pppd(8).
There are plans to add a PPTP client to npppd/pipex. So the lack
of PPTP client support will hopefully be a temporary situation.

And, as goes without saying, if possible, please consider using a different
protocol. PPTP's weaknesses have been well understood for a long time now.
Much better alternatives are available in the base system and the ports tree.
patrick keshishian
2014-03-20 18:57:57 UTC
Permalink
On 3/20/14, Stefan Sperling <***@openbsd.org> wrote:
[...]
Post by Stefan Sperling
And, as goes without saying, if possible, please consider using a different
protocol. PPTP's weaknesses have been well understood for a long time now.
Much better alternatives are available in the base system and the ports
tree.
The statement "much better alternatives are available" suggests
the user has a choice in picking these alternatives. This isn't the
case some of the time.

In my case, in the recent past, I was either to use PPTP or some
other proprietary solution in order to connect to my employer's
network. The proprietary solution would require lugging around
a Windows or Mac laptop, which made PPTP the "much better
alternative", allowing work in my preferred environment.

--patrick
Theo de Raadt
2014-03-20 19:04:47 UTC
Permalink
Post by patrick keshishian
[...]
Post by Stefan Sperling
And, as goes without saying, if possible, please consider using a different
protocol. PPTP's weaknesses have been well understood for a long time now.
Much better alternatives are available in the base system and the ports
tree.
The statement "much better alternatives are available" suggests
the user has a choice in picking these alternatives. This isn't the
case some of the time.
In my case, in the recent past, I was either to use PPTP or some
other proprietary solution in order to connect to my employer's
network. The proprietary solution would require lugging around
a Windows or Mac laptop, which made PPTP the "much better
alternative", allowing work in my preferred environment.
You'd be safer using Windows than the code which was just deleted.
Stuart Henderson
2014-03-20 23:29:45 UTC
Permalink
Post by patrick keshishian
[...]
Post by Stefan Sperling
And, as goes without saying, if possible, please consider using a different
protocol. PPTP's weaknesses have been well understood for a long time now.
Much better alternatives are available in the base system and the ports
tree.
The statement "much better alternatives are available" suggests
the user has a choice in picking these alternatives. This isn't the
case some of the time.
In my case, in the recent past, I was either to use PPTP or some
other proprietary solution in order to connect to my employer's
network. The proprietary solution would require lugging around
a Windows or Mac laptop, which made PPTP the "much better
alternative", allowing work in my preferred environment.
Which particular proprietary solution? If by any chance it's Cisco
anyconnect, see ports/net/openconnect...
patrick keshishian
2014-03-21 02:19:48 UTC
Permalink
Post by Stuart Henderson
Post by patrick keshishian
[...]
Post by Stefan Sperling
And, as goes without saying, if possible, please consider using a
different
protocol. PPTP's weaknesses have been well understood for a long time
now.
Much better alternatives are available in the base system and the ports
tree.
The statement "much better alternatives are available" suggests
the user has a choice in picking these alternatives. This isn't the
case some of the time.
In my case, in the recent past, I was either to use PPTP or some
other proprietary solution in order to connect to my employer's
network. The proprietary solution would require lugging around
a Windows or Mac laptop, which made PPTP the "much better
alternative", allowing work in my preferred environment.
Which particular proprietary solution? If by any chance it's Cisco
anyconnect, see ports/net/openconnect...
Don't recall. Maybe Juniper something?

--patrick
Stefan Sperling
2014-03-21 10:28:09 UTC
Permalink
Post by patrick keshishian
[...]
Post by Stefan Sperling
And, as goes without saying, if possible, please consider using a different
protocol. PPTP's weaknesses have been well understood for a long time now.
Much better alternatives are available in the base system and the ports
tree.
The statement "much better alternatives are available" suggests
the user has a choice in picking these alternatives. This isn't the
case some of the time.
Sure, that's why I said "if possible".

And where it's not easily possible, perhaps users can try to get
the other end to fix the problem. I don't mind putting pressure
on people to drop PPTP, and I don't even mind putting pressure
on people who will then need to put pressure on others to drop it.

pptp client users can stay with 5.4 or the (not even officially released
yet) 5.5 release for now, both of which ship net/pptp in a working state.
If you don't run -current you still have ptpp support until 5.7 comes
around and support for 5.5 is dropped. That gives pptp users (and
developers) time until May 2015.

And the plan seems to be that lack of pptp client support is temporary.
Who knows, perhaps npppd pptp client support will be added in time for 5.6.
In which case there won't even be a single release without PPTP client support.
Perhaps consider sending npppd developers a crate of beer if you care a
lot about this.

And if a pptp client doesn't ever come back I don't see how OpenBSD is
responsible for breaking setups that still rely on PPTP in this day and age.
In this case you'll have to run something else for PPTP. Sorry.

Loading...