PPTP encryption fix (getting close)

Search This thread
Oct 5, 2009
8
1
For anyone interested in playing with it, I have built the ppp_mppe.ko module that is missing to make the PPTP with encryption work. My initial testing shows that it connects and passes traffic. Unfortunately, after a few minutes it stops passing traffic but remains connected. I need to investigate the logs...

To try it, open a terminal, cd to the folder where you stored it, su (YOU NEED ROOT), "insmod ppp_mppe.ko", and then go try an encrypted VPN PPTP connection. Mine failed the first time, and then worked on subsequent connections.

e081820061574b1ab1188294e62e1cff ppp_mppe.ko

I'm curious to see if anyone here cares about this and how it works for you.

Shayne
 

Attachments

  • ppp_mppe.zip
    27.4 KB · Views: 414

alroger

Senior Member
May 19, 2011
1,299
1,937
Deerfield Beach
OnePlus 6
Moto G Stylus 5G
I'm really interested in make my VPN work. I'm using CM7 on Galaxy Tab. I don't think your module was made for my kernel.
Is this ever going to be fixed? I'm able to connect to my PPTP VPN provider, and it requires encryption. I can ping out for a while... but as soon as I open the browser or other app the actually uses the net the pings stop and connection stops transmitting, although still connected. So frustrating...
 
Oct 5, 2009
8
1
Yeah, the module isn't going to work on other devices.

I get the same result as you when I do a PPTP connection. Actually when I posted this I hadn't dug deep enough to find that this was a long standing problem, and I just figured that getting the module loaded in would fix it.

Seems like this module should be where the bug is, but I haven't had time to look at it more closely. Apparently there aren't enough people that care about this feature.
 
Oct 5, 2009
8
1
Looks like this problem is related to the MTU. I can send/rcv 1380 byte pings, but anything bigger causes the connection to quit working. I'm thinking that rebuilding pppd with a lower MTU might be interesting, but I need to get set up to do that. pppd does not pay attention to config files, and mtpd, akaik, doesn't pass an mtu/mru arg to it.
 

alroger

Senior Member
May 19, 2011
1,299
1,937
Deerfield Beach
OnePlus 6
Moto G Stylus 5G
Looks like this problem is related to the MTU. I can send/rcv 1380 byte pings, but anything bigger causes the connection to quit working. I'm thinking that rebuilding pppd with a lower MTU might be interesting, but I need to get set up to do that. pppd does not pay attention to config files, and mtpd, akaik, doesn't pass an mtu/mru arg to it.

I have come across this blog with some mtpd command line examples, see if it helps on manually connecting with custom MTUs.

I also tried a couple suggestions of changing MTU on the eth0 to 1480 and 1380 before and after connecting to the VPN, without any success. Also tried different MTUs on ppp0 after connection also with no success.
 

xdadevnube

Senior Member
Jun 28, 2011
1,038
178
I just wanted to say that even though this stuff is far too above my head for me to contribute, thanks for working on this!
Now I can keep daydreaming about turning my phone into a PPTP server...
 
Last edited:

p671

New member
Aug 13, 2011
2
0
I understand that this thread hasn't been active for a while, however, I do want to say thanks for this! With the provided module, I was finally able to connect to our VPN server using PPTP with encryption. In fact, I was able to do so as well over 4G. I read through several threads on various sites regarding the commonality of this issue and possible firewall NAT restrictions on Verizon's behalf. It seems it was just a module needed that fixed all this.

On a side note, I haven't had the connection dropped so far. I'm about 1000 ping sequence in and connectivity is still up and running. Not sure if this is an effective means of validation it. :)

If it helps others looking into this issue as well, note, that I've tried virtually all available kernels as of date to this posting. Nothing worked. This module was the only thing that granted access to our VPN server.

Update: Spoke to soon. After attempting to log into a server, data was no longer able to pass through.
 
Last edited:
Oct 5, 2009
8
1
I'm glad to hear it has helped you. It didn't turn out to help me.

To test it further, I suggest you pass some real traffic over it. Regular ping traffic doesn't cause the loss of connection that I'm familiar with. If it continues to work, count yourself lucky, and you might want to convince your favorite kernel builder (imnuts, maybe) to include that module.

I spent some time looking into the dropped connection issue and was not successful at finding a solution. What I think I learned is that when the pptp server handles a packet larger than the mru and fragments the packet, the first fragment decrypts ok, but the second fragment decrypts to junk. It's supposed to be stateless encryption, but all subsequent packets silently fail to decrypt. Thus, all traffic stops moving and the link eventually times out.

This problem only seems to affect the reception of packets. The outgoing traffic seems to be unaffected.

The PPP and MPPE code in the froyo kernel is unchanged from that in the mainstream Linux kernel. My Ubuntu desktop can do PPTP with MPPE no problem. So why can't froyo?

This was absorbing too much of my time, so I finally gave in and set up L2TP.
 

p671

New member
Aug 13, 2011
2
0
The PPP and MPPE code in the froyo kernel is unchanged from that in the mainstream Linux kernel. My Ubuntu desktop can do PPTP with MPPE no problem. So why can't froyo?

I'm not entirely sure if froyo's at fault as I was able to confirm with a few of my colleagues that they were able to VPN with PPTP just fine on their non-charge device that's on froyo. Additionally, I even tried the GB leak but ended up with the same results.

This was absorbing too much of my time, so I finally gave in and set up L2TP.

Thanks for taking a stab at this though. It does seem that there isn't a big call for this feature within the community; a huge bummer for those that does need it.
 

Flasharino

Member
Jun 23, 2007
21
1
Problem details

I have this problem with my HTC Inspire 4G and I've been researching it a lot.

The error reported on PPTP server side suggests that Android PPTP client tries to negotiate unsupported protocol:

pppd: Protocol-Reject for unsupported protocol 0xxx

but it is a misleading message since initially the protocol is negotiated correctly and the connection is established. Only after several dozens of frames are transmitted the error appears and it repeats with different value of unsupported protocol in the message.

Since then the PPTP tunnel is out of sync and Android client sends effectively random octets from the MPPE encryption module.

I will include links here to Web pages with details FYI if you are interested in more details about it.

http://www.securitykiss.com/resources/articles/android_vpn_bug/index.php

http://code.google.com/p/android/issues/detail?id=10901

http://code.google.com/p/android/issues/detail?id=4706
 
  • Like
Reactions: alroger

redpilleatr

Member
Oct 14, 2011
26
2
This was absorbing too much of my time, so I finally gave in and set up L2TP.

Interesting that PPTP failed you, but L2TP worked. I had the opposite experience. A stock unrooted Android 2.2.2 connected to a debian pptpd just fine, mostly with default settings. (although I didn't go as far as to route traffic, just confirmed that there's an encrypted connection)

But it's ipsec that doesn't work for me. Would you please post the L2TP server configuration that works for you?

I'll post the PPTP server settings if anyone is interested.
 
Oct 5, 2009
8
1
The PPTP doesn't fail until you send traffic. Specifically, it works ok until you send a large packet that get fragmented. Then it seems the encryption becomes out of sync and things go downhill from there.

My L2TP is running on Windows Server just using default settings, so nothing to post really.

This thread should probably be closed since it doesn't really relate to the Charge specifically and the fix isn't "getting close" afaik.

Shayne
 

xdadevnube

Senior Member
Jun 28, 2011
1,038
178
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.

Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise :rolleyes:

Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.
 

JihadSquad

Senior Member
Oct 5, 2011
1,606
245
Madison, WI
xdaforums.com
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.

Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise :rolleyes:

Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.

I think samsung screwed it up more than the OS.
 

Haadkoe

Senior Member
Jul 10, 2007
173
27
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.

Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise :rolleyes:

Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.

Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.

Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.
 
Last edited:

xdadevnube

Senior Member
Jun 28, 2011
1,038
178
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.

Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.

I dunno, but I just got it working on ICS 4.03 CleanROM Kang Tapped Edition for the HTC Rezound.
MPPE enabled.
It passes traffic, can browse the web, copy files from a network share. Connectivity does not get lost.
It does use the remote gateway.
I didn't check on if it was possible to set a local gateway.
Anyways, I've been waiting for this damned feature for quite some time.
If all you want to do is access your PC's files, I suggest PocketCloud Explore.
It is pretty tight.
 

thefriskychip

Member
Oct 2, 2011
22
2
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.

Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.

there is a specific way to force Encryption on the PPTP server on ddwrt

More info.

http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration
 

xdadevnube

Senior Member
Jun 28, 2011
1,038
178
Okay, for anybody interested, I did get successful VPN with encryption working on the Droid Charge with an app called VPNRoot:
https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
Plus, this allows one to have no pin or pattern unlock, no lock screen at all actually.
It worked for me on both the Droid Charge with Tweakstock 2.0 and the HTC Rezound with an ICS ROM.
I paid for the pro version of the VPNRoot app by donating to the dev. Now I finally have the feature I wanted over a year ago when I got my Charge.
ICS works with VPN, but you have to have a pin or pattern lockscreen on your phone. If you disable the lockscreen with NoLock or via a tweak, you still have to enter your pin or pattern every time you click a notification....
VPNRoot does exactly what I want. For some reason at first I had trouble with it, but the latest version seemed to fix all the issues.
I haven't done thorough testing on speed yet, but hopefully will soon.
 
  • Like
Reactions: vfrjim

vfrjim

Member
Mar 30, 2009
32
2
Okay, for anybody interested, I did get successful VPN with encryption working on the Droid Charge with an app called VPNRoot:
https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
Plus, this allows one to have no pin or pattern unlock, no lock screen at all actually.
It worked for me on both the Droid Charge with Tweakstock 2.0 and the HTC Rezound with an ICS ROM.
I paid for the pro version of the VPNRoot app by donating to the dev. Now I finally have the feature I wanted over a year ago when I got my Charge.
ICS works with VPN, but you have to have a pin or pattern lockscreen on your phone. If you disable the lockscreen with NoLock or via a tweak, you still have to enter your pin or pattern every time you click a notification....
VPNRoot does exactly what I want. For some reason at first I had trouble with it, but the latest version seemed to fix all the issues.
I haven't done thorough testing on speed yet, but hopefully will soon.

VPNRoot works great, thanks! I have the same issue on my Hyundai T7 with android 4.0.4, times out connecting to my VPN, but this app solves that problem.
 
Last edited:

Bert02

Senior Member
Feb 16, 2012
51
6
I'm using vpn root on a s4 with stock ics firmware.
it can connect but times out all the time.
I can do google searches fine but trying to load any Web page just hangs.
have a pptp vpn on dd-wrt.
is there any settings I need to change?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Problem details

    I have this problem with my HTC Inspire 4G and I've been researching it a lot.

    The error reported on PPTP server side suggests that Android PPTP client tries to negotiate unsupported protocol:

    pppd: Protocol-Reject for unsupported protocol 0xxx

    but it is a misleading message since initially the protocol is negotiated correctly and the connection is established. Only after several dozens of frames are transmitted the error appears and it repeats with different value of unsupported protocol in the message.

    Since then the PPTP tunnel is out of sync and Android client sends effectively random octets from the MPPE encryption module.

    I will include links here to Web pages with details FYI if you are interested in more details about it.

    http://www.securitykiss.com/resources/articles/android_vpn_bug/index.php

    http://code.google.com/p/android/issues/detail?id=10901

    http://code.google.com/p/android/issues/detail?id=4706
    1
    Okay, for anybody interested, I did get successful VPN with encryption working on the Droid Charge with an app called VPNRoot:
    https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
    Plus, this allows one to have no pin or pattern unlock, no lock screen at all actually.
    It worked for me on both the Droid Charge with Tweakstock 2.0 and the HTC Rezound with an ICS ROM.
    I paid for the pro version of the VPNRoot app by donating to the dev. Now I finally have the feature I wanted over a year ago when I got my Charge.
    ICS works with VPN, but you have to have a pin or pattern lockscreen on your phone. If you disable the lockscreen with NoLock or via a tweak, you still have to enter your pin or pattern every time you click a notification....
    VPNRoot does exactly what I want. For some reason at first I had trouble with it, but the latest version seemed to fix all the issues.
    I haven't done thorough testing on speed yet, but hopefully will soon.