Page MenuHomeVyOS Platform

PPPoE server: mppe setting is implemented as node instead of leafNode
Closed, ResolvedPublicBUG

Description

PPPoE server supports setting the MPPE preferences, it is implemented as node with leafnodes for require, prefer and deny. This will render a wrong Accel configuration as it will be "None" if specified.

+pppoe-server {
+    ppp-options {
+        mppe {
+            deny
+            require
+        }
+    }
+}

it must be:

+pppoe-server {
+    ppp-options {
+        mppe require
+    }
+}

The first version renders the following AccelPPP configuration:

[ppp]
mppe=None

Accel docs: https://accel-ppp.readthedocs.io/en/latest/configuration/ppp.html?highlight=mppe

Details

Difficulty level
Easy (less than an hour)
Version
1.3-rolling-202008260118
Why the issue appeared?
Design mistake
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

c-po changed the task status from Open to In progress.
c-po claimed this task.
Unknown Object (User) subscribed.Aug 26 2020, 5:56 PM
c-po changed the task status from Resolved to Unknown Status.
c-po triaged this task as Normal priority.
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.

There can not be a config migrator, thus the setting will be changed to "prefer" (default) which will not break any client implementations

c-po changed the task status from Unknown Status to Resolved.Aug 26 2020, 6:10 PM
c-po moved this task from In Progress to Finished on the VyOS 1.2 Crux (VyOS 1.2.6) board.
In T2829#73944, @c-po wrote:

There can not be a config migrator, thus the setting will be changed to "prefer" (default) which will not break any client implementations

Actually it broke MikroTik PPPoE client (my home router) which disconnects with "No compression negotiated" error, still worked with 1.2.5 and 1.2.6-epa1 but not with 1.2.6-S1 until I added "set service pppoe-server ppp-options mppe 'deny'" to the config.

MPPE being old (and Microsoft...) is probably not considered secure anymore.

c-po reopened this task as In progress.Oct 4 2020, 10:48 AM

@marekm I've reproduced your issue and fixed it for 1.2.7 - Thanks for reporting.