Page MenuHomeVyOS Platform
Create Task
Maniphest T2829

PPPoE server: mppe setting is implemented as node instead of leafNode
Closed, ResolvedPublicBUG
Actions

Description

PPPoE server supports setting the MPPE preferences, it is implemented as node with leafnodes for require, prefer and deny. This will render a wrong Accel configuration as it will be "None" if specified.

+pppoe-server {
+    ppp-options {
+        mppe {
+            deny
+            require
+        }
+    }
+}

it must be:

+pppoe-server {
+    ppp-options {
+        mppe require
+    }
+}

The first version renders the following AccelPPP configuration:

[ppp]
mppe=None

Accel docs: https://accel-ppp.readthedocs.io/en/latest/configuration/ppp.html?highlight=mppe

Details

Difficulty level
Easy (less than an hour)
Version
1.3-rolling-202008260118
Why the issue appeared?
Design mistake
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects

Event Timeline

c-po changed the task status from Open to In progress.Aug 26 2020, 5:54 PM
c-po claimed this task.
c-po created this task.
Unknown Object (User) added a subscriber: Unknown Object (User).Aug 26 2020, 5:56 PM
c-po updated the task description. (Show Details)Aug 26 2020, 5:59 PM
c-po added a comment.Aug 26 2020, 6:01 PM

https://github.com/vyos/vyos-1x/commit/12f566f4566c8ef115b15f0c11280cb3ea9a7673

c-po closed this task as Resolved.Aug 26 2020, 6:01 PM
c-po reopened this task as Backport pending.
c-po triaged this task as Normal priority.
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.
c-po added a project: VyOS 1.2 Crux (VyOS 1.2.6).
c-po added a comment.Aug 26 2020, 6:04 PM

There can not be a config migrator, thus the setting will be changed to "prefer" (default) which will not break any client implementations

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Aug 26 2020, 6:08 PM
c-po moved this task from Needs Triage to In Progress on the VyOS 1.2 Crux (VyOS 1.2.6) board.
c-po closed this task as Resolved.Aug 26 2020, 6:10 PM
c-po moved this task from In Progress to Finished on the VyOS 1.2 Crux (VyOS 1.2.6) board.
pasik added a subscriber: pasik.Aug 27 2020, 7:34 AM
marekm added a subscriber: marekm.Oct 2 2020, 2:16 AM
In T2829#73944, @c-po wrote:

There can not be a config migrator, thus the setting will be changed to "prefer" (default) which will not break any client implementations

Actually it broke MikroTik PPPoE client (my home router) which disconnects with "No compression negotiated" error, still worked with 1.2.5 and 1.2.6-epa1 but not with 1.2.6-S1 until I added "set service pppoe-server ppp-options mppe 'deny'" to the config.

MPPE being old (and Microsoft...) is probably not considered secure anymore.

c-po reopened this task as In progress.Oct 4 2020, 10:48 AM
c-po mentioned this in T2959: PPPoE server has migrations scripts but the config version is not incrememnted.Oct 4 2020, 11:25 AM
c-po added a comment.Oct 4 2020, 4:36 PM

@marekm I've reproduced your issue and fixed it for 1.2.7 - Thanks for reporting.

c-po closed this task as Resolved.Oct 4 2020, 4:38 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 30 2022, 2:03 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.