Rant: PPTP s**cks!

[VinzC]

Hi.

In two years I've been using Linux this is the only one application that drove mad that way. I've never succeeded in understanding how to make it work, why it did work all of a sudden and why it doesn't work anymore now I've done a major upgrade of my server.

I know, you might ask: why the hell did you upgrade? Because I was confident enough to believe all my problems were now gone!

I've installed pptp/ppp on a Gentoo server that I would have liked to use for VPN. It is behind a firewall that I setup to accept TCP packets on port 1723. It worked perfectly until today after I did an emerge -avuD world. Brand new baselayout, new pptp/pppd aso. Nothing works anymore (connections time out and are reaped on the server side), not even from Windows clients - the top of it!

I remember having spent hours and days understanding why it didn't work, tweaking its configuration files, recompiling kernel, adding/removing modules, following the troubleshooting steps about GRE and LCP time-outs - no suggested steps worked. One day, all of a sudden (probably after a world upgrade) it started to work! Probably pppd version 2.4.3-something. But now I've reverted to pppd-2.4.3-r16 it still doesn't work, not even from Windows clients, although it used to! Go figure...

This application is by far the most frustrating I've ever had to use in the Linux world. Too bad this is the only one compatible with Windows VPN client. I'm considering OpenVPN, which is far more stable across several releases - I've tested it many times. I've spent more time trying to defeat PopTop than using it. I've been defeated.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!

[moocha]

I feel your pain. I'm fairly sure I'm coming back as a cockroach judging by the nice thoughts I've sent to the PPTP designers over the years.
If you have the option, I implore you to go with OpenVPN. It's not the panaceum and does have its tricky spots (mss-fix nightmare anyone? ) but if you're not on a low quality link, it's rock solid and much, much easier to maintain. Not as easy to deploy at first since it doesn't have a smooth Windows integration (the TAP driver isn't signed, for one, so it's a female dog to install from a remote desktop due to the Windows bug^H^H^Hfeature where the "are you sure you want to install an unsigned driver" dialog comes up in session 0 which isn't the remote session) - but it does wonders for your sanity in complex networking scenarios.
I've given up on PPTP completely. Not worth it.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin

[VinzC]

[moocha]

[moocha]

Example of abovementioned userside pain: https://forums.gentoo.org/viewtopic-t-528404.html
Happy new year, by the way .
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin

[VinzC]

Argh, I've been discovered! ...

But I see you went through all these steps too. You know, I wouldn't be able to sleep without having investigated every possible direction - should it be to give up this one in favor of OpenVPN.

I wish you a happy new year, too .
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!

[moocha]

Nod, I hope you manage to figure it out .
Good luck, and all the best.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin

[VinzC]

Good, I managed to make openswan work when connecting from Windows XP through NAT. Let's wait and see if it breaks with updates.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!