PPTP-Client Patches

This page documents the NetServers extensions to pptpclient, a free PPTP client for Linux developed by C. S. Ananian and many others. NetServers is distributing these extensions as freely available patches to pptpclient. They have been integrated into the latest CVS version of pptpclient, and will hopefully be in the next major release at some point.

Patch and documentation written by Chris Wilson for NetServers.


Introduction

The main goal of this patch is to support packet reordering, which allows packets to be received by the client out of order, and returns them to the correct order for pppd. The standard client will simply throw away out-of-order packets, with a log message like discarding out-of-order  seq is 1657 seqrecv is 1658.

Normally, out-of-order packets are very rare on the Internet. However, one ISP in Britain, NTL's cable modem service, reorders small packets ahead of large ones. This is probably supposed to make interactive sessions respond better when large downloads are in progress, but it also makes pptpclient almost unusable in some situations.

You can easily test this by running a command like 'ping -s 1510 1.2.3.4', where 1.2.3.4 is a host running pptpclient, on the other side of your tunnel, and 1510 is just higher than the MTU of the tunnel. This will cause a pattern of large-fragment small-fragment GRE packets to be sent to the other side. If the other side is an NTL cable modem, the small packets will almost always arrive before the large ones, and pptpclient will drop them.


Changes

We have added several new features to pptpclient:

Reduced Optimisation

Reduces the optimisation level (gcc's -O flag) to zero (none), to make debugging easier. This is optional.

Inclusion of pqueue.c and pqueue.h

Adds two new files, pqueue.c and pqueue.h, to the pptp executable. pqueue.c implements the packet queue used by the reordering code, and pqueue.h describes its public interface. The queue is implemented as a linked list. This is required for reordering.

Debugging Flag

Adds a new command-line option, --debug, to pptpclient. Currently, all this does it prevent pptpclient from going into the background. It also tidies up the indenting of the option-handling code in pptp.c. This is optional.

Daemon Mode

Calls the daemon(3) function to change the current directory and close the standard file descriptors. This prevents your shell from hanging open if you start pptpclient remotely and leave it running.

Queueing

Packets are added to the queue by decaps_gre if their sequence number is higher than expected, but within the window. The default window is defined as 30 packets.

Packets which are below the window (older than the most recent packet read) or above the window (too far ahead) are discarded, to protect against denial-of-service attacks.

Dequeueing

The new function dequeue_gre retrieves packets from the head of the queue which are:
  1. Next in sequence (unwrapped or wrapped)
  2. Older than five seconds (assuming that the intermediate packets have been lost by the network).
The function will continue to read packets from the head of the queue until it finds one which doesn't match these criteria, and then stop.

Limitations

There are some limitations with this patch:

Download

The latest version of our code will always be available in pptpclient's own CVS. You can find instructions to download it here:

Please be aware that the CVS contains the very latest version of the software, and as such has not been extensively tested.

The version used in our FireRack firewalls is the CVS tree from 16/08/2002. You can download a patch below which contains all our code, and a few changes by other developers. This patch applies to the last stable release of pptpclient, version 1.1.0, and upgrades to to that CVS version.