Bug 845112

Summary: pptp fails mppe in FIPS mode, request to document this
Product: [Fedora] Fedora Reporter: Paul Wouters <pwouters>
Component: pptpAssignee: Paul Howarth <paul>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: paul
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-17 22:24:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul Wouters 2012-08-01 19:51:44 UTC 
Description of problem:
pptp/pppd fails to load the ppp_mppe module in FIPS mode. This is probably correct, as PPTP is broken and not even non-fips users should be using this.

But the error is not clear at all and it took me quite some time to pinpoint the cause.

Suggestion to add some text in /etc/ppp/options.pptp:

 # Encryption
 # (There have been multiple versions of PPP with encryption support,
 # choose with of the following sections you will use.  Note that MPPE
 # requires the use of MSCHAP-V2 during authentication)
+# If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module
+# is not allowed and PPTP-MPPE is not available.
Comment 1 Fedora Update System 2012-08-31 10:15:52 UTC 
pptp-1.7.2-17.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/pptp-1.7.2-17.fc18
Comment 2 Paul Howarth 2012-08-31 10:20:33 UTC 
I've added commentary about this (and also about the particular insecurity of MS-CHAPv2) in options.pptp in F-18 and Rawhide, and also upstream.

I don't really think this warrants an update in F-17 though.
Comment 3 Fedora Update System 2012-08-31 16:01:30 UTC 
Package pptp-1.7.2-17.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pptp-1.7.2-17.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-13056/pptp-1.7.2-17.fc18
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2012-09-17 22:24:16 UTC 
pptp-1.7.2-17.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.