Red Hat Bugzilla – Bug 845112
pptp fails mppe in FIPS mode, request to document this
Last modified: 2012-09-17 18:24:16 EDT
Description of problem:
pptp/pppd fails to load the ppp_mppe module in FIPS mode. This is probably correct, as PPTP is broken and not even non-fips users should be using this.
But the error is not clear at all and it took me quite some time to pinpoint the cause.
Suggestion to add some text in /etc/ppp/options.pptp:
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use. Note that MPPE
# requires the use of MSCHAP-V2 during authentication)
+# If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module
+# is not allowed and PPTP-MPPE is not available.
pptp-1.7.2-17.fc18 has been submitted as an update for Fedora 18.
I've added commentary about this (and also about the particular insecurity of MS-CHAPv2) in options.pptp in F-18 and Rawhide, and also upstream.
I don't really think this warrants an update in F-17 though.
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pptp-1.7.2-17.fc18'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
pptp-1.7.2-17.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.