> -----Original Message-----
> From: lwip-users
> On Behalf Of Sylvain Rochet
> Sent: Thursday, 11 August 2016 18:34
> On Wed, Aug 10, 2016 at 07:49:03PM -0400, Patrick Klos wrote:
> >
> > but if I remember correctly, the sequence of PPP negotiations is LCP
> > (which negotiates if/which authentication protocol will be used),
> > followed by authentication (if any), followed by other negotiations
> > (IPCP, CCP, etc). If that's correct, then you won't have to enable
> > CCP (and/or MPPE) until after your LCP state machine reaches the
> > Opened state, so you'd know by then if MSCHAPv2 was negotiated or not?
> >
> > I can't say what the implications would be with the LwIP PPP as I
> > haven't used it.
>
> The problem here is that MSCHAPv2 have to prepare keys for MPPE since
> MPPE keys are derived from MSCHAPv2 challenge hashes, therefore MPPE
> must currently be enabled before MSCHAPv2 authentication start.
>
> We could argue whether we should always prepare keys even if MPPE is not
> enabled, which would add useless CPU cycles for users which built MPPE
> support but are actually not using it, but anyway, user is not supposed
> to change PPP options once the session is started :-)
I don't think it makes sense to generate the MPPE keys _always_. I hate wasting CPU cycles as much as anybody. I think my use case is somewhat special and I wouldn't want to burden everyone else with it. I'll figure out something else.
> > > Or is even that poor practice to change LCP options in the middle of the
> > > negotiation?
> >
> > CCP (where MPPE would be negotiated) is completely independent of LCP.
> > None of your LCP options would have to change once you've gotten to
> > the LCP Opened state. Once LCP finishes, you'll know if you've
> > negotiated MSCHAPv2 and if you even need to enable CCP (and MPPE)
> > negotiations.
>
> I can confirm that, LCP options are probably not going to change once
> authentication is started. I'm quite sure the protocol does not disallow
> renegotiating some options later, but obviously no one does that, I
> can't see any use case for wanting to do that either.
Agreed. Reading some documentation, I think LCP renegotiation is not disallowed -- but agree that it probably never happens in practice.
> Anyway, I think Greg is just thinking that MPPE is a LCP option, while
> obviously it is not, that's all :)
Yes, I did mean CCP, not LCP. Sorry for that gaffe and thanks to you both for the correction. (Too many acronyms for this noob!)
-- G
This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com