PPTP without encryption configuration

I tried every possible combination in /etc/ppp/options.pptpd to make tunnel with no encryption MPPE on ,but it won't work
I tried
require-chap
refuse-mschap-v2
refuse-mschap
refuse-eap
refuse-pap

It says negotiation failed
I am trying to connect from my android 8 as well with MPPE on and off
How to make connection using only chap with no MPPE
I used 2 articles to config server and client on openwrt

Removing encryption from PPTP makes it basically GRE:

I believe not .
I need connection which can work behind NAT without external IP address on one side ,
Can GTE do that ?

I think it is possible to make unencrypted connection , Zyxel firmware can do that, would be shame if I have to use their firmware instead of openwrt.
At the end it should be one port on one router connected to one port to another separated from work network, kinda DMZ

I think that you mix MPPE and CHAP meaning.

CHAP, MSCHAP, MSCHAP-V2 are protocols for sending password. Technically client and server send tokens and hashed password. No password was transfer over both machines.

MPPE is protocol encryption over GRE tunnel. You need to disable MPPE on server.

I know the meaning of these but I read that chap doesn't use encryption so if there is possibility to use mschap2 with no encryption I am in
The question is how to disable it in configuration of the server , like what do I have to write in the config file ,but anyway why chap doesn't work if it can work

Here is on ArchLinux:
https://wiki.archlinux.org/index.php/PPTP_server
therefore you need to remove this require-mppe-128 from /etc/ppp/options.pptpd

refuse-pap
#refuse-chap
refuse-mschap
#require-mschap-v2
#require-mppe-128

Doesn't help, connection unsuccessful
Maybe it works on Arch but not on openwrt

You must enable mschapv2.

Here is more info:

look in comments. Seems that you MUST enable MPPE too.

In fact, that's the default working PPTP server/client options on OpenWrt.

Yes they are default with encryption on
But I need maximum speed and no encryption
;(

I don't have any problems with this if the configuration is default with mschap2 and actually it works with MPPE only , but when I try to make it connected with chap only it doesn't work .
Chap can work with no encryption (no MPPE) ,but it doesn't work
And all I need to configure server and client the way it would work

Seems that Encryption is required.

About speed. RC4 encryption that is used on MPPE isn't slow.

Here is benchmark on OrangePi Zero - 1GHz/4cores:

  ARC4                     :      48984 KiB/s,          0 cycles/byte
  3DES                     :       4104 KiB/s,          0 cycles/byte
  DES                      :      11035 KiB/s,          0 cycles/byte
  AES-CBC-128              :      15950 KiB/s,          0 cycles/byte
  AES-CBC-192              :      13867 KiB/s,          0 cycles/byte
  AES-CBC-256              :      12321 KiB/s,          0 cycles/byte
  AES-XTS-128              :      13683 KiB/s,          0 cycles/byte
  AES-XTS-256              :      10831 KiB/s,          0 cycles/byte
  AES-GCM-128              :       7889 KiB/s,          0 cycles/byte
  AES-GCM-192              :       7337 KiB/s,          0 cycles/byte
  AES-GCM-256              :       6898 KiB/s,          0 cycles/byte
  AES-CCM-128              :       6938 KiB/s,          0 cycles/byte
  AES-CCM-192              :       6120 KiB/s,          0 cycles/byte
  AES-CCM-256              :       5536 KiB/s,          0 cycles/byte
  ChaCha20-Poly1305        :      19739 KiB/s,          0 cycles/byte
  CAMELLIA-CBC-128         :      13663 KiB/s,          0 cycles/byte
  CAMELLIA-CBC-192         :      10609 KiB/s,          0 cycles/byte
  CAMELLIA-CBC-256         :      10595 KiB/s,          0 cycles/byte
  ChaCha20                 :      28048 KiB/s,          0 cycles/byte
  BLOWFISH-CBC-128         :      19464 KiB/s,          0 cycles/byte
  BLOWFISH-CBC-192         :      19369 KiB/s,          0 cycles/byte
  BLOWFISH-CBC-256         :      19465 KiB/s,          0 cycles/byte

With speed of almost 49MBps it's fastest than everything else.

On x86:

  ARC4                     :     614310 KiB/s,          5 cycles/byte
  3DES                     :      31550 KiB/s,        108 cycles/byte
  DES                      :      75700 KiB/s,         45 cycles/byte
  AES-CBC-128              :     628398 KiB/s,          5 cycles/byte
  AES-CBC-192              :     575218 KiB/s,          5 cycles/byte
  AES-CBC-256              :     530374 KiB/s,          6 cycles/byte
  AES-XTS-128              :     493825 KiB/s,          6 cycles/byte
  AES-XTS-256              :     431153 KiB/s,          7 cycles/byte
  AES-GCM-128              :     223130 KiB/s,         15 cycles/byte
  AES-GCM-192              :     216002 KiB/s,         15 cycles/byte
  AES-GCM-256              :     209600 KiB/s,         16 cycles/byte
  AES-CCM-128              :     339657 KiB/s,         10 cycles/byte
  AES-CCM-192              :     318655 KiB/s,         10 cycles/byte
  AES-CCM-256              :     294662 KiB/s,         11 cycles/byte
  ChaCha20-Poly1305        :     283703 KiB/s,         12 cycles/byte
  CAMELLIA-CBC-128         :      99080 KiB/s,         34 cycles/byte
  CAMELLIA-CBC-192         :      76184 KiB/s,         44 cycles/byte
  CAMELLIA-CBC-256         :      76186 KiB/s,         44 cycles/byte
  ChaCha20                 :     398711 KiB/s,          8 cycles/byte
  BLOWFISH-CBC-128         :     107072 KiB/s,         31 cycles/byte
  BLOWFISH-CBC-192         :     107073 KiB/s,         31 cycles/byte
  BLOWFISH-CBC-256         :     107073 KiB/s,         31 cycles/byte

It's also fastest (honestly 2nd place) - over 600MBps.

So MPPE isn't reason to slow down your PPTP VPN connection.
And i don't see reason why to want to disable it.

I am not talking about encryption benchmark I am talking about efficiency of network , also my routers 400Mhz and I don't need to make them encrypt and decrypt , but the common reason low internet speed

Probably you can make PPTP without encryption on some old devices - like Android 2.X or 4.X.

But on current Android versions encryption is mandatory.

Yeah I thought about it , so I run Windows XP SP3 and there are all the options for pptp connection , no luck .

PPTP relies on GRE which often suffers from traffic shaping.
Meanwhile, you can disable encryption in OpenVPN with cipher none.
OpenVPN might give you better performance as it tunnels over TCP/UDP.

That is great but all the articles I read says pptp gives you best with no encryption anyway that is why I choose to try pptp , and now it is just anyway wtf I can't change options on this one , it is just a question now ,maybe I have to install pptp server with parameters no MPPE and it will work but there is no such thing I guess , and anyway I haven't seen a single article how to make pptp with no encryption all they say if you want no encryption just comment this section or add this parameter in config file etc , ffs I just need to make it so I can do tests and then I can try open VPN and test it too so I can see the deference for real ..

1 Like

There're too many factors including external ones that you can only try to mitigate.
Thus practical result is more important in this case, and testing different protocols is your best option.


PPTP on unstable internet connection - #15 by vgaetera

Currently I make all the settings directly wan(openwrt) to lan (winXP) with no internet and firewall accepted everything , works only with require-mschap-v2 every other settings no connection , and it pisses me off already hahah

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.