Hi I am packaging the pptpd daemon and modified versions of the ppp package that include support for the Microsoft authentication and encryption. PPTP is a protocol for building VPNs between a PPTP server/firewall and PPTP clients (Win95, Win98, WinNT, Win2000, Linux, MacOS, ..). The clients get an IP address assigned from the server and are able to communicate with the internal LAN (behind the firewall) over an encrypted channel.
I am not sure if the packages can go into main or if they have to go into non-US. I think that pptpd could go into main as it only implements the PPTP protocol and leaves authentication and encryption up to pppd. It is ditributed under the GPL. Please look at http://www.moretonbay.com/vpn/pptp.html for more information. I looked over the code and could not find any encryption support, bur I wrote a mail to the author asking him about this. I hope to get an answer soon. The problem is pppd. For the data encryption (in my opinion the most important part of a VPN) pppd and the Linux kernel have to be patched. The patch can be found at http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff.gz This patch is applied to pppd and enables MSCHAPv2 and MPPE 40-128 bit RC4 encryption. However, to build the modified kernel, two files are needed which are not included in the patch. The files are 'rc4.h' and 'rc4_enc.c' and are included in ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz Is RC4 encryption a problem with the US export laws ? What about MD4 (it is used as well with mppe and mschap codes) ? Codes from the patched pppd include following: from chap_ms.c (examples): DesEncrypt(challenge, ZPasswordHash + 0, response + 0); DesEncrypt(challenge, ZPasswordHash + 7, response + 8); DesEncrypt(challenge, ZPasswordHash + 14, response + 16); or SHA1_Init(&Context); SHA1_Update(&Context, PeerChallenge, 16); SHA1_Update(&Context, AuthenticatorChallenge, 16); SHA1_Update(&Context, username, strlen(username)); SHA1_Final(Digest, &Context); DesEncrypt is implemented in extra_crypto.c (included in the same pppd patch) The additional files 'rc4.h' and 'rc4_enc.c' that are needed for patching the kernel ppp part have this license and I do not know if they qualify as DFSG-free software: /* lib/rc4/rc4_enc.c */ /* Copyright (C) 1995-1997 Eric Young ([EMAIL PROTECTED]) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young ([EMAIL PROTECTED]). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young ([EMAIL PROTECTED]) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ Please could somebody clarify if this software is DFSG-free and if it falls under US export laws. Thanks Rene