Lion 10.7.4 PPTP VPN MPPE Issues
Hey people,
I recently upgraded my server from Snow Leopard Server to Lion Server, and updated to 10.7.4. I know Lion Server didn't offer a GUI for PPTP configuration before 10.7.3, but after the update I figured I'd give it a shot. I kinda wish I hadn't.
I've setup VPN through the Server app, basically leaving all the settings to their default. I'm trying to connect to the server locally, so I know port forwarding isn't the issue. I only want to get PPTP working; since one of the L2TP ports is the same as the Back to my Mac through iCloud port (I think it's 4500 or something), I wanted to go with the PPTP so I could also have Back to my Mac (don't ask why I want both).
Anyway, the issue is in connecting to the server locally, I get an error in the log file about how MPPE is required, but keys are not available. I know what MPPE is, and even followed the support doc from http://support.apple.com/kb/TS4241, but it didn't help. Client-side, I'm getting the error "A connection could not be established to the PPP server. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."
I've copied the log file below. Please let me know if I missed any information; I'm in a bit of a rush and had to type this quickly. Any help is always appreciated. Thanks!
2012-05-13 14:29:57 EDT Incoming call... Address given to client = 192.168.1.229
Sun May 13 14:29:57 2012 : Directory Services Authentication plugin initialized
Sun May 13 14:29:57 2012 : Directory Services Authorization plugin initialized
Sun May 13 14:29:57 2012 : PPTP incoming call in progress from '192.168.1.13'...
Sun May 13 14:29:57 2012 : PPTP connection established.
Sun May 13 14:29:57 2012 : using link 0
Sun May 13 14:29:57 2012 : Using interface ppp0
Sun May 13 14:29:57 2012 : Connect: ppp0 <--> socket[34:17]
Sun May 13 14:29:57 2012 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x76ed810> <pcomp> <accomp>]
Sun May 13 14:29:57 2012 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x12cb3fcd> <pcomp> <accomp>]
Sun May 13 14:29:57 2012 : lcp_reqci: returning CONFACK.
Sun May 13 14:29:57 2012 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x12cb3fcd> <pcomp> <accomp>]
Sun May 13 14:29:57 2012 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x76ed810> <pcomp> <accomp>]
Sun May 13 14:29:57 2012 : sent [LCP EchoReq id=0x0 magic=0x76ed810]
Sun May 13 14:29:57 2012 : sent [CHAP Challenge id=0x11 <401c36015b2e670f22256c5d415e0a60>, name = "mac-mini-server.local"]
Sun May 13 14:29:57 2012 : rcvd [LCP EchoReq id=0x0 magic=0x12cb3fcd]
Sun May 13 14:29:57 2012 : sent [LCP EchoRep id=0x0 magic=0x76ed810]
Sun May 13 14:29:57 2012 : rcvd [LCP EchoRep id=0x0 magic=0x12cb3fcd]
Sun May 13 14:29:57 2012 : rcvd [CHAP Response id=0x11 <30ed187d21d0e87dd09b414cc535a12f0000000000000000622d557cb34e3baba02fdf3979d3e4 eef774f2c5192d667d00> , name = "Matt"]
Sun May 13 14:29:57 2012 : DSAuth plugin: unsupported authen authority: recved ShadowHash;HASHLIST:<SALTED-SHA512,SMB-NT,CRAM-MD5,RECOVERABLE>, want ApplePasswordServer
Sun May 13 14:29:57 2012 : sent [CHAP Success id=0x11 "S=275C80AAE3A93F8EAEBCC5D14D79D9692DC925AD M=Access granted"]
Sun May 13 14:29:57 2012 : CHAP peer authentication succeeded for Matt
Sun May 13 14:29:57 2012 : DSAccessControl plugin: User 'Matt' authorized for access
Sun May 13 14:29:57 2012 : MPPE required, but keys are not available. Possible plugin problem?
Sun May 13 14:29:57 2012 : sent [LCP TermReq id=0x2 "MPPE required but not available"]
Sun May 13 14:29:57 2012 : Connection terminated.
Sun May 13 14:29:57 2012 : Connect time 0.0 minutes.
Sun May 13 14:29:57 2012 : Sent 0 bytes, received 0 bytes.
Sun May 13 14:29:57 2012 : PPTP disconnecting...
Sun May 13 14:29:57 2012 : PPTP disconnected
Well, it's been a few days and with no response I thought I'd look for another solution. I've been trying this software called iVPN, apparently it's like a front-end to OS X's built-in VPN server. Anyway, I disabled the VPN Server from the Server app, turned on iVPN and was VPN-ing from my iPhone over 3G in notime. It's a great app, though it kinda ***** that the server can't do what it's built to do. Since VPN was the big reason I got Server in the first place, I'll probably uninstall it and stick with OS X's built-in file sharing and iVPN.
Similar Messages
-
NETWORKING: PPTP vpn routing issue.
I tried this on many MACs since 10.4 till my actual 10.8.2.
PPTP connection against atipical subnet 192.168.0.0/23.
The RAS server has a 192.168.1.71 wich is the gateway for the destination 192.168.1.0/24 in my routing table.
The Apple client can only connect to 192.168.1.0/24 subnet, while in the remote 192.168.0.0/23 includes 192.168.0.1-192.168.1.254.
If i manually add the route 192.168.0.0/24 192.168.1.71 it works like a charm.
No matter to say it is a Windows PPTP RAS and that no Windows client of any version (XP-8) has this networking issue.
By now, i'm using a little bash script i send to ppl using MAC that need to connect to the vpn, that adds the route.
Thanks in advance, any help will be highly appreciated!Just hold comments on this one for the moment. I have stripped the config completely (including not having a Management Interface) and it is working now. Need to test further and get the config back to what it should be.
-
Has anyone got PPTP VPN to work on Lion Server?
Has anyone got PPTP VPN to work on Lion Server?
I had a go with the terminal commnds posted by apple support but no joy. Since then Apple has pulled the suport article - is it because it didn't work?
I get PPTP is less secure but PPTP seems to be more reliable don't know whey they can't keep as GUI. I've got them both running on our 10.4 server and L2TP stoped allowing connections for no reason PPTP was still working L2TP started working again on its own. Plus L2TP drops my connection when I connect with a 2nd device e.g connected with my Macbook connect with my iPhone (different username) it drops my Macbook.
Any advice getting PPTP to work on Lion Server would be appreciated
Thanks
BenHi,
I have posted a bugreport on this issue to Apple. Currently (10.7.2) it is not possible to run PPTP on any Mac OS X Server when using a 10.7 Server as Directory Server.
I have tried 'everything', but the MPPE encryption mechanism seems to be broken.
Edit: I see now that the bugreport is filed as a duplicate to an older case, which is now closed. I hope this means they have found the problem and will release a fix in the next update. -
Configuration:
Local Client: Macbook Pro 8,1 (Dual boot 10.8.2 & Windows 7 x64)
Local WLAN AP: WiFi dual band access points (I do not have admin access to)
ISP: TWC Road Runner
External VPN Server: Poptop PPTPD server v1.3.4 (I do have admin access to)
Problem:
There is a Macbook BCM4331 driver incompatibility that spans across both OS X and Windows 7 when connecting to a PPTP VPN through a local dual band access point.
The same Macbook (booted into either OS X 10.8 or Windows 7) cannot maintain a ping/connection to the PPTP server when connected to a local dual band (2.4GHZ/5GHZ) WiFi access point.
Macbook connects and remains connected to the PPTP server (as shown in connection status,) but no traffic will pass through VPN once the connection has "dropped" internet traffic. Flood ping to the VPN server initially replies with expected <30ms ping time. Once internet traffic is passed across VPN, ping fails and traffic stops completely.
• Any other wifi client machines & OS using same dual band AP can connect to VPN and maintain flood ping to PPTP server and pass all traffic or even split tunnel. I've tested different computers using Windows XP, Windows 7, Android 4.1, iOS 6.0.1 etc. No problems at all.
• Macbook can maintain flood ping and pass traffic to PPTP server when connected to a different standard 2.4GHZ access point.
• Macbook can maintain flood ping and pass traffic to PPTP server when connected via Ethernet on same LAN as dual band AP's.
• Macbook can maintain connection/ping by disabiling MPPE encryption on the PPTP server. Running an unencrypted VPN is not an option for me however.
• Macbook can maintain connection/ping whenn booted into Windows 7 natively and disabling 2.4 band through Device Manager > Advanced tab > Disable bands > "Disable 802.11g/b".
To fix this problem, I would propose that Apple allow OS X users to disable 2.4GHZ in OS X. Doing so should allow PPTP + MPPE when connected via dual band routers as it does in Windows 7. I think asking them to rewrite the driver for OS X & Windows 7 is asking too much.
Credits:
I have been through so many forums, reconfigured the Macbook, the PPTP server, reformatted, tested and tweaked until my eyes bled. Here is a collection of threads of others with similar problems:
https://discussions.apple.com/thread/2778039?start=120&tstart=0
https://discussions.apple.com/thread/3202997?start=0&tstart=0
https://discussions.apple.com/thread/2136112?start=15&tstart=0
http://forums.macrumors.com/showthread.php?t=196438
https://discussions.apple.com/thread/2132652?start=0&tstart=0
http://comments.gmane.org/gmane.network.poptop/2373
https://discussions.apple.com/thread/1623154?start=0&tstart=0
https://discussions.apple.com/message/12514921?messageID=12514921#12514921
http://forums.macrumors.com/showthread.php?t=1101053
http://forums.macrumors.com/showthread.php?t=415087
https://discussions.apple.com/thread/1346301?start=0&tstart=0
https://discussions.apple.com/thread/2197122?start=0&tstart=0I haven't heard anything back yet. I will update if I do.
Being that Apple takes pride in selling their own computers and writing their own drivers & software to match, the Macbook with OS X 10.8 should be a super polished, finely tuned machine. It's aggravating when I can't do relatively simple things which I can do on any other device & OS:
If you've read the first post, you know it's not possible to pass PPTP + MPPE on the Macbook Pro 8,1 with OS X 10.6+ or Windows 7 when connected to a dual band AP.
OS X also imposes a 130mbps limit on the 2.4Ghz band. I have no problems connecting @ 450mbps on 2.4Ghz with Windows 7. The range is much better than 5Ghz as expected when there aren't any neighboring AP's for interference. I've also never received interference with Bluetooth devices.
There have been a couple times where some things don't plain work right and the flexibility to fix them as an "Apple knows better than the user" policy is restricted. In most cases, perhaps Apple does know better. In this case, there is definitely a problem with the BCM4331 driver. If it "just worked" this topic wouldn't have been created. -
Hi.
We have just setup a SA520 at a customer location. It is running firmware version 1.1.65.
It seems to be operating fine, except PPTP VPN.
Looking at the log from the SA520 it forwards port 1723 and 500 to the correct PPTP server in the network. But it seems like this machine it not receiving the PPTP VPN request.
On the server is also running a FTP service which works fine - so the server is alive.
Is there something about we also need to use GRE (Protocol 47) when using PPTP? We have looked everywhere in the SA520, but can't find it.
Any help appreciated, thanks!
/Ulrik
Attached: SA520-log, PPTP-server-log, Firewall-rules.Hi Federico.
I also believe GRE must be used to establish the PPTP connection, but it is not listed as a service under firewall rules or anywhere else in the SA520.
The reason to open port 500 was because we could see a request to the port, when we were trying to connect. It doesn't change anything if the port is open or not.
I don't think it establish the PPTP tunnel at all. The receiving server is just listening for connections as the screenshot of the log shows. It doesn't indicate an established connection.
I am pretty sure GRE is the problem, but they big question is how do enable it in the SA520.
/Ulrik -
Trouble about vpn connecting (PPTP VPN did not respond)
I am new in mac. These days I have searched a lot on line for the solution to this problem but none fixed it. So....
Our lab only have an instruciton for connecting vpn under windows and I succeeded to do this by following this in windwos 7.
There is a host name instead of ip address in the instruciton and I think that should not be the problem.
And in the protocol of TCP/IP property settings, the user was asked to Remove the tick before “Use default gateway on remote network”. Besides, in the instruction, it sets to obtain the IP address and DNS address automatically, so that I do not have such inforamtion about the server of our lab.
In my new macbook pro (Mac ox lion 10.7.3), I did the following things:
1. in system properties->network, Select the + button at the bottom left of the screen to add a new connection.
2. Select the following:
a. Interface: VPN
b. VPN Type: PPTP
c. Service Name: SAS VPN
d. Select Create.
3. Configuration: default
server address: host name “xxx.xx.xxxx.xx”
account name: (I am sure there is no error in this)
encryptiong: none
4. click Authorization settings to input the password.
5. Click the Advanced button. and Select Options. Verify Send all traffic over VPN connection is checked. (and is not checked ) (I tried both, none of them worked). About the other seetings.
6. On the TCP/IP tab, set "Configure IPv4" to "Using PPP." So I can not input the DNS server information.
7. click apply and then try to connect.
However, it returned me an error said " PPTP-VPN server did not respond. Try to reconnect. If that continues....."
I think there are lots of experts in mac os x. Can anyone here help me with this? Thanks a lot in advance!>> encryptiong: none
I found out, that you NEED the encryption in Lion Server VPN.
I understand, that you use Lion Server as you mention the problem here in the Lion Server section.
I do the following: Install the "Admin Tool VPN" from App-Store for some Euros. Than I found section PPTP and there is a check for
a) Active
b) Compression and Encryption
I take the check for b) out and restart (Off / On), took my XP-Notebook and connected via PPTP and all working!
Since Lion Apple hide a lot of things from the official tools and if you have some special tools, you can activate function. There is
Level 1, the userlevel: Something like Dashboard in the new MS-Servers or the Server App in the new Lion Server
Level 2, the administrator level: The difference between Server App and Server Admin! The Server Tools you need download separatly as you know after a while, something is missing. Same with the new Airport Utility: Userlevel tool = AU 6.0 with grafical fun and some basics, AU 5.6 is the tool for the admin what you separtly need download.
Level 3, the special deeper view: Typically it is the command line interface, CLI, but if you need some GUI (grafical user interface), you buy an App like Admin VPN Tool and this tool (App for some Euros) in real does nothing else than comfortably set some inside switches and flags that the offical GUI admin tools not have realized.
Why?
Oh, I think it's because security issues. You want the Mac Server become like a Microsoft Server? So, you shouldn't use not encrypted connections and that's (in my understanding) the reason why the Lion Server EXPECTS YOU to use encryption and the official tools not give you the oportunity to switch the encryption off! -
[Solved] NetworkManager-pptp VPN not working after update to 0.9.10
Hello,
I have a PPTP VPN set up and it's been working for a long time. However, after I updated last night to networkmanager-0.9.10, it is no longer able to connect to the remote network. I can activate the VPN connection, enter my password, but after a short period of time, the connection reports: "Error: Connection activation failed: the VPN service returned invalid configuration." As I mentioned before, this VPN was working right before the update and I didn't change the configuration on either my computer or the destination network so I'm pretty sure that this is something to do with the update. I'm wondering if anybody else has run into this problem and if they've been able to find a solution. I've been searching all over these forums and the internet for some hours now and I haven't found anything yet. I'm hoping that somebody might be able to point me in the right direction or maybe know of something that might have changed with the new update.
Here is my VPN configuration (using NetworkManager-PPTP. I've also obscured the public IP address):
[connection]
id=MyVPN
uuid=fe6e6265-1a79-4a69-b6d1-8b47e9d4c948
type=vpn
permissions=user:greyseal96:;
autoconnect=false
timestamp=1408950986
[vpn]
service-type=org.freedesktop.NetworkManager.pptp
gateway=192.168.146.114
require-mppe=yes
user=greyseal96
password-flags=3
[ipv6]
method=auto
[ipv4]
method=auto
route1=10.17.0.0/16,10.17.1.1,1
never-default=true
Here are my logs during the time that I tried to connect:
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> Starting VPN service 'pptp'...
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 1938
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' appeared; activating connections
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN plugin state changed: starting (3)
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: pppd started with pid 1945
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (Connect) reply received.
Aug 24 23:44:21 MyArchBox pppd[1945]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
Aug 24 23:44:21 MyArchBox pppd[1945]: pppd 2.4.6 started by root, uid 0
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Aug 24 23:44:21 MyArchBox pppd[1945]: Using interface ppp0
Aug 24 23:44:21 MyArchBox pppd[1945]: Connect: ppp0 <--> /dev/pts/2
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Using interface ppp0
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Connect: ppp0 <--> /dev/pts/2
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 10)
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/9
Aug 24 23:44:21 MyArchBox pptp[1947]: nm-pptp-service-1938 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 50048).
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 6 / phase 'authenticate'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): passwd-hook, requesting credentials...
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): got credentials from NetworkManager-pptp
Aug 24 23:44:25 MyArchBox pppd[1945]: CHAP authentication succeeded
Aug 24 23:44:25 MyArchBox NetworkManager[578]: CHAP authentication succeeded
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE 128-bit stateless compression enabled
Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE 128-bit stateless compression enabled
Aug 24 23:44:25 MyArchBox pppd[1945]: Cannot determine ethernet address for proxy ARP
Aug 24 23:44:25 MyArchBox pppd[1945]: local IP address 10.17.10.3
Aug 24 23:44:25 MyArchBox pppd[1945]: remote IP address 10.17.10.1
Aug 24 23:44:25 MyArchBox pppd[1945]: primary DNS address 10.17.2.22
Aug 24 23:44:25 MyArchBox pppd[1945]: secondary DNS address 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN Gateway: 192.168.146.114
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Tunnel Device: ppp0
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> IPv4 configuration:
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Address: 10.17.10.3
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Prefix: 32
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Point-to-Point Address: 10.17.10.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Maximum Segment Size (MSS): 0
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Static Route: 10.17.0.0/16 Next Hop: 10.17.1.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Forbid Default Route: yes
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal DNS: 10.17.2.22
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal DNS: 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> DNS Domain: '(none)'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> No IPv6 configuration
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.481618] [platform/nm-linux-platform.c:1716] add_object(): Netlink error adding 10.17.0.0/16 via 10.17.1.1 dev ppp0 metric 1 mss 0 src user: Unspecific failure
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <warn> VPN connection 'MyVPN' did not receive valid IP config information.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Cannot determine ethernet address for proxy ARP
Aug 24 23:44:25 MyArchBox NetworkManager[578]: local IP address 10.17.10.3
Aug 24 23:44:25 MyArchBox NetworkManager[578]: remote IP address 10.17.10.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: primary DNS address 10.17.2.22
Aug 24 23:44:25 MyArchBox NetworkManager[578]: secondary DNS address 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 9 / phase 'running'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): ip-up event
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): sending Ip4Config to NetworkManager-pptp...
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: PPTP service (IP Config Get) reply received.
Aug 24 23:44:25 MyArchBox pppd[1945]: Terminating on signal 15
Aug 24 23:44:25 MyArchBox pppd[1945]: Modem hangup
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Aug 24 23:44:25 MyArchBox pppd[1945]: Connect time 0.0 minutes.
Aug 24 23:44:25 MyArchBox pppd[1945]: Sent 0 bytes, received 0 bytes.
Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE disabled
Aug 24 23:44:25 MyArchBox pppd[1945]: Connection terminated.
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox NetworkManager[578]: inet 10.17.0.0/16 table main
Aug 24 23:44:25 MyArchBox NetworkManager[578]: priority 0x1 protocol static
Aug 24 23:44:25 MyArchBox NetworkManager[578]: nexthop via 10.17.1.1 dev 10
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487073] [platform/nm-linux-platform.c:2252] link_change(): Netlink error changing link 10: <DOWN> mtu 0 (1) driver 'unknown' udi '/sys/devices/virtual/net/ppp0': No such device
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487153] [platform/nm-linux-platform.c:1777] delete_object(): Netlink error deleting 10.17.10.3/32 lft forever pref forever lifetime 1862-0[4294967295,4294967295] dev ppp0 src kernel: No such device (-31)
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: Terminated ppp daemon with PID 1945.
Aug 24 23:44:25 MyArchBox kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev- instead.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Terminating on signal 15
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Modem hangup
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connect time 0.0 minutes.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Sent 0 bytes, received 0 bytes.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE disabled
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 10 / phase 'terminate'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connection terminated.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
Aug 24 23:44:25 MyArchBox pppd[1945]: Exit.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** (nm-pptp-service:1938): WARNING **: pppd exited with error code 16
Aug 24 23:44:45 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' disappeared
If you've gotten this far, thank you for taking the time to read through all this! Any help that you can give would be much appreciated.
Last edited by greyseal96 (2014-08-27 15:20:02)Hmm, not sure about the 3.16 series kernel, but I found that when I upgraded to kernel 3.18 the PPTP VPN also stopped working. This time, though, it was because, for some reason, there was a change in kernel 3.18 where the firewall kernel modules necessary for the VPN don't get loaded so the firewall won't allow some of the PPTP traffic from the remote side back in. Since the firewall is stateful, these modules need to be loaded so that the firewall can know that the incoming PPTP traffic from the remote side is part of an existing connection. Here's what my network manager logs looked like:
NetworkManager[619]: <info> Starting VPN service 'pptp'...
NetworkManager[619]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 31139
NetworkManager[619]: <info> VPN service 'pptp' appeared; activating connections
NetworkManager[619]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
NetworkManager[619]: <info> VPN plugin state changed: starting (3)
NetworkManager[619]: ** Message: pppd started with pid 31148
NetworkManager[619]: <info> VPN connection 'MyVPN' (Connect) reply received.
pppd[31148]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
NetworkManager[619]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
pppd[31148]: pppd 2.4.7 started by root, uid 0
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
pppd[31148]: Using interface ppp0
pppd[31148]: Connect: ppp0 <--> /dev/pts/5
NetworkManager[619]: Using interface ppp0
NetworkManager[619]: Connect: ppp0 <--> /dev/pts/5
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
NetworkManager[619]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 7)
NetworkManager[619]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/6
pptp[31150]: nm-pptp-service-31139 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 25344).
pppd[31148]: LCP: timeout sending Config-Requests <===HERE IS WHERE THE CONNECTION FAILS BECAUSE THE MODULES AREN'T LOADED.
pppd[31148]: Connection terminated.
NetworkManager[619]: LCP: timeout sending Config-Requests
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
NetworkManager[619]: Connection terminated.
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
pppd[31148]: Modem hangup
pppd[31148]: Exit.
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: Modem hangup
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: <info> VPN plugin state changed: stopped (6)
NetworkManager[619]: <info> VPN plugin state change reason: unknown (0)
NetworkManager[619]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
NetworkManager[619]: ** (nm-pptp-service:31139): WARNING **: pppd exited with error code 16
NetworkManager[619]: <info> VPN service 'pptp' disappeared
To fix this, I had to add a file to the /etc/modules-load.d directory to have the modules loaded into the kernel at boot. I just created a file called netfilter.conf and put the following in it:
nf_nat_pptp
nf_conntrack_pptp
nf_conntrack_proto_gre
Not sure if this addresses your problem or not, but maybe it's worth a look. -
How to configure Multiple PPTP VPN Clients on cisco 3g supported Router
I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
here is the config for the one that works:
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip xxx.xxx.xxx.xxx
interface Dialer0
mtu 1450
ip address negotiated
ip pim dense-mode
ip nat outside
ip virtual-reassembly
zone-member security private
encapsulation ppp
ip igmp query-interval 125
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap-v2 ms-chap eap chap pap callin
ppp eap refuse
ppp chap hostname xxx@xxx
ppp chap password 7 xxxpassword
But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
here is the config for the one that works:
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip xxx.xxx.xxx.xxx
interface Dialer0
mtu 1450
ip address negotiated
ip pim dense-mode
ip nat outside
ip virtual-reassembly
zone-member security private
encapsulation ppp
ip igmp query-interval 125
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap-v2 ms-chap eap chap pap callin
ppp eap refuse
ppp chap hostname xxx@xxx
ppp chap password 7 xxxpassword
But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available. -
Help needed to connect to remote PPTP VPN via PIX 515e
Hello,
A user in our office needs to connect to a client's remote PPTP VPN but can't connect. The user is running Windows 7. We have a Cisco PIX 515e firewall that is running PIX Version 6.3(3) - this is what our user is having to go through to try and make the connection to the client's remote VPN.
The client's network guys have come back and said the issue is at our side. They say that they can see some of our traffic but not all of it. The standard error is shown below, and they say it's symptomatic of the client-side firewall not allowing PPTP traffic:
"A connection between the VPN server and the VPN client XXX.XXX.XXX.XXX has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets."
I have very little firewall experience and absolutely no Cisco experience I'm afraid. From looking at the PIX config I can see the following line:
fixup protocol pptp 1723.
Does this mean that the PPTP protcol is enabled on our firewall? Is this for both incoming and outgoing traffic?
I can see no reference to GRE 47 in the PIX config. Can anyone advise me what I should look for to see if this has been enabled or not?
I apologise again for my lack of knowledge. Any help or advice would be very gratefully received.
RosHi Eugene,
Thank you for taking the time to reply to me. Please see our full PIX config below. I've XX'd out names and IP addresses as I'm never comfortable posting those type of details in a public forum. I hope that the information below is still sufficient for you.
Thanks again for your help,
Ros
PIX(config)# en
Not enough arguments.
Usage: enable password [] [level ] [encrypted]
no enable password level
show enable
PIX(config)# show config
: Saved
: Written by enable_15 at 10:30:31.976 GMT/BDT Mon Apr 4 2011
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security10
enable password XXX encrypted
passwd XXX encrypted
hostname PIX
domain-name XXX.com
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name XX.XX.XX.XX Secondary
access-list outside_access_in permit tcp XX.XX.XX.XX 255.255.255.240 host XX.XX.XX.XX eq smtp
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq https
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 993
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 587
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 82
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 8082
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.0.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl deny udp any any eq 135
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_40 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_60 permit ip any XX.XX.XX.XX 255.255.255.0
access-list USER1 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_10 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_20 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_30 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_50 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_70 permit ip any XX.XX.XX.XX 255.255.0.0
access-list USER2 permit ip any XX.XX.XX.XX 255.255.255.0
access-list USER3 permit ip any XX.XX.XX.XX 255.255.255.0
access-list USER4 permit ip any XX.XX.XX.XX 255.255.0.0
pager lines 24
logging on
logging host inside XX.XX.XX.XX
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip address outside XX.XX.XX.XX 255.255.255.248
ip address inside XX.XX.XX.XX 255.255.255.0
no ip address DMZ
ip audit info action alarm
ip audit attack action alarm
pdm location XX.XX.XX.XX 255.255.255.255 inside
pdm location XX.XX.XX.XX 255.255.0.0 outside
pdm location XX.XX.XX.XX 255.255.255.0 outside
pdm logging debugging 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX 1
route inside XX.XX.XX.XX 255.255.0.0 XX.XX.XX.XX 1
timeout xlate 3:00:00
timeout conn 2:00:00 half-closed 0:30:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
ntp authenticate
ntp server XX.XX.XX.XX source outside prefer
http server enable
http XX.XX.XX.XX 255.255.0.0 outside
http XX.XX.XX.XX 255.255.255.0 outside
http XX.XX.XX.XX 255.255.255.255 inside
snmp-server host inside XX.XX.XX.XX
no snmp-server location
no snmp-server contact
snmp-server community XXX
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map cola 20 set transform-set ESP-3DES-MD5
crypto dynamic-map dod 10 set transform-set ESP-3DES-MD5
crypto map outside_map 10 ipsec-isakmp dynamic cola
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer XX.XX.XX.XX
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 25 ipsec-isakmp
crypto map outside_map 25 match address USER1
crypto map outside_map 25 set peer XX.XX.XX.XX
crypto map outside_map 25 set transform-set ESP-3DES-MD5
crypto map outside_map 30 ipsec-isakmp
crypto map outside_map 30 match address outside_cryptomap_30
crypto map outside_map 30 set peer XX.XX.XX.XX
crypto map outside_map 30 set transform-set ESP-3DES-MD5
crypto map outside_map 40 ipsec-isakmp
crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set peer XX.XX.XX.XX
crypto map outside_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 50 ipsec-isakmp
crypto map outside_map 50 match address outside_cryptomap_50
crypto map outside_map 50 set peer XX.XX.XX.XX
crypto map outside_map 50 set transform-set ESP-3DES-MD5
crypto map outside_map 60 ipsec-isakmp
crypto map outside_map 60 match address outside_cryptomap_60
crypto map outside_map 60 set peer XX.XX.XX.XX
crypto map outside_map 60 set transform-set ESP-3DES-MD5
crypto map outside_map 70 ipsec-isakmp
crypto map outside_map 70 match address outside_cryptomap_70
crypto map outside_map 70 set peer XX.XX.XX.XX
crypto map outside_map 70 set transform-set ESP-3DES-MD5
crypto map outside_map 75 ipsec-isakmp
crypto map outside_map 75 match address USER4
crypto map outside_map 75 set peer XX.XX.XX.XX
crypto map outside_map 75 set transform-set ESP-3DES-MD5
crypto map outside_map 80 ipsec-isakmp
crypto map outside_map 80 match address USER2
crypto map outside_map 80 set peer XX.XX.XX.XX
crypto map outside_map 80 set transform-set ESP-3DES-MD5
crypto map outside_map 90 ipsec-isakmp
crypto map outside_map 90 match address USER3
crypto map outside_map 90 set peer XX.XX.XX.XX
crypto map outside_map 90 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet XX.XX.XX.XX 255.255.0.0 outside
telnet XX.XX.XX.XX 255.255.255.255 inside
telnet XX.XX.XX.XX 255.255.255.255 inside
telnet XX.XX.XX.XX 255.255.255.255 inside
telnet timeout 30
ssh XX.XX.XX.XX 255.255.255.248 outside
ssh XX.XX.XX.XX 255.255.255.248 outside
ssh timeout 30
management-access inside
console timeout 0
terminal width 80
Cryptochecksum:XXX
PIX(config)# -
PPTP VPN on Server 2008R2 dropping users but acting like it is still connected
Hello,
I'm having a weird problem and I'm at a loss. We have a couple of cloud servers that form our remote office system. Basically, their is 1 DC, 1 Remote Desktop server, and 2 member servers being used as workstations. The users access these
server and resources via a PPTP VPN setup on the DC using RRAS. Everything has worked fairly well for the last year, but recently, my users have complained that they get disconnected at random times over the last couple of weeks. I was able
to observe the behavior yesterday and it goes something like this:
-The user is working fine
-The user tries to access a share, open a web page, tries to open a remote desktop session or notices that their Outlook client is disconnected and finds that nothing can be reached outside of the local machine. I tried pinging the DC address,
www.google.com, and the RDP server without success. From the server, I tried pinging the errant workstation without success. The server shows the connection to be active and the workstation does not disconnect the connection. On
one occasion, the problem just rectified itself and everything started working again. On all other occasions, the VPN had to be disconnected and reconnected. Note that some workstations are not reporting this problem.
-The user disconnects the VPN
-The user reconnects the VPN and usually everything is okay again for awhile, but sometimes they are disconnected within minutes.
This is new behavior, and no changes have been made by me and the Cloud support people tell me they haven't done anything. At this point, I'm not even sure how to go about troubleshooting it. The next time it happened, I was going to pull an ARP table
to see if anything looks amiss, but the only other avenue I have going is a call into the cloud services support to see if they can look for dropped or filtered information between our main office and our cloud server.
The only part of this setup that is a little bit different for me is the IPv4 settings in the RRAS console under properties of the server. Normally in the IPv4 settings, I select DHCP and allow the users to pull from the existing DHCP server. However, the
cloud support recommended against having a DHCP server, so instead of DHCP, I selected "use static IP address pool." I put 10.216.8.197 to 10.216.8.22 and the subnet mask is picking up from the server as 255.255.255.224 and the default gateway is
picking up from the server as 10.216.8.193.
Does anyone have any advice on how to troubleshoot this problem? What to try next if the cloud services support doesn't find anything, etc?
Thanks,
Jeffery SmithHi Jeffery,
According to your description, the VPN clients can connect the server at the beginning, but when we reconnected after going wrong, they were disconnected within minutes. Maybe the next time it happened, we could follow steps below to troubleshoot this issue.
Use ipconfig /all command in the VPN client when we set up VPN connection, to view which IP address the VPN client obtain.
Pull an ARP table from the VPN client to view the IP Address-Physical Address mappings as you said will help to troubleshoot this issue. The assigned IP address maybe used by other computers.
If the static IP address pool range from 10.216.8.197 to 10.216.8.22, due to the subnet is 255.255.255.224, there are 8 subnet in the 10.216.8.0/27 network. If the static IP address pool consists of ranges of IP addresses that are for a separate subnet,
then we need to either enable an IP routing protocol on the remote access server computer or add static IP routes consisting of the {IP Address, Mask} of each range to the routers of the intranet. If the routes are not added, then remote access clients can’t
receive traffic from resources on the intranet.
Best Regards,
Tina -
[SOLVED]How to configure pptp vpn start on boot with netcfg?
I've configured 2 profiles:
eth0 and ppp0, where ppp0 is a pptp vpn tunnel.
$ ls /etc/network.d/
eth0 examples interfaces ppp0
$ cat /etc/network.d/ppp0
CONNECTION='ppp'
INTERFACE='ppp0'
PEER='dxt'
PPP_TIMEOUT=10
$ cat /etc/conf.d/netcfg
# Enable these netcfg profiles at boot time.
# - prefix an entry with a '@' to background its startup
# - set to 'last' to restore the profiles running at the last shutdown
# - set to 'menu' to present a menu (requires the dialog package)
# Network profiles are found in /etc/network.d
NETWORKS=(eth0 ppp0)
# Specify the name of your wired interface for net-auto-wired
WIRED_INTERFACE="eth0"
# Specify the name of your wireless interface for net-auto-wireless
WIRELESS_INTERFACE="wlan0"
Manually, I can start up ppp0 correctly.
$ sudo netcfg -u ppp0
:: ppp0 up [ BUSY ] Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
Cannot determine ethernet address for proxy ARP
local IP address 10.100.3.132
remote IP address 10.100.3.1
[ DONE ]
$ ip addr list dev ppp0
8: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 10.100.3.132 peer 10.100.3.1/32 scope global ppp0
But after booting, only eth0 is up. How to configure ppp0 to start on boot with netcfg?
Last edited by rchiang (2012-12-21 01:09:32)Thanks a lot for your instruction.
netcfg works now!
chris_l wrote:
Did you
systemctl enable [email protected] -
2 questions about PPTP VPN on 878
Hello,
I've configured my 878 router as a PPTP VPN server. It works very fine and very quickly. Using the XP VPN client from a remote site, I can "see" all servers in my network.
2 questions
1) When doing telnet on the 878 through the VPN, it is very slow.
2) I would have to get access to the internet through the VPN. But this does not work.
What should I change in this config :
Thanks in advance,
Guy
version 12.3
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service linenumber
service sequence-numbers
hostname ineo-21029
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 .....
username ...
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
ip subnet-zero
no ip cef
no ip dhcp use class
ip name-server 212.100.160.51
ip name-server 212.100.160.52
ip port-map ms-sql port 1433
vpdn enable
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
no ftp-server write-enable
isdn switch-type basic-net3
controller DSL 0
mode atm
line-term cpe
line-mode 2-wire line-zero
dsl-mode shdsl symmetric annex B
line-rate auto
interface BRI0
no ip address
shutdown
isdn switch-type basic-net3
interface ATM0
description === to PE/Router ====
no ip address
ip accounting output-packets
load-interval 30
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 8/35
oam-pvc manage 5
oam-pvc manage cc end direction both
oam retry 3 3 1
oam retry cc end 3 3 30
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Virtual-Template1
ip unnumbered Vlan1
peer default ip address pool test
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap ms-chap-v2
interface Vlan1
description $FW_INSIDE$
ip address 192.168.2.2 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname ....
ppp chap password ....
ppp pap sent-username ....
ip local pool test 192.168.2.240 192.168.2.250
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat inside source list 101 interface Dialer1 overload
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
dialer-list 1 protocol ip permit
control-plane
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 113 in
exec-timeout 0 0
transport preferred all
transport input all
transport output all
scheduler max-task-time 5000Thanks for this message.
Finding no solution to my problem, i've switched to other tools : Easy VPN server in the router + Cisco VPN client. My 2 questions have now received a positive answer.
I was very important for me to get Internet acess through the VPN. Because we rent a dedicated server, located somewhere, and the access to this server is firewall-protected on our public IP address. Thus, when i'm outside and want to manage this serveur, i've to connect via VPN at our central office first.
Best regards,
Guy -
PPTP VPN not working on OSX 10.9.2
My PPTP VPN to my office was working fine for more than 1 year.
However, in recently weeks it doesn't work anymore. The message I got as the following screenshot.
I believe the upgrade of 10.9.2 is the cause
I also have Windows VM (parallels) on this box (MBA2012mid), the Windows VPN work very well before and now.
It's very frustrating. (for me, VPN is used in urgent situation when I'm not in office). Can't believe Windows beat OSX at this feature.
Anyone have the same issue ? please share the solution. thanks
Update: Same issue happen on my iPhone5S (iOS 7.0.6)You can try these steps in case of issues with web pages:
You can reload web page(s) and bypass the cache to refresh possibly outdated or corrupted files.
*Hold down the Shift key and left-click the Reload button
*Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
*Press "Command + Shift + R" (Mac)
Clear the cache and cookies only from websites that cause problems.
"Clear the Cache":
*Firefox > Preferences > Advanced > Network > Cached Web Content: "Clear Now"
"Remove Cookies" from sites causing problems:
*Firefox > Preferences > Privacy > "Use custom settings for history" > Cookies: "Show Cookies"
Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
*Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
*Do NOT click the Reset button on the Safe Mode start window
*https://support.mozilla.org/kb/Safe+Mode
*https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes -
Can't connect to PPTP-VPN server...
When attempting to connect to a DD-WRT PPTP VPN server I kept receiving the general "Can't connect to PPTP-VPN server." message. All of the settings were exactly correct and tested on a Windows laptop. I began writing this because I didn't have any other ideas but half way through it (out of the blue) decided to attempt connecting. It worked!
The only thing I did different was delete the /Library/Preferences/SystemConfiguration contents and reboot.
Let's hope it continues to work. Posting this in case anyone else has the same error as I.A follow up on the VPN issue: it would only work if my laptop's wireless was tethered off of my Android phone - any other connection would connect to the VPN and get an IP but I couldn't ping anything. Also, after rebooting, I get the exact same damning error message now and any combination of rebooting and removing/renaming (don't ever delete system files!) /Library/Preferences/SystemConfiguration/* hasn't fixed the issue.
I very much hope Apple releases an update soon for this - it's a serious inconvenience! It must be a network stack issue too because I've tried many 3rd party applications that barf as well. -
Newest mac os x 10.9.1 cannot connect to PPTP VPN
I've just updated my mac to os x 10.9.1 this morning. After that my PPTP vpn no longer worked. Anyone knows what could I do?
Thanks!!!!Hello Summerland1975,
Welcome to the HP Forums.
I see that you are having an issue with installing the printer to your Mac.
Please remove any cables that connect the printer to the Mac and leave them off. Please then click on the following link for the HP Officejet 7610 series Full Feature Software and Drivers - OS X 10.9 Mavericks.
If you are still having issues, please feel free to write me back.
Thank you.
Click the “Kudos Thumbs Up" at the bottom of this post to say “Thanks” for helping!
Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
W a t e r b o y 71
I work on behalf of HP
Maybe you are looking for
-
IPod Classic Won't Charge Or Turn On
Hello, This past Christmas I received a 160gb black ipod classic for a present and it has worked fine up until now. I was using my ipod on Sunday just fine but I believe that I might have not taken it off hold and the battery Is now completely dead.
-
Downloaded an album and half of the songs wont play.
I downloaded The Fault in Our Stars album and most of the songs wont play, it just skips to a song that actually works.
-
Is the any standard report showing, SO/Billing report by material with Tax code thanks
-
Can I save my pdcast subscriptions?
Is it possible to save my subscriptions to podcasts? I subscribe to maybe 30 podcasts and it is very inconvenient to change computers or reinstall iTunes, and have to go to the store and find all of those podcasts again, and subscribe to them individ
-
I have purchased and downloaded several books without a problem...that is until today. Of the books I downloaded only one does not display propery. When I go to open the book I get a triangle with an explanation mark in it and the words Page Error. W