Lion 10.7.4 PPTP VPN MPPE Issues

Similar Messages

• NETWORKING: PPTP vpn routing issue.

  I tried this on many MACs since 10.4 till my actual 10.8.2.
  PPTP connection against atipical subnet 192.168.0.0/23.
  The RAS server has a 192.168.1.71 wich is the gateway for the destination 192.168.1.0/24 in my routing table.
  The Apple client can only connect to 192.168.1.0/24 subnet, while in the remote 192.168.0.0/23 includes 192.168.0.1-192.168.1.254.
  If i manually add the route 192.168.0.0/24 192.168.1.71 it works like a charm.
  No matter to say it is a Windows PPTP RAS and that no Windows client of any version (XP-8) has this networking issue.
  By now, i'm using a little bash script i send to ppl using MAC that need to connect to the vpn, that adds the route.
  Thanks in advance, any help will be highly appreciated!

  Just hold comments on this one for the moment. I have stripped the config completely (including not having a Management Interface) and it is working now. Need to test further and get the config back to what it should be.

• Has anyone got PPTP VPN to work on Lion Server?

  Has anyone got PPTP VPN to work on Lion Server?
  I had a go with the terminal commnds posted by apple support but no joy. Since then Apple has pulled the suport article - is it because it didn't work?
  I get PPTP is less secure but PPTP seems to be more reliable don't know whey they can't keep as GUI. I've got them both running on our 10.4 server and L2TP stoped allowing connections for no reason PPTP was still working L2TP started working again on its own. Plus L2TP drops my connection when I connect with a 2nd device e.g connected with my Macbook connect with my iPhone (different username) it drops my Macbook.
  Any advice getting PPTP to work on Lion Server would be appreciated
  Thanks
  Ben

  Hi,
  I have posted a bugreport on this issue to Apple. Currently (10.7.2) it is not possible to run PPTP on any Mac OS X Server when using a 10.7 Server as Directory Server.
  I have tried 'everything', but the MPPE encryption mechanism seems to be broken.
  Edit: I see now that the bugreport is filed as a duplicate to an older case, which is now closed. I hope this means they have found the problem and will release a fix in the next update.

• Macbook Wireless Driver Incompatible with Dual Band Access Points & PPTP VPN with MPPE Enabled.

  Configuration:
  Local Client: Macbook Pro 8,1 (Dual boot 10.8.2 & Windows 7 x64)
  Local WLAN AP: WiFi dual band access points (I do not have admin access to)
  ISP: TWC Road Runner
  External VPN Server: Poptop PPTPD server v1.3.4 (I do have admin access to)
  Problem:
  There is a Macbook BCM4331 driver incompatibility that spans across both OS X and Windows 7 when connecting to a PPTP VPN through a local dual band access point.
  The same Macbook (booted into either OS X 10.8 or Windows 7) cannot maintain a ping/connection to the PPTP server when connected to a local dual band (2.4GHZ/5GHZ) WiFi access point.
  Macbook connects and remains connected to the PPTP server (as shown in connection status,) but no traffic will pass through VPN once the connection has "dropped" internet traffic. Flood ping to the VPN server initially replies with expected <30ms ping time. Once internet traffic is passed across VPN, ping fails and traffic stops completely.
  • Any other wifi client machines & OS using same dual band AP can connect to VPN and maintain flood ping to PPTP server and pass all traffic or even split tunnel. I've tested different computers using Windows XP, Windows 7, Android 4.1, iOS 6.0.1 etc. No problems at all.
  • Macbook can maintain flood ping and pass traffic to PPTP server when connected to a different standard 2.4GHZ access point.
  • Macbook can maintain flood ping and pass traffic to PPTP server when connected via Ethernet on same LAN as dual band AP's.
  • Macbook can maintain connection/ping by disabiling MPPE encryption on the PPTP server. Running an unencrypted VPN is not an option for me however.
  • Macbook can maintain connection/ping whenn booted into Windows 7 natively and disabling 2.4 band through Device Manager > Advanced tab > Disable bands > "Disable 802.11g/b".
  To fix this problem, I would propose that Apple allow OS X users to disable 2.4GHZ in OS X. Doing so should allow PPTP + MPPE when connected via dual band routers as it does in Windows 7. I think asking them to rewrite the driver for OS X & Windows 7 is asking too much.
  Credits:
  I have been through so many forums, reconfigured the Macbook, the PPTP server, reformatted, tested and tweaked until my eyes bled. Here is a collection of threads of others with similar problems:
  https://discussions.apple.com/thread/2778039?start=120&tstart=0
  https://discussions.apple.com/thread/3202997?start=0&tstart=0
  https://discussions.apple.com/thread/2136112?start=15&tstart=0
  http://forums.macrumors.com/showthread.php?t=196438
  https://discussions.apple.com/thread/2132652?start=0&tstart=0
  http://comments.gmane.org/gmane.network.poptop/2373
  https://discussions.apple.com/thread/1623154?start=0&tstart=0
  https://discussions.apple.com/message/12514921?messageID=12514921#12514921
  http://forums.macrumors.com/showthread.php?t=1101053
  http://forums.macrumors.com/showthread.php?t=415087
  https://discussions.apple.com/thread/1346301?start=0&tstart=0
  https://discussions.apple.com/thread/2197122?start=0&tstart=0

  I haven't heard anything back yet. I will update if I do.
  Being that Apple takes pride in selling their own computers and writing their own drivers & software to match, the Macbook with OS X 10.8 should be a super polished, finely tuned machine. It's aggravating when I can't do relatively simple things which I can do on any other device & OS:
  If you've read the first post, you know it's not possible to pass PPTP + MPPE on the Macbook Pro 8,1 with OS X 10.6+ or Windows 7 when connected to a dual band AP.
  OS X also imposes a 130mbps limit on the 2.4Ghz band. I have no problems connecting @ 450mbps on 2.4Ghz with Windows 7. The range is much better than 5Ghz as expected when there aren't any neighboring AP's for interference. I've also never received interference with Bluetooth devices.
  There have been a couple times where some things don't plain work right and the flexibility to fix them as an "Apple knows better than the user" policy is restricted. In most cases, perhaps Apple does know better. In this case, there is definitely a problem with the BCM4331 driver. If it "just worked" this topic wouldn't have been created.

• SA520 PPTP VPN issue

  Hi.
  We have just setup a SA520 at a customer location. It is running firmware version 1.1.65.
  It seems to be operating fine, except PPTP VPN.
  Looking at the log from the SA520 it forwards port 1723 and 500 to the correct PPTP server in the network. But it seems like this machine it not receiving the PPTP VPN request.
  On the server is also running a FTP service which works fine - so the server is alive.
  Is there something about we also need to use GRE (Protocol 47) when using PPTP? We have looked everywhere in the SA520, but can't find it.
  Any help appreciated, thanks!
  /Ulrik
  Attached: SA520-log, PPTP-server-log, Firewall-rules.

  Hi Federico.
  I also believe GRE must be used to establish the PPTP connection, but it is not listed as a service under firewall rules or anywhere else in the SA520.
  The reason to open port 500 was because we could see a request to the port, when we were trying to connect. It doesn't change anything if the port is open or not.
  I don't think it establish the PPTP tunnel at all. The receiving server is just listening for connections as the screenshot of the log shows. It doesn't indicate an established connection.
  I am pretty sure GRE is the problem, but they big question is how do enable it in the SA520.
  /Ulrik

• Trouble about vpn connecting (PPTP VPN did not respond)

  I am new in mac. These days I have searched a lot on line for the solution to this problem but none fixed it. So....
  Our lab only have an instruciton for connecting vpn under windows and I succeeded to do this by following this in windwos 7.
  There is a host name instead of ip address in the instruciton and I think that should not be the problem.
  And in the protocol of TCP/IP property settings, the user was asked to Remove the tick before “Use default gateway on remote network”.  Besides, in the instruction, it sets to obtain the IP address and DNS address automatically, so that I do not have such inforamtion about the server of our lab.
  In my new macbook pro (Mac ox lion 10.7.3), I did the following things:
  1. in system properties->network, Select the + button at the bottom left of the screen to add a new connection.
  2.  Select the following:
  a. Interface: VPN
  b. VPN Type: PPTP
  c. Service Name: SAS VPN
  d. Select Create.
  3.  Configuration: default
      server address: host name “xxx.xx.xxxx.xx”
      account name: (I am sure there is no error in this)
     encryptiong: none
  4. click Authorization settings to input the password.
  5. Click the Advanced button. and Select Options. Verify Send all traffic over VPN connection is checked. (and is not checked ) (I tried both, none of them worked). About the other seetings.
  6. On the TCP/IP tab, set "Configure IPv4" to "Using PPP." So I can not input the DNS server information.
  7. click apply and then try to connect.
  However, it returned me an error said " PPTP-VPN server did not respond. Try to reconnect. If that continues....."
  I think there are lots of experts in mac os x. Can anyone here help me with this? Thanks a lot in advance!

  >> encryptiong: none
  I found out, that you NEED the encryption in Lion Server VPN.
  I understand, that you use Lion Server as you mention the problem here in the Lion Server section.
  I do the following: Install the "Admin Tool VPN" from App-Store for some Euros. Than I found section PPTP and there is a check for
  a) Active
  b) Compression and Encryption
  I take the check for b) out and restart (Off / On), took my XP-Notebook and connected via PPTP and all working!
  Since Lion Apple hide a lot of things from the official tools and if you have some special tools, you can activate function. There is
  Level 1, the userlevel: Something like Dashboard in the new MS-Servers or the Server App in the new Lion Server
  Level 2, the administrator level: The difference between Server App and Server Admin! The Server Tools you need download separatly as you know after a while, something is missing. Same with the new Airport Utility: Userlevel tool = AU 6.0 with grafical fun and some basics, AU 5.6 is the tool for the admin what you separtly need download.
  Level 3, the special deeper view: Typically it is the command line interface, CLI, but if you need some GUI (grafical user interface), you buy an App like Admin VPN Tool and this tool (App for some Euros) in real does nothing else than comfortably set some inside switches and flags that the offical GUI admin tools not have realized.
  Why?
  Oh, I think it's because security issues. You want the Mac Server become like a Microsoft Server? So, you shouldn't use not encrypted connections and that's (in my understanding) the reason why the Lion Server EXPECTS YOU to use encryption and the official tools not give you the oportunity to switch the encryption off!

• [Solved] NetworkManager-pptp VPN not working after update to 0.9.10

  Hello,
  I have a PPTP VPN set up and it's been working for a long time.  However, after I updated last night to networkmanager-0.9.10, it is no longer able to connect to the remote network.  I can activate the VPN connection, enter my password, but after a short period of time, the connection reports:  "Error: Connection activation failed: the VPN service returned invalid configuration."  As I mentioned before, this VPN was working right before the update and I didn't change the configuration on either my computer or the destination network so I'm pretty sure that this is something to do with the update.  I'm wondering if anybody else has run into this problem and if they've been able to find a solution.  I've been searching all over these forums and the internet for some hours now and I haven't found anything yet.  I'm hoping that somebody might be able to point me in the right direction or maybe know of something that might have changed with the new update.
  Here is my VPN configuration (using NetworkManager-PPTP.  I've also obscured the public IP address):
  [connection]
  id=MyVPN
  uuid=fe6e6265-1a79-4a69-b6d1-8b47e9d4c948
  type=vpn
  permissions=user:greyseal96:;
  autoconnect=false
  timestamp=1408950986
  [vpn]
  service-type=org.freedesktop.NetworkManager.pptp
  gateway=192.168.146.114
  require-mppe=yes
  user=greyseal96
  password-flags=3
  [ipv6]
  method=auto
  [ipv4]
  method=auto
  route1=10.17.0.0/16,10.17.1.1,1
  never-default=true
  Here are my logs during the time that I tried to connect:
  Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> Starting VPN service 'pptp'...
  Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 1938
  Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' appeared; activating connections
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN plugin state changed: starting (3)
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: pppd started with pid 1945
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (Connect) reply received.
  Aug 24 23:44:21 MyArchBox pppd[1945]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
  Aug 24 23:44:21 MyArchBox pppd[1945]: pppd 2.4.6 started by root, uid 0
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
  Aug 24 23:44:21 MyArchBox pppd[1945]: Using interface ppp0
  Aug 24 23:44:21 MyArchBox pppd[1945]: Connect: ppp0 <--> /dev/pts/2
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: Using interface ppp0
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: Connect: ppp0 <--> /dev/pts/2
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 10)
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/9
  Aug 24 23:44:21 MyArchBox pptp[1947]: nm-pptp-service-1938 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
  Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
  Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
  Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
  Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
  Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
  Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 50048).
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 6 / phase 'authenticate'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): passwd-hook, requesting credentials...
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): got credentials from NetworkManager-pptp
  Aug 24 23:44:25 MyArchBox pppd[1945]: CHAP authentication succeeded
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: CHAP authentication succeeded
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
  Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE 128-bit stateless compression enabled
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE 128-bit stateless compression enabled
  Aug 24 23:44:25 MyArchBox pppd[1945]: Cannot determine ethernet address for proxy ARP
  Aug 24 23:44:25 MyArchBox pppd[1945]: local  IP address 10.17.10.3
  Aug 24 23:44:25 MyArchBox pppd[1945]: remote IP address 10.17.10.1
  Aug 24 23:44:25 MyArchBox pppd[1945]: primary   DNS address 10.17.2.22
  Aug 24 23:44:25 MyArchBox pppd[1945]: secondary DNS address 10.17.2.23
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN Gateway: 192.168.146.114
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Tunnel Device: ppp0
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> IPv4 configuration:
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Address: 10.17.10.3
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Prefix: 32
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Point-to-Point Address: 10.17.10.1
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Maximum Segment Size (MSS): 0
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Static Route: 10.17.0.0/16   Next Hop: 10.17.1.1
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Forbid Default Route: yes
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal DNS: 10.17.2.22
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal DNS: 10.17.2.23
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   DNS Domain: '(none)'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> No IPv6 configuration
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.481618] [platform/nm-linux-platform.c:1716] add_object(): Netlink error adding 10.17.0.0/16 via 10.17.1.1 dev ppp0 metric 1 mss 0 src user: Unspecific failure
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <warn> VPN connection 'MyVPN' did not receive valid IP config information.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Cannot determine ethernet address for proxy ARP
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: local  IP address 10.17.10.3
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: remote IP address 10.17.10.1
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: primary   DNS address 10.17.2.22
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: secondary DNS address 10.17.2.23
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 9 / phase 'running'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): ip-up event
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): sending Ip4Config to NetworkManager-pptp...
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: PPTP service (IP Config Get) reply received.
  Aug 24 23:44:25 MyArchBox pppd[1945]: Terminating on signal 15
  Aug 24 23:44:25 MyArchBox pppd[1945]: Modem hangup
  Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
  Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
  Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
  Aug 24 23:44:25 MyArchBox pppd[1945]: Connect time 0.0 minutes.
  Aug 24 23:44:25 MyArchBox pppd[1945]: Sent 0 bytes, received 0 bytes.
  Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE disabled
  Aug 24 23:44:25 MyArchBox pppd[1945]: Connection terminated.
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: inet 10.17.0.0/16 table main
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: priority 0x1 protocol static
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: nexthop via 10.17.1.1 dev 10
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487073] [platform/nm-linux-platform.c:2252] link_change(): Netlink error changing link 10:  <DOWN> mtu 0 (1) driver 'unknown' udi '/sys/devices/virtual/net/ppp0': No such device
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487153] [platform/nm-linux-platform.c:1777] delete_object(): Netlink error deleting 10.17.10.3/32 lft forever pref forever lifetime 1862-0[4294967295,4294967295] dev ppp0 src kernel: No such device (-31)
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: Terminated ppp daemon with PID 1945.
  Aug 24 23:44:25 MyArchBox kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Terminating on signal 15
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Modem hangup
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connect time 0.0 minutes.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Sent 0 bytes, received 0 bytes.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE disabled
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 10 / phase 'terminate'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connection terminated.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
  Aug 24 23:44:25 MyArchBox pppd[1945]: Exit.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** (nm-pptp-service:1938): WARNING **: pppd exited with error code 16
  Aug 24 23:44:45 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' disappeared
  If you've gotten this far, thank you for taking the time to read through all this!  Any help that you can give would be much appreciated.
  Last edited by greyseal96 (2014-08-27 15:20:02)

  Hmm, not sure about the 3.16 series kernel, but I found that when I upgraded to kernel 3.18 the PPTP VPN also stopped working.  This time, though, it was because, for some reason, there was a change in kernel 3.18 where the firewall kernel modules necessary for the VPN don't get loaded so the firewall won't allow some of the PPTP traffic from the remote side back in.  Since the firewall is stateful, these modules need to be loaded so that the firewall can know that the incoming PPTP traffic from the remote side is part of an existing connection.  Here's what my network manager logs looked like:
  NetworkManager[619]: <info> Starting VPN service 'pptp'...
  NetworkManager[619]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 31139
  NetworkManager[619]: <info> VPN service 'pptp' appeared; activating connections
  NetworkManager[619]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
  NetworkManager[619]: <info> VPN plugin state changed: starting (3)
  NetworkManager[619]: ** Message: pppd started with pid 31148
  NetworkManager[619]: <info> VPN connection 'MyVPN' (Connect) reply received.
  pppd[31148]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
  NetworkManager[619]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
  pppd[31148]: pppd 2.4.7 started by root, uid 0
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
  pppd[31148]: Using interface ppp0
  pppd[31148]: Connect: ppp0 <--> /dev/pts/5
  NetworkManager[619]: Using interface ppp0
  NetworkManager[619]: Connect: ppp0 <--> /dev/pts/5
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  NetworkManager[619]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 7)
  NetworkManager[619]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/6
  pptp[31150]: nm-pptp-service-31139 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 25344).
  pppd[31148]: LCP: timeout sending Config-Requests <===HERE IS WHERE THE CONNECTION FAILS BECAUSE THE MODULES AREN'T LOADED.
  pppd[31148]: Connection terminated.
  NetworkManager[619]: LCP: timeout sending Config-Requests
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
  NetworkManager[619]: Connection terminated.
  NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
  pppd[31148]: Modem hangup
  pppd[31148]: Exit.
  NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
  NetworkManager[619]: Modem hangup
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
  NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
  NetworkManager[619]: <info> VPN plugin state changed: stopped (6)
  NetworkManager[619]: <info> VPN plugin state change reason: unknown (0)
  NetworkManager[619]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
  NetworkManager[619]: ** (nm-pptp-service:31139): WARNING **: pppd exited with error code 16
  NetworkManager[619]: <info> VPN service 'pptp' disappeared
  To fix this, I had to add a file to the /etc/modules-load.d directory to have the modules loaded into the kernel at boot.  I just created a file called netfilter.conf and put the following in it:
  nf_nat_pptp
  nf_conntrack_pptp
  nf_conntrack_proto_gre
  Not sure if this addresses your problem or not, but maybe it's worth a look.

• How to configure Multiple PPTP VPN Clients on cisco 3g supported Router

  I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
  here is the config for the one that works:
  vpdn-group 1
  request-dialin
  protocol pptp
  rotary-group 0
  initiate-to ip xxx.xxx.xxx.xxx
  interface Dialer0
  mtu 1450
  ip address negotiated
  ip pim dense-mode
  ip nat outside
  ip virtual-reassembly
  zone-member security private
  encapsulation ppp
  ip igmp query-interval 125
  dialer in-band
  dialer idle-timeout 0
  dialer string 123
  dialer vpdn
  dialer-group 1
  no peer neighbor-route
  no cdp enable
  ppp pfc local request
  ppp pfc remote apply
  ppp encrypt mppe auto
  ppp authentication ms-chap-v2 ms-chap eap chap pap callin
  ppp eap refuse
  ppp chap hostname xxx@xxx
  ppp chap password 7 xxxpassword
  But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.

  I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
  here is the config for the one that works:
  vpdn-group 1
  request-dialin
  protocol pptp
  rotary-group 0
  initiate-to ip xxx.xxx.xxx.xxx
  interface Dialer0
  mtu 1450
  ip address negotiated
  ip pim dense-mode
  ip nat outside
  ip virtual-reassembly
  zone-member security private
  encapsulation ppp
  ip igmp query-interval 125
  dialer in-band
  dialer idle-timeout 0
  dialer string 123
  dialer vpdn
  dialer-group 1
  no peer neighbor-route
  no cdp enable
  ppp pfc local request
  ppp pfc remote apply
  ppp encrypt mppe auto
  ppp authentication ms-chap-v2 ms-chap eap chap pap callin
  ppp eap refuse
  ppp chap hostname xxx@xxx
  ppp chap password 7 xxxpassword
  But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.

• Help needed to connect to remote PPTP VPN via PIX 515e

  Hello,
  A user in our office needs to connect to a client's remote PPTP VPN but can't connect.  The user is running Windows 7.  We have a Cisco PIX 515e firewall that is running PIX Version 6.3(3) - this is what our user is having to go through to try and make the connection to the client's remote VPN.
  The client's network guys have come back and said the issue is at our side.  They say that they can see some of our traffic but not all of it. The standard error is shown below, and they say it's symptomatic of the client-side firewall not allowing PPTP traffic:
  "A connection between the VPN server and the VPN client XXX.XXX.XXX.XXX has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets."
  I have very little firewall experience and absolutely no Cisco experience I'm afraid.  From looking at the PIX config I can see the following line:
  fixup protocol pptp 1723.
  Does this mean that the PPTP protcol is enabled on our firewall?  Is this for both incoming and outgoing traffic?
  I can see no reference to GRE 47 in the PIX config.  Can anyone advise me what I should look for to see if this has been enabled or not?
  I apologise again for my lack of knowledge.  Any help or advice would be very gratefully received.
  Ros

  Hi Eugene,
  Thank you for taking the time to reply to me.  Please see our full PIX config below.  I've XX'd out names and IP addresses as I'm never comfortable posting those type of details in a public forum.  I hope that the information below is still sufficient for you.
  Thanks again for your help,
  Ros
  PIX(config)# en
  Not enough arguments.
  Usage:  enable password [] [level ] [encrypted]
          no enable password level
          show enable
  PIX(config)# show config
  : Saved
  : Written by enable_15 at 10:30:31.976 GMT/BDT Mon Apr 4 2011
  PIX Version 6.3(3)
  interface ethernet0 auto
  interface ethernet1 auto
  interface ethernet2 auto
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  nameif ethernet2 DMZ security10
  enable password XXX encrypted
  passwd XXX encrypted
  hostname PIX
  domain-name XXX.com
  clock timezone GMT/BST 0
  clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol pptp 1723
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  name XX.XX.XX.XX Secondary
  access-list outside_access_in permit tcp XX.XX.XX.XX 255.255.255.240 host XX.XX.XX.XX eq smtp
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq https
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 993
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 587
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 82
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
  access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
  access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 8082
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.0.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl deny udp any any eq 135
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_40 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_60 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list USER1 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_10 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_20 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_30 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_50 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_70 permit ip any XX.XX.XX.XX 255.255.0.0
  access-list USER2 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list USER3 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list USER4 permit ip any XX.XX.XX.XX 255.255.0.0
  pager lines 24
  logging on
  logging host inside XX.XX.XX.XX
  icmp permit any outside
  icmp permit any inside
  mtu outside 1500
  mtu inside 1500
  mtu DMZ 1500
  ip address outside XX.XX.XX.XX 255.255.255.248
  ip address inside XX.XX.XX.XX 255.255.255.0
  no ip address DMZ
  ip audit info action alarm
  ip audit attack action alarm
  pdm location XX.XX.XX.XX 255.255.255.255 inside
  pdm location XX.XX.XX.XX 255.255.0.0 outside
  pdm location XX.XX.XX.XX 255.255.255.0 outside
  pdm logging debugging 100
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_outbound_nat0_acl
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
  static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
  static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
  static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX 1
  route inside XX.XX.XX.XX 255.255.0.0 XX.XX.XX.XX 1
  timeout xlate 3:00:00
  timeout conn 2:00:00 half-closed 0:30:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  aaa-server LOCAL protocol local
  ntp authenticate
  ntp server XX.XX.XX.XX source outside prefer
  http server enable
  http XX.XX.XX.XX 255.255.0.0 outside
  http XX.XX.XX.XX 255.255.255.0 outside
  http XX.XX.XX.XX 255.255.255.255 inside
  snmp-server host inside XX.XX.XX.XX
  no snmp-server location
  no snmp-server contact
  snmp-server community XXX
  snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map cola 20 set transform-set ESP-3DES-MD5
  crypto dynamic-map dod 10 set transform-set ESP-3DES-MD5
  crypto map outside_map 10 ipsec-isakmp dynamic cola
  crypto map outside_map 20 ipsec-isakmp
  crypto map outside_map 20 match address outside_cryptomap_20
  crypto map outside_map 20 set peer XX.XX.XX.XX
  crypto map outside_map 20 set transform-set ESP-3DES-MD5
  crypto map outside_map 25 ipsec-isakmp
  crypto map outside_map 25 match address USER1
  crypto map outside_map 25 set peer XX.XX.XX.XX
  crypto map outside_map 25 set transform-set ESP-3DES-MD5
  crypto map outside_map 30 ipsec-isakmp
  crypto map outside_map 30 match address outside_cryptomap_30
  crypto map outside_map 30 set peer XX.XX.XX.XX
  crypto map outside_map 30 set transform-set ESP-3DES-MD5
  crypto map outside_map 40 ipsec-isakmp
  crypto map outside_map 40 match address outside_cryptomap_40
  crypto map outside_map 40 set peer XX.XX.XX.XX
  crypto map outside_map 40 set transform-set ESP-3DES-MD5
  crypto map outside_map 50 ipsec-isakmp
  crypto map outside_map 50 match address outside_cryptomap_50
  crypto map outside_map 50 set peer XX.XX.XX.XX
  crypto map outside_map 50 set transform-set ESP-3DES-MD5
  crypto map outside_map 60 ipsec-isakmp
  crypto map outside_map 60 match address outside_cryptomap_60
  crypto map outside_map 60 set peer XX.XX.XX.XX
  crypto map outside_map 60 set transform-set ESP-3DES-MD5
  crypto map outside_map 70 ipsec-isakmp
  crypto map outside_map 70 match address outside_cryptomap_70
  crypto map outside_map 70 set peer XX.XX.XX.XX
  crypto map outside_map 70 set transform-set ESP-3DES-MD5
  crypto map outside_map 75 ipsec-isakmp
  crypto map outside_map 75 match address USER4
  crypto map outside_map 75 set peer XX.XX.XX.XX
  crypto map outside_map 75 set transform-set ESP-3DES-MD5
  crypto map outside_map 80 ipsec-isakmp
  crypto map outside_map 80 match address USER2
  crypto map outside_map 80 set peer XX.XX.XX.XX
  crypto map outside_map 80 set transform-set ESP-3DES-MD5
  crypto map outside_map 90 ipsec-isakmp
  crypto map outside_map 90 match address USER3
  crypto map outside_map 90 set peer XX.XX.XX.XX
  crypto map outside_map 90 set transform-set ESP-3DES-MD5
  crypto map outside_map interface outside
  isakmp enable outside
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption 3des
  isakmp policy 20 hash md5
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  telnet XX.XX.XX.XX 255.255.0.0 outside
  telnet XX.XX.XX.XX 255.255.255.255 inside
  telnet XX.XX.XX.XX 255.255.255.255 inside
  telnet XX.XX.XX.XX 255.255.255.255 inside
  telnet timeout 30
  ssh XX.XX.XX.XX 255.255.255.248 outside
  ssh XX.XX.XX.XX 255.255.255.248 outside
  ssh timeout 30
  management-access inside
  console timeout 0
  terminal width 80
  Cryptochecksum:XXX
  PIX(config)#

• PPTP VPN on Server 2008R2 dropping users but acting like it is still connected

  Hello,
  I'm having a weird problem and I'm at a loss.  We have a couple of cloud servers that form our remote office system.  Basically, their is 1 DC, 1 Remote Desktop server, and 2 member servers being used as workstations.  The users access these
  server and resources via a PPTP VPN setup on the DC using RRAS.  Everything has worked fairly well for the last year, but recently, my users have complained that they get disconnected at random times over the last couple of weeks.  I was able
  to observe the behavior yesterday and it goes something like this:
  -The user is working fine
  -The user tries to access a share, open a web page, tries to open a remote desktop session or notices that their Outlook client is disconnected and finds that nothing can be reached outside of the local machine.  I tried pinging the DC address,
  www.google.com, and the RDP server without success. From the server, I tried pinging the errant workstation without success. The server shows the connection to be active and the workstation does not disconnect the connection. On
  one occasion, the problem just rectified itself and everything started working again. On all other occasions, the VPN had to be disconnected and reconnected. Note that some workstations are not reporting this problem.
  -The user disconnects the VPN
  -The user reconnects the VPN and usually everything is okay again for awhile, but sometimes they are disconnected within minutes.
  This is new behavior, and no changes have been made by me and the Cloud support people tell me they haven't done anything.  At this point, I'm not even sure how to go about troubleshooting it. The next time it happened, I was going to pull an ARP table
  to see if anything looks amiss, but the only other avenue I have going is a call into the cloud services support to see if they can look for dropped or filtered information between our main office and our cloud server.
  The only part of this setup that is a little bit different for me is the IPv4 settings in the RRAS console under properties of the server. Normally in the IPv4 settings, I select DHCP and allow the users to pull from the existing DHCP server. However, the
  cloud support recommended against having a DHCP server, so instead of DHCP, I selected "use static IP address pool." I put 10.216.8.197 to 10.216.8.22 and the subnet mask is picking up from the server as 255.255.255.224 and the default gateway is
  picking up from the server as 10.216.8.193.
  Does anyone have any advice on how to troubleshoot this problem?  What to try next if the cloud services support doesn't find anything, etc?
  Thanks,
  Jeffery Smith

  Hi Jeffery,
  According to your description, the VPN clients can connect the server at the beginning, but when we reconnected after going wrong, they were disconnected within minutes. Maybe the next time it happened, we could follow steps below to troubleshoot this issue.
  Use ipconfig /all command in the VPN client when we set up VPN connection, to view which IP address the VPN client obtain.
  Pull an ARP table from the VPN client to view the IP Address-Physical Address mappings as you said will help to troubleshoot this issue. The assigned IP address maybe used by other computers.
  If the static IP address pool range from 10.216.8.197 to 10.216.8.22, due to the subnet is 255.255.255.224, there are 8 subnet in the 10.216.8.0/27 network. If the static IP address pool consists of ranges of IP addresses that are for a separate subnet,
  then we need to either enable an IP routing protocol on the remote access server computer or add static IP routes consisting of the {IP Address, Mask} of each range to the routers of the intranet. If the routes are not added, then remote access clients can’t
  receive traffic from resources on the intranet.
  Best Regards,
  Tina

• [SOLVED]How to configure pptp vpn start on boot with netcfg?

  I've configured 2 profiles:
  eth0 and ppp0, where ppp0 is a pptp vpn tunnel.
  $ ls /etc/network.d/
  eth0  examples  interfaces  ppp0
  $ cat /etc/network.d/ppp0
  CONNECTION='ppp'
  INTERFACE='ppp0'
  PEER='dxt'
  PPP_TIMEOUT=10
  $ cat /etc/conf.d/netcfg
  # Enable these netcfg profiles at boot time.
  #   - prefix an entry with a '@' to background its startup
  #   - set to 'last' to restore the profiles running at the last shutdown
  #   - set to 'menu' to present a menu (requires the dialog package)
  # Network profiles are found in /etc/network.d
  NETWORKS=(eth0 ppp0)
  # Specify the name of your wired interface for net-auto-wired
  WIRED_INTERFACE="eth0"
  # Specify the name of your wireless interface for net-auto-wireless
  WIRELESS_INTERFACE="wlan0"
  Manually, I can start up ppp0 correctly.
  $ sudo netcfg -u ppp0
  :: ppp0 up                                                                                                                                                                 [ BUSY ] Using interface ppp0
  Connect: ppp0 <--> /dev/pts/3
  CHAP authentication succeeded
  MPPE 128-bit stateless compression enabled
  Cannot determine ethernet address for proxy ARP
  local  IP address 10.100.3.132
  remote IP address 10.100.3.1
                                                                                                                                                                             [ DONE ]
  $ ip addr list dev ppp0
  8: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast state UNKNOWN qlen 3
      link/ppp
      inet 10.100.3.132 peer 10.100.3.1/32 scope global ppp0
  But after booting, only eth0 is up. How to configure ppp0 to start on boot with netcfg?
  Last edited by rchiang (2012-12-21 01:09:32)

  Thanks a lot for your instruction.
  netcfg works now!
  chris_l wrote:
  Did you
  systemctl enable [email protected]

• 2 questions about PPTP VPN on 878

  Hello,
  I've configured my 878 router as a PPTP VPN server. It works very fine and very quickly. Using the XP VPN client from a remote site, I can "see" all servers in my network.
  2 questions
  1) When doing telnet on the 878 through the VPN, it is very slow.
  2) I would have to get access to the internet through the VPN. But this does not work.
  What should I change in this config :
  Thanks in advance,
  Guy
  version 12.3
  no service pad
  service timestamps debug datetime localtime show-timezone
  service timestamps log datetime localtime show-timezone
  service password-encryption
  service linenumber
  service sequence-numbers
  hostname ineo-21029
  boot-start-marker
  boot-end-marker
  no logging buffered
  enable secret 5 .....
  username ...
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  ip subnet-zero
  no ip cef
  no ip dhcp use class
  ip name-server 212.100.160.51
  ip name-server 212.100.160.52
  ip port-map ms-sql port 1433
  vpdn enable
  vpdn-group 1
  ! Default PPTP VPDN group
  accept-dialin
  protocol pptp
  virtual-template 1
  no ftp-server write-enable
  isdn switch-type basic-net3
  controller DSL 0
  mode atm
  line-term cpe
  line-mode 2-wire line-zero
  dsl-mode shdsl symmetric annex B
  line-rate auto
  interface BRI0
  no ip address
  shutdown
  isdn switch-type basic-net3
  interface ATM0
  description === to PE/Router ====
  no ip address
  ip accounting output-packets
  load-interval 30
  no atm ilmi-keepalive
  interface ATM0.1 point-to-point
  description $ES_WAN$
  pvc 8/35
  oam-pvc manage 5
  oam-pvc manage cc end direction both
  oam retry 3 3 1
  oam retry cc end 3 3 30
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface Virtual-Template1
  ip unnumbered Vlan1
  peer default ip address pool test
  no keepalive
  ppp encrypt mppe auto
  ppp authentication pap chap ms-chap ms-chap-v2
  interface Vlan1
  description $FW_INSIDE$
  ip address 192.168.2.2 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Dialer1
  description $FW_OUTSIDE$
  ip address negotiated
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  no cdp enable
  ppp chap hostname ....
  ppp chap password ....
  ppp pap sent-username ....
  ip local pool test 192.168.2.240 192.168.2.250
  ip classless
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  no ip http secure-server
  ip nat inside source list 101 interface Dialer1 overload
  access-list 101 permit ip 192.168.2.0 0.0.0.255 any
  dialer-list 1 protocol ip permit
  control-plane
  line con 0
  exec-timeout 120 0
  no modem enable
  transport preferred all
  transport output all
  stopbits 1
  line aux 0
  transport preferred all
  transport output all
  line vty 0 4
  access-class 113 in
  exec-timeout 0 0
  transport preferred all
  transport input all
  transport output all
  scheduler max-task-time 5000

  Thanks for this message.
  Finding no solution to my problem, i've switched to other tools : Easy VPN server in the router + Cisco VPN client. My 2 questions have now received a positive answer.
  I was very important for me to get Internet acess through the VPN. Because we rent a dedicated server, located somewhere, and the access to this server is firewall-protected on our public IP address. Thus, when i'm outside and want to manage this serveur, i've to connect via VPN at our central office first.
  Best regards,
  Guy

• PPTP VPN not working on OSX 10.9.2

  My PPTP VPN to my office was working fine for more than 1 year.
  However, in recently weeks it doesn't work anymore. The message I got as the following screenshot.
  I believe the upgrade of 10.9.2 is the cause
  I also have Windows VM (parallels) on this box (MBA2012mid), the Windows VPN work very well before and now.
  It's very frustrating. (for me, VPN is used in urgent situation when I'm not in office). Can't believe Windows beat OSX at this feature. 
  Anyone have the same issue ? please share the solution. thanks
  Update:  Same issue happen on my iPhone5S (iOS 7.0.6)

  You can try these steps in case of issues with web pages:
  You can reload web page(s) and bypass the cache to refresh possibly outdated or corrupted files.
  *Hold down the Shift key and left-click the Reload button
  *Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
  *Press "Command + Shift + R" (Mac)
  Clear the cache and cookies only from websites that cause problems.
  "Clear the Cache":
  *Firefox > Preferences > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Firefox > Preferences > Privacy > "Use custom settings for history" > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
  *Switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance
  *Do NOT click the Reset button on the Safe Mode start window
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• Can't connect to PPTP-VPN server...

  When attempting to connect to a DD-WRT PPTP VPN server I kept receiving the general "Can't connect to PPTP-VPN server." message. All of the settings were exactly correct and tested on a Windows laptop. I began writing this because I didn't have any other ideas but half way through it (out of the blue) decided to attempt connecting. It worked!
  The only thing I did different was delete the /Library/Preferences/SystemConfiguration contents and reboot.
  Let's hope it continues to work. Posting this in case anyone else has the same error as I.

  A follow up on the VPN issue: it would only work if my laptop's wireless was tethered off of my Android phone - any other connection would connect to the VPN and get an IP but I couldn't ping anything. Also, after rebooting, I get the exact same damning error message now and any combination of rebooting and removing/renaming (don't ever delete system files!) /Library/Preferences/SystemConfiguration/* hasn't fixed the issue.
  I very much hope Apple releases an update soon for this - it's a serious inconvenience! It must be a network stack issue too because I've tried many 3rd party applications that barf as well.

• Newest mac os x 10.9.1 cannot connect to PPTP VPN

  I've just updated my mac to os x 10.9.1 this morning. After that my PPTP vpn no longer worked. Anyone knows what could I do?
  Thanks!!!!

  Hello Summerland1975,
  Welcome to the HP Forums.
  I see that you are having an issue with installing the printer to your Mac.
  Please remove any cables that connect the printer to the Mac and leave them off.  Please then click on the following link for the HP Officejet 7610 series Full Feature Software and Drivers - OS X 10.9 Mavericks.
  If you are still having issues, please feel free to write me back.
  Thank you.
  Click the “Kudos Thumbs Up" at the bottom of this post to say “Thanks” for helping!
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  W a t e r b o y 71
  I work on behalf of HP