PPTP on PIX501.

Hi all,
could someone help me where problem could be?
I did configuration like this:
sysopt connection permit-pptp
ip local pool mypool
10.10.10.1-10.10.10.10
vpdn username test password test2
vpdn group 1 accept dialin pptp
vpdn group 1 client configuration address local mypool
vpdn group 1 ppp authentication mschap
vpdn group 1 client authentication local
vpdn group 1 ppp encryption mppe 128 required
vpdn enable outside
After that I did connection to our PIX 501 and I successfully connected and obtained IP address. I didnt configure ACL. We have one server translated with static. But problem is that I cannot connect to this server throught VPN.
After that I have configured explicit ACL but output is the same.
Any suggestion?
BR
jl

few things that I noticed in your config are:
I don't see any crypto and isakmp commands
1. you don't need "access-list Inter_net deny ip any any " since this is implied by the ACL rules.
2. This ACL "access-list Inter_LAN deny ip any any log 4" on your inside interface preventing all other traffic to be blocked.
3. I will change the ACL no_nat to:
access-list no_nat extended permit ip host 192.168.2.150 255.255.255.255 192.168.10.0 255.255.255.0
4. change the pool to 192.168.10.1-192.168.10.10 mask 255.255.255.0

Similar Messages

How to allow access to external VPN network via PPTP

Hi guys, this is probably a simple one but i do not have much firewall experience so any help is appreciated.
We would like to have the ability to connect to a VPN of a business we recently acquired. When connecting to it directly from the Internet (no firewall), it is accessible. However, behind our firewall, there is no access. We are using Cisco ASA 8.2 (2)
Currently, we have an entry as follows:
object-group service PPTP tcp
port-object eq pptp
access-list inside_access_in extended permit tcp any host object_name object-group PPTP
Can someone please advise what else is required to complete this as i am unsure of what else is required? Basically, we want any device within our network to be able to access the VPN via PPTP.
Your help is appreciated
Regards,

Hi Karsten, thanks for the reply.
After enabling the PPTP inspection, will my below entry work? What about GRE?
object-group service PPTP tcp
port-object eq pptp
access-list inside_access_in extended permit tcp any host object_name object-group PPTP
Thanks!

2 ISPs with addresses /32 and PPtP Server onboard of Cisco 3825

First of all, excuse me for my bad English, it's not my native language.
A couple of years ago our company changed our central router Cisco 1841 with more powerfull 3825 ISR.
Here is show ver
Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(24)T7
This Cisco 3825 contains 2 DIMMs - 256Mb and 512 Mb of RAM onboard.
Now it works with 2 ISPs (take a glance on pdf picture http://www.intelcom-ug.ru/scheme.pdf or in the attached file). We're using the failover scheme, the ISP1 with statically assigned IP address 85.20.20.20/32 (Dialer 1) is used as Backup link. The ISP2 L2TP link is main.
Now our authorities organize the remote office with Cisco 1841. And we face with the problem, we cannot connect via PPtP from anywhere to the 85.20.20.20/32 (Dialer 1). And we need some help or advise. The config of Cisco 3825 is like this:
version 12.4
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime
service password-encryption
hostname CENTRAL-OFFICE
boot-start-marker
warm-reboot
boot-end-marker
security authentication failure rate 3 log
logging message-counter syslog
logging buffered 64000
enable secret 5 HEREISTHESECRETPASSWORD
aaa new-model
aaa local authentication attempts max-fail 3
aaa authentication login default local
aaa authentication ppp default local
aaa authentication ppp vpn-users local
aaa authorization exec default local
aaa authorization exec vpn-users local
aaa authorization network vpn-users local
aaa session-id common
clock timezone MSK 4
ip source-route
no ip gratuitous-arps
ip cef
no ip domain lookup
ip domain name somewhere.net
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 239
accept-dialin
protocol pptp
virtual-template 100
vpdn-group global
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
password encryption aes
voice-card 0
username administrator privilege 15 password 7 737364645252414571
username vpnuser password 7 85956353413120384645373930
archive
log config
hidekeys
ip tcp selective-ack
ip tcp timestamp
ip tcp synwait-time 5
ip tcp path-mtu-discovery
ip ssh version 2
l2tp-class beeline
pseudowire-class pw-beeline
encapsulation l2tpv2
protocol l2tpv2 beeline
buffers tune automatic
interface Loopback0
ip address 10.111.111.111 255.255.255.255
interface GigabitEthernet0/0
descrition --Our Local Network--
ip address 192.168.7.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1
description --Trunk Connection--
no ip address
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1.10
description --Connection to ISP1 through vlan on our managed switch--
encapsulation dot1Q 10
pppoe enable group global
pppoe-client dial-pool-number 2
interface GigabitEthernet0/1.20
description --Connection to ISP2 through vlan on our managed switch--
encapsulation dot1Q 20
ip address dhcp
ip virtual-reassembly
interface Virtual-PPP5
description --Interface for ISP2--
ip address negotiated
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1380
no peer neighbor-route
no cdp enable
ppp authentication chap callin
ppp chap hostname 8282828282828
ppp chap password 7 theSecretForISP2
pseudowire 10.255.255.242 10 pw-class pw-beeline
interface Virtual-Template100
description --TEMPLATE for incoming PPtP connections of our users--
ip unnumbered Dialer1
autodetect encapsulation ppp
peer default ip address pool for-vpn
no keepalive
ppp authentication ms-chap ms-chap-v2 vpn-users
ppp authorization vpn-users
interface Dialer1
description --Interface for ISP1. PPPoE--
bandwidth 10240
ip address negotiated
ip accounting output-packets
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1400
load-interval 30
dialer pool 2
dialer-group 2
no fair-queue
ppp authentication chap callin
ppp pap sent-username reteretere password 7 PasswordForISP1
ip local policy route-map External_VPN
ip local pool for-vpn 172.16.135.1 172.16.135.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 100 track 1
ip route 0.0.0.0 0.0.0.0 Virtual-PPP5 track 2
ip route 192.168.239.0 255.255.255.0 172.16.135.1 name C1841-Rossiyskaya70
ip route 194.87.0.8 255.255.255.255 Dialer1
ip route 194.87.0.9 255.255.255.255 Virtual-PPP5
ip route 10.255.255.242 255.255.255.255 dhcp
ip route 10.255.255.247 255.255.255.255 dhcp
no ip http server
no ip http secure-server
ip nat inside source route-map Beeline interface Virtual-PPP5 overload
ip nat inside source route-map UTK interface Dialer1 overload
! This access-list is for local Network proxy
ip access-list standard fwd-squid
permit 192.168.7.100
permit 192.168.7.0 0.0.0.255
! This access-list is for ip local policy
ip access-list extended External_VPN_access
permit tcp host 85.20.20.20 eq 1723 any
permit tcp host 85.20.20.20 eq 22 any
permit tcp host 85.20.20.20 eq telnet any
permit icmp host 85.20.20.20 any echo-reply
track 1 ip sla 1 reachability
ip sla 1
icmp-echo 194.87.0.8 source-interface Dialer1
timeout 7000
threshold 100
frequency 15
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react timeout threshold-type immediate action-type triggerOnly
track 2 ip sla 2 reachability
ip sla 2
icmp-echo 194.87.0.9 source-interface Virtual-PPP5
timeout 7000
threshold 400
frequency 15
ip sla schedule 2 life forever start-time now
ip sla reaction-configuration 2 react timeout threshold-type immediate action-type triggerOnly
access-list 1 remark --SNMP Watching--
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 100 permit ip 192.168.7.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
dialer-list 3 protocol ip permit
route-map External_VPN permit 10
match ip address External_VPN_access
set default interface Dialer1
route-map UTK permit 10
match ip address 100
match interface Dialer1
route-map Beeline permit 10
match ip address 100
match interface Virtual-PPP5
snmp-server community public RO 1
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 30 0
line vty 5 15
exception memory ignore overflow processor
exception memory ignore overflow io
scheduler allocate 20000 1000
ntp update-calendar
ntp peer 194.33.84.1
event manager applet nat_clear_isp1
event track 1 state any
action 1 wait 5
action 2 cli command "enable"
action 3 cli command "clear ip nat translation *"
event manager applet nat_clear_isp2
event track 2 state any
action 1 wait 5
action 2 cli command "enable"
action 3 cli command "clear ip nat translation *"
end

Okay, you are not going to be able to do this using the interconnect between the switch and the router. The issue is -
1) if you make the interconnect a L2 trunk then you would have subinterfaces on the router interface connecting to the switch. But you cannot have multiple interfaces on the router configured from the same IP range so it won't work ie. you would need a subinterface using the same IP range as one of the other interfaces
2) if you make the interconnect L3 as you have then you cannot route to the same subnet ie. think of it as two separate devices, a L3 switch and a router. You connect the L3 switch to the router using a L3 connection.
On the switch you then configure a client with a public IP and on another interface on the router ie. not the interface used to connect to the switch, you use the same public IP range.
You cannot then route from the client to that other interface because you don't route to the same IP subnet and the client and the other interface are separated by a different IP subnet.
So neither will work. The L3 switch is usually used where you have multiple vlans/IP subnets and you create L3 vlan interfaces for these on the switch and then you route to other subnets that are reachable from the router, whether these are directly connected subnets or remote networks.
But you aren't doing that.
The only way i could see you doing what you need is to not configure the interconnect at all and instead run cables from the relevant router interfaces to the switch. Then you could configure vlans on the switch and have them route via the physical router interface.
The switch is then only acting as a L2 switch and all L3 is done on the router.
One thing i should say is i have never used the switch module this way so i can't guarantee it will work although i can't see why it wouldn't.
Jon

I cannot route to remote subnets from cisco vpn client and pptp client

Hi guys,
I've a big problem, I configured a 877 cisco router as a cisco vpn server (the customer use it to connect to his network from pc) and a pptp vpn server (he use it to connet to the network from a smartphone).
In this router I created 2 vlan, one for wired network (192.168.10.0/24) and the second one (10.0.0.0/24) for wireless clients and I use fastethernet 3 port to connect these to the router.
this is the issue, when the customer try to connect to a wireless network from both of vpn clients he cannot do this, but if he try to connect to a wired network client all working fine.
following the addresses taken from the router.
- encrypted vpn client -
ip address. 192.168.10.20
netmask 255.255.255.0
Default Gateway. none (blank)
- pptp vpn client -
ip address. 192.168.10.21
netmask. 255.255.255.255
Default Gateway. 192.168.10.21
Is possible that I cannot reach the remote subnet because the clients doesn't receive a gateway (in the first case) or receive the wrong subnet/gateway (in the second one)..?
There is anyone can help me..?
Thank you very much.
Many Kisses and Kindly Regards..
Ilaria

The default gateway on your PC is not the problem, it will always show as the same IP address (this is no different when you dial up to an ISP, your DG will again be set to your negotiated IP address).
The issue will be routing within the campus network and more importantly on the PIX itself. The campus network needs a route to the VPN pool of addresses that eventually points back to the PIX.
The issue here is that the PIX will have a default gateway pointing back out towards your laptop. When you establish a VPN and try and go to an Internet address, the PIX is going to route this packet according to its routing table and send it back out the interface it came in on. The PIX won't do this, and the packet will be dropped. Unless you can set the PIX's routing table to forward Internet packets to the campus network, there's no way around this. Of course if you do that then you'll break connectivity thru the PIX for all the internal users.
The only way to do this is to configure split tunnelling on the PIX, so that packets destined for the Internet are sent directly from your laptop in the clear just like normal, and any packet destined for the campus network is encrypted and sent over the tunnel.
Here's the format of the command:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524

ASA 5505 Problem with outbound PPTP-connection on non-native vlan

Hi, why am I not being able to make a PPTP connection on vlan80 (trunked to AP Cisco 1142N) compared to vlan10? And yes, I've configured the "
inspect pptp"
ASA 5505 with sec plus license

Hi mate,
I don't know how to solve your problem but I strongly reccommend you to remove your password from the first post and to update it on your ASA device

VPN (PPTP) problem

Hi
I have a weird VPN problem on my macbook. I'm trying to connect to a Windows 2000 Server though VPN dialup (PPTP), it connects, seems like I'm getting an IP, but I cannot access anything on the network.
VPN dialup works fine from my iMac, so I know it's not a server issue.
Any one have any suggestions?
Thanks

I had this issue too.
I don't know much about this sort of thing, but my network admin makes me go to terminal every time and enter this in
sudo route add 10.10.0.0/16 10.10.7.1

I do not see where to enter IP addresses in the Open VPN setup. Also, how can I set it up so that I can choose different servers in the same way as I can currently choose them with my VPN app but for PPTP?

I think I have it working on my iPhone 5. But, I do not see how I can control the exit point that I would like for the VPN. Are all the exit points shown in the VPN setting now going to work with Open VPN, or do they remain PPTP? If I am reading correctly, they look like they remain PPTP. If I cannot control the exit point for open VPN, which exit point is the default in the profile you provided me?I note that Open VPN Connect does not work with any of the new 64 bit devices like the iPhone 5S, the iPad Air, and the new iPad MIni. Is there any chance that you guys will come up with an update for your app so that open VPN can be made to work on all iOS devices? That would be nice, particularly if the Open VPN Connect app does not give me a choice of exit points.Thanks,
I do not see where to enter IP addresses in the Open VPN setup. Also, how can I set it up so that I can choose different servers in the same way as I can currently choose them with my VPN app but for PPTP?
Just a quick note to tell you that Open VPN has updated their app so that it is compatible with 64 bit ARM devices like the iPhone 5S, the iPad Air, and the iPad Mini Retina.That does not resolve the problem of how to easily choose among the various possibilities for the exit server. We need to find an easy way to choose.

Thank you for trying the new Firefox. I'm sorry that you’re unhappy with the new design.
I understand your frustration and surprise at the removal of these features but I can't undo these changes. I'm just a support volunteer and I do not work for Mozilla. But you can send any feedback about these changes to http://input.mozilla.org/feedback. Firefox developers collect data submitted through there then present it at the weekly Firefox meeting
I recommend you try to adjust to 29 and see if you can't make it work for you before you downgrade to a less secure and soon outdated version of Firefox.
Here are a few suggestions for restoring the old design. I hope you’ll find one that works for you:
*Use the [https://addons.mozilla.org/en-US/firefox/addon/classicthemerestorer/ Classic Theme Restorer] to bring back the old design. Learn more here: [[How to make the new Firefox look like the old Firefox]]
*Use the [https://addons.mozilla.org/en-US/firefox/addon/the-addon-bar/ Add-on Bar Restored] to bring back the add-on bar. Learn more here: [[What happened to the Add-on Bar?]]

[Solved] NetworkManager-pptp VPN not working after update to 0.9.10

Hello,
I have a PPTP VPN set up and it's been working for a long time. However, after I updated last night to networkmanager-0.9.10, it is no longer able to connect to the remote network. I can activate the VPN connection, enter my password, but after a short period of time, the connection reports: "Error: Connection activation failed: the VPN service returned invalid configuration." As I mentioned before, this VPN was working right before the update and I didn't change the configuration on either my computer or the destination network so I'm pretty sure that this is something to do with the update. I'm wondering if anybody else has run into this problem and if they've been able to find a solution. I've been searching all over these forums and the internet for some hours now and I haven't found anything yet. I'm hoping that somebody might be able to point me in the right direction or maybe know of something that might have changed with the new update.
Here is my VPN configuration (using NetworkManager-PPTP. I've also obscured the public IP address):
[connection]
id=MyVPN
uuid=fe6e6265-1a79-4a69-b6d1-8b47e9d4c948
type=vpn
permissions=user:greyseal96:;
autoconnect=false
timestamp=1408950986
[vpn]
service-type=org.freedesktop.NetworkManager.pptp
gateway=192.168.146.114
require-mppe=yes
user=greyseal96
password-flags=3
[ipv6]
method=auto
[ipv4]
method=auto
route1=10.17.0.0/16,10.17.1.1,1
never-default=true
Here are my logs during the time that I tried to connect:
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> Starting VPN service 'pptp'...
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 1938
Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' appeared; activating connections
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN plugin state changed: starting (3)
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: pppd started with pid 1945
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (Connect) reply received.
Aug 24 23:44:21 MyArchBox pppd[1945]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
Aug 24 23:44:21 MyArchBox pppd[1945]: pppd 2.4.6 started by root, uid 0
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Aug 24 23:44:21 MyArchBox pppd[1945]: Using interface ppp0
Aug 24 23:44:21 MyArchBox pppd[1945]: Connect: ppp0 <--> /dev/pts/2
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Using interface ppp0
Aug 24 23:44:21 MyArchBox NetworkManager[578]: Connect: ppp0 <--> /dev/pts/2
Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 10)
Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/9
Aug 24 23:44:21 MyArchBox pptp[1947]: nm-pptp-service-1938 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 50048).
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 6 / phase 'authenticate'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): passwd-hook, requesting credentials...
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): got credentials from NetworkManager-pptp
Aug 24 23:44:25 MyArchBox pppd[1945]: CHAP authentication succeeded
Aug 24 23:44:25 MyArchBox NetworkManager[578]: CHAP authentication succeeded
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE 128-bit stateless compression enabled
Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE 128-bit stateless compression enabled
Aug 24 23:44:25 MyArchBox pppd[1945]: Cannot determine ethernet address for proxy ARP
Aug 24 23:44:25 MyArchBox pppd[1945]: local IP address 10.17.10.3
Aug 24 23:44:25 MyArchBox pppd[1945]: remote IP address 10.17.10.1
Aug 24 23:44:25 MyArchBox pppd[1945]: primary DNS address 10.17.2.22
Aug 24 23:44:25 MyArchBox pppd[1945]: secondary DNS address 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN Gateway: 192.168.146.114
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Tunnel Device: ppp0
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> IPv4 configuration:
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Address: 10.17.10.3
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Prefix: 32
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal Point-to-Point Address: 10.17.10.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Maximum Segment Size (MSS): 0
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Static Route: 10.17.0.0/16 Next Hop: 10.17.1.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Forbid Default Route: yes
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal DNS: 10.17.2.22
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Internal DNS: 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> DNS Domain: '(none)'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> No IPv6 configuration
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.481618] [platform/nm-linux-platform.c:1716] add_object(): Netlink error adding 10.17.0.0/16 via 10.17.1.1 dev ppp0 metric 1 mss 0 src user: Unspecific failure
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <warn> VPN connection 'MyVPN' did not receive valid IP config information.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Cannot determine ethernet address for proxy ARP
Aug 24 23:44:25 MyArchBox NetworkManager[578]: local IP address 10.17.10.3
Aug 24 23:44:25 MyArchBox NetworkManager[578]: remote IP address 10.17.10.1
Aug 24 23:44:25 MyArchBox NetworkManager[578]: primary DNS address 10.17.2.22
Aug 24 23:44:25 MyArchBox NetworkManager[578]: secondary DNS address 10.17.2.23
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 9 / phase 'running'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): ip-up event
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): sending Ip4Config to NetworkManager-pptp...
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: PPTP service (IP Config Get) reply received.
Aug 24 23:44:25 MyArchBox pppd[1945]: Terminating on signal 15
Aug 24 23:44:25 MyArchBox pppd[1945]: Modem hangup
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
Aug 24 23:44:25 MyArchBox pppd[1945]: Connect time 0.0 minutes.
Aug 24 23:44:25 MyArchBox pppd[1945]: Sent 0 bytes, received 0 bytes.
Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE disabled
Aug 24 23:44:25 MyArchBox pppd[1945]: Connection terminated.
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox NetworkManager[578]: inet 10.17.0.0/16 table main
Aug 24 23:44:25 MyArchBox NetworkManager[578]: priority 0x1 protocol static
Aug 24 23:44:25 MyArchBox NetworkManager[578]: nexthop via 10.17.1.1 dev 10
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487073] [platform/nm-linux-platform.c:2252] link_change(): Netlink error changing link 10: <DOWN> mtu 0 (1) driver 'unknown' udi '/sys/devices/virtual/net/ppp0': No such device
Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487153] [platform/nm-linux-platform.c:1777] delete_object(): Netlink error deleting 10.17.10.3/32 lft forever pref forever lifetime 1862-0[4294967295,4294967295] dev ppp0 src kernel: No such device (-31)
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: Terminated ppp daemon with PID 1945.
Aug 24 23:44:25 MyArchBox kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev- instead.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Terminating on signal 15
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Modem hangup
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connect time 0.0 minutes.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Sent 0 bytes, received 0 bytes.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE disabled
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 10 / phase 'terminate'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connection terminated.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
Aug 24 23:44:25 MyArchBox pppd[1945]: Exit.
Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** (nm-pptp-service:1938): WARNING **: pppd exited with error code 16
Aug 24 23:44:45 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' disappeared
If you've gotten this far, thank you for taking the time to read through all this! Any help that you can give would be much appreciated.
Last edited by greyseal96 (2014-08-27 15:20:02)

Hmm, not sure about the 3.16 series kernel, but I found that when I upgraded to kernel 3.18 the PPTP VPN also stopped working. This time, though, it was because, for some reason, there was a change in kernel 3.18 where the firewall kernel modules necessary for the VPN don't get loaded so the firewall won't allow some of the PPTP traffic from the remote side back in. Since the firewall is stateful, these modules need to be loaded so that the firewall can know that the incoming PPTP traffic from the remote side is part of an existing connection. Here's what my network manager logs looked like:
NetworkManager[619]: <info> Starting VPN service 'pptp'...
NetworkManager[619]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 31139
NetworkManager[619]: <info> VPN service 'pptp' appeared; activating connections
NetworkManager[619]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
NetworkManager[619]: <info> VPN plugin state changed: starting (3)
NetworkManager[619]: ** Message: pppd started with pid 31148
NetworkManager[619]: <info> VPN connection 'MyVPN' (Connect) reply received.
pppd[31148]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
NetworkManager[619]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
pppd[31148]: pppd 2.4.7 started by root, uid 0
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
pppd[31148]: Using interface ppp0
pppd[31148]: Connect: ppp0 <--> /dev/pts/5
NetworkManager[619]: Using interface ppp0
NetworkManager[619]: Connect: ppp0 <--> /dev/pts/5
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
NetworkManager[619]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 7)
NetworkManager[619]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/6
pptp[31150]: nm-pptp-service-31139 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 25344).
pppd[31148]: LCP: timeout sending Config-Requests <===HERE IS WHERE THE CONNECTION FAILS BECAUSE THE MODULES AREN'T LOADED.
pppd[31148]: Connection terminated.
NetworkManager[619]: LCP: timeout sending Config-Requests
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
NetworkManager[619]: Connection terminated.
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
pppd[31148]: Modem hangup
pppd[31148]: Exit.
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: Modem hangup
NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
NetworkManager[619]: <info> VPN plugin state changed: stopped (6)
NetworkManager[619]: <info> VPN plugin state change reason: unknown (0)
NetworkManager[619]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
NetworkManager[619]: ** (nm-pptp-service:31139): WARNING **: pppd exited with error code 16
NetworkManager[619]: <info> VPN service 'pptp' disappeared
To fix this, I had to add a file to the /etc/modules-load.d directory to have the modules loaded into the kernel at boot. I just created a file called netfilter.conf and put the following in it:
nf_nat_pptp
nf_conntrack_pptp
nf_conntrack_proto_gre
Not sure if this addresses your problem or not, but maybe it's worth a look.

How do I reconnect my PPTP vpn after upgrading to Yosemite

How do I reconnect my PPTP vpn after upgrading to Yosemite on my mac mini

See:
http://kb.mozillazine.org/Locked_or_damaged_places.sqlite
http://kb.mozillazine.org/Lost_bookmarks

How to configure Multiple PPTP VPN Clients on cisco 3g supported Router

I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
here is the config for the one that works:
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip xxx.xxx.xxx.xxx
interface Dialer0
mtu 1450
ip address negotiated
ip pim dense-mode
ip nat outside
ip virtual-reassembly
zone-member security private
encapsulation ppp
ip igmp query-interval 125
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap-v2 ms-chap eap chap pap callin
ppp eap refuse
ppp chap hostname xxx@xxx
ppp chap password 7 xxxpassword
But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.

I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
here is the config for the one that works:
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip xxx.xxx.xxx.xxx
interface Dialer0
mtu 1450
ip address negotiated
ip pim dense-mode
ip nat outside
ip virtual-reassembly
zone-member security private
encapsulation ppp
ip igmp query-interval 125
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap-v2 ms-chap eap chap pap callin
ppp eap refuse
ppp chap hostname xxx@xxx
ppp chap password 7 xxxpassword
But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.

How to Configure an Cisco 5505 for PPTP VPN connectivity

I currently have a Cisco ASA 5505(ASA Version 8.2(1), and ASDM gui version 6.2) and a Windows 2008 R2 server with one NIC card. Currently the router is connected to the interent sucessfully using the 'outside' interface(devices connected to the 'inside' interface have access to the internet and are assigned IP addresses via DHCP on the Windows 2008 Server which is also connected to the 'inside' interface) When connected with a client on the inside interface I can establish a VPN connection with the W2008 server, however when I try to connect through the internet I cannot. I have tried researching this on the internet, but have not had much luck. I know it has something to do with pptp port and allowing gre, but I am not familiar enough with configuring Cisco devices or the language they use, to configure this router. I feel as though I am missing something small but very critical. Any help or feedback you can provide regarding this issue is most appreicated, thank you.
*Edit: I have attached a network diagram of what I am trying to accomplish, and I have also attached a dump of the current running-config.

Hi,
Below is the link to the admin guide for the RV042. Chapter 9 covers the configuration of site to site VPN’s and begins on page 123.
http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
If you need further assistance please feel free to contact Cisco Small Business for help in configuring and troubleshooting your VPN.
Thank you,
Jason Nickle

PPTP no longer working through Cisco 2901

Up until yesterday, the PPTP VPN to our main office was working as ordered.
Yesterday our ISP statically assigned our IP address to us, and it went from ip address dhcp to ip address x.x.x.x
Everything else works fine, internet and whatnot, but the VPN connection will no longer work. It just times out. I'm wondering if it's something in my config that is blocking it. Any help would be greatly appreciated.
As you can see, this isn't in anyshape or form an advanced configuration. So I don't see what the problem could be.
! Last configuration change at 17:54:14 UTC Wed Jun 15 2011
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RemoteRouter
boot-start-marker
boot-end-marker
enable password xxxx
no aaa new-model
no ipv6 cef
ip source-route
ip cef
multilink bundle-name authenticated
license udi pid CISCO2901/K9 sn FTX1436819T
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
ip address 10.1.1.244 255.255.255.0
interface GigabitEthernet0/1
ip address x.x.x.x 255.255.255.128
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Serial0/0/0
no ip address
shutdown
no fair-queue
no clock rate 2000000
router eigrp 1
network 10.0.0.0
network 192.168.4.0
redistribute static
passive-interface GigabitEthernet0/0
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 10 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route 10.1.10.0 255.255.255.0 10.1.1.1
access-list 10 permit 192.168.4.0 0.0.0.255
access-list 10 permit 10.1.1.0 0.0.0.255
access-list 10 permit 10.1.10.0 0.0.0.255
control-plane
line con 0
password xxx
line aux 0
line vty 0 4
password xxx
login
scheduler allocate 20000 1000
end

The other side of the VPN is a TMG server hosted at our main office. I can connect to it off site, and others were connected to it remotely as well, but for some reason users at that remote site can no longer connect to the VPN.
I talked to my ISP wondering if there was something that was blocked due to the change from dhcp to static IP addresses, but they don't see anything.

Why is RV082 PPTP no longer working with Windows 7 clients?

RV082 Firmware Version 2.0.2.01-tmRV082 Firmware Version 2.0.2.01-tm
I have successfully used the built-in Windows 7 VPN (PPTP) to connection to an RV082 (Firmware 2.0.2.01-tm) many times in the past. The Windows 7 client stopped working recently, now producing "error 691: the remote connection was denied because the user name and password combination is not recognized." I have the same problem from two different Windows 7 clients and Windows XP clients still work.

Hi Tad,
since this question is about a product in the Cisco Small Business / Linksys range, I suggest you move it to the community, where you will have a better chance of getting expert advice.
best regards,
Herbert
Cisco Moderator

Windows 8.1 pro pptp vpn does not show disconnect option

I just installed Windows 8.1 PRO on my PC.
Formatted it, installed right from scratch.
Once I created my login, I then created a connection to my office VPN server.
Office VPN server is a ISA server which allows PPTP based VPN.
Well, I am able to connect and do everything that I want.
But I dont see a DISCONNECT option at all.
The metro interface after the connection is made also does not show status as "connected". It shows "connect" instead.
If you go to network and sharing center and then into adapter settings you can see you VPN connection. but the "status" column does not show "connected" but instead shows the same name of the vpn connection as seen in the "Name"
column!!
Right clicking that active connection does not show "disconnect", but shows "connect/disconnect".
Then I realized that after double clicking that VPN connection you can then see the status window, where a disconnect button does exists and clicking that does disconnect the VPN.
But this is crazy.
Why do we now have to go so deep, just to disconnect!
This never happens in windows 7, windows 7 with SP1, Windows 8
This is new to Windows 8.1
Anyone else seen this? Is there a solution ?
konkani

I just installed Windows 8.1 PRO on my PC.
Formatted it, installed right from scratch.
Once I created my login, I then created a connection to my office VPN server.
Office VPN server is a ISA server which allows PPTP based VPN.
Well, I am able to connect and do everything that I want.
But I dont see a DISCONNECT option at all.
The metro interface after the connection is made also does not show status as "connected". It shows "connect" instead.
If you go to network and sharing center and then into adapter settings you can see you VPN connection. but the "status" column does not show "connected" but instead shows the same name of the vpn connection as seen in the "Name" column!!
Right clicking that active connection does not show "disconnect", but shows "connect/disconnect".
Then I realized that after double clicking that VPN connection you can then see the status window, where a disconnect button does exists and clicking that does disconnect the VPN.
But this is crazy.
Why do we now have to go so deep, just to disconnect!
This never happens in windows 7, windows 7 with SP1, Windows 8
This is new to Windows 8.1
Anyone else seen this? Is there a solution ?
konkani
BUMP!
konkani

Macbook can't connect via L2TP but can via PPTP. iPhone can connect to both

So I've been banging my head up against the wall for the better part of this morning trying to figure this out. Just as a note, I'm 3000 miles from my house and server, but I do have access to it for the time being via PPTP.
Before I left, I verified that I could connect with L2TP on my iphone's 3G network. I was also able to connect at the airport on my Macbook using L2TP. Sometime overnight something changed, and I can't figure out what. I noticed that my phone dropped it's VPN connection saying something like "the connection to the server dropped unexpectedly" or such. After that, I was unable to connect over L2TP on my macbook or iphone. On a whim I tried connecting over PPTP which worked! But only on my macbook. Again on a whim I tried to connect via L2TP on my iphone, and it worked?! I rinsed, lathered and repeated that process over and over again and confirmed that I could only connect over L2TP on my iPhone after connecting on my macbook over PPTP. Also, on my iphone, if I stored the password it wouldn't authenticate (probably not related).
As of this moment I am connected using L2TP on my iphone for the last hour, using it to successfully stream Pandora across US borders, but can't sustain a PPTP connection on my macbook for longer than 10 mins. And I still can't connect over L2TP. So that said here are the client and server logs (ips, domains and usernames masked....) Server and clients are in different timezones:
*Macbook when trying to connect via L2TP:*
Mon Dec 21 12:30:32 2009 : L2TP connecting to server 'nnn.nnn.nnn' (xxx.xxx.xxx.xxx)...
Mon Dec 21 12:30:32 2009 : IPSec connection started
Mon Dec 21 12:30:32 2009 : IPSec phase 1 client started
Mon Dec 21 12:30:42 2009 : IPSec connection failed
*Server Log for the above transaction:*
NO RECORD
*Macbook when trying to connect via PPTP:*
Mon Dec 21 12:49:44 2009 : PPTP connecting to server 'nnn.nnn.nnn' (xxx.xxx.xxx.xxx)...
Mon Dec 21 12:49:44 2009 : PPTP connection established.
Mon Dec 21 12:49:45 2009 : Using interface ppp0
Mon Dec 21 12:49:45 2009 : Connect: ppp0 <--> socket[34:17]
Mon Dec 21 12:49:48 2009 : MPPE 128-bit stateless compression enabled
Mon Dec 21 12:49:49 2009 : route_interface: write routing socket failed, File exists. (address xxx.xxx.xxx.0, mask 255.255.255.0, interface ppp0, host 0).
Mon Dec 21 12:49:49 2009 : local IP address xxx.xxx.xxx.233
Mon Dec 21 12:49:49 2009 : remote IP address xxx.xxx.xxx.109
Mon Dec 21 12:49:49 2009 : primary DNS address xxx.xxx.xxx.109
Mon Dec 21 12:49:49 2009 : secondary DNS address xxx.xxx.xxx.109
Mon Dec 21 12:49:49 2009 : pptpwaitinput: Address added. previous interface setting (name: en1, address: xxx.xxx.xxx.6), current interface setting (name: ppp0, family: PPP, address: xxx.xxx.xxx.233, subnet: 255.255.255.0, destination: xxx.xxx.xxx.109).
*Server Log for the above transaction:*
2009-12-21 09:49:44 PST Incoming call... Address given to client = xxx.xxx.xxx.233
Mon Dec 21 09:49:44 2009 : Directory Services Authentication plugin initialized
Mon Dec 21 09:49:44 2009 : Directory Services Authorization plugin initialized
Mon Dec 21 09:49:44 2009 : PPTP incoming call in progress from 'xxx.xxx.xxx.xxx'…
Mon Dec 21 09:49:44 2009 : PPTP connection established.
Mon Dec 21 09:49:44 2009 : using link 1
Mon Dec 21 09:49:44 2009 : Using interface ppp1
Mon Dec 21 09:49:44 2009 : Connect: ppp1 <--> socket[34:17]
Mon Dec 21 09:49:44 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x206a2bb5> <pcomp> <accomp>]
Mon Dec 21 09:49:45 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4b8d229c> <pcomp> <accomp>]
Mon Dec 21 09:49:45 2009 : lcp_reqci: returning CONFACK.
Mon Dec 21 09:49:45 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4b8d229c> <pcomp> <accomp>]
Mon Dec 21 09:49:47 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x206a2bb5> <pcomp> <accomp>]
Mon Dec 21 09:49:48 2009 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x206a2bb5> <pcomp> <accomp>]
Mon Dec 21 09:49:48 2009 : sent [LCP EchoReq id=0x0 magic=0x206a2bb5]
Mon Dec 21 09:49:48 2009 : sent [CHAP Challenge id=0x7f <3b77645a35056d6f176a3d4302524136>, name = "OSXServer.kimnet"]
Mon Dec 21 09:49:48 2009 : rcvd [LCP EchoReq id=0x0 magic=0x4b8d229c]
Mon Dec 21 09:49:48 2009 : sent [LCP EchoRep id=0x0 magic=0x206a2bb5]
Mon Dec 21 09:49:48 2009 : rcvd [LCP EchoRep id=0x0 magic=0x4b8d229c]
Mon Dec 21 09:49:48 2009 : rcvd [CHAP Response id=0x7f <51f69894a74fc550cf12b270ceb43da90000000000000000d7a8e304c6080e5d0315a47e9783a4 8ce2ae8fdb00671adc00>, name = "nnnnnnnn"]
Mon Dec 21 09:49:48 2009 : sent [CHAP Success id=0x7f "S=09A448E00B717E032D200EAEFA793E57AF9B9676 M=Access granted"]
Mon Dec 21 09:49:48 2009 : CHAP peer authentication succeeded for nnnnnnnn
Mon Dec 21 09:49:48 2009 : DSAccessControl plugin: User 'nnnnnnnn' authorized for access
Mon Dec 21 09:49:48 2009 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Mon Dec 21 09:49:48 2009 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Mon Dec 21 09:49:48 2009 : sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Mon Dec 21 09:49:48 2009 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Mon Dec 21 09:49:48 2009 : MPPE 128-bit stateless compression enabled
Mon Dec 21 09:49:48 2009 : sent [IPCP ConfReq id=0x1 <addr xxx.xxx.xxx.109>]
Mon Dec 21 09:49:48 2009 : sent [ACSCP ConfReq id=0x1]
Mon Dec 21 09:49:49 2009 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Mon Dec 21 09:49:49 2009 : ipcp: returning Configure-NAK
Mon Dec 21 09:49:49 2009 : sent [IPCP ConfNak id=0x1 <addr xxx.xxx.xxx.233> <ms-dns1 xxx.xxx.xxx.109> <ms-dns3 xxx.xxx.xxx.109>]
Mon Dec 21 09:49:49 2009 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::0217:f2ff:fec8:ef86>]
Mon Dec 21 09:49:49 2009 : Unsupported protocol 0x8057 received
Mon Dec 21 09:49:49 2009 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 17 f2 ff fe c8 ef 86]
Mon Dec 21 09:49:49 2009 : rcvd [IPCP ConfAck id=0x1 <addr xxx.xxx.xxx.109>]
Mon Dec 21 09:49:49 2009 : rcvd [LCP ProtRej id=0x2 82 35 01 01 00 04]
Mon Dec 21 09:49:49 2009 : rcvd [IPCP ConfReq id=0x2 <addr xxx.xxx.xxx.233> <ms-dns1 xxx.xxx.xxx.109> <ms-dns3 xxx.xxx.xxx.109>]
Mon Dec 21 09:49:49 2009 : ipcp: returning Configure-ACK
Mon Dec 21 09:49:49 2009 : sent [IPCP ConfAck id=0x2 <addr xxx.xxx.xxx.233> <ms-dns1 xxx.xxx.xxx.109> <ms-dns3 xxx.xxx.xxx.109>]
Mon Dec 21 09:49:49 2009 : ipcp: up
Mon Dec 21 09:49:49 2009 : l2tpwaitinput: Address added. previous interface setting (name: en0, address: xxx.xxx.xxx.109), current interface setting (name: ppp1, family: PPP, address: xxx.xxx.xxx.109, subnet: 255.255.255.0, destination: xxx.xxx.xxx.233).
Mon Dec 21 09:49:49 2009 : found interface en0 for proxy arp
Mon Dec 21 09:49:49 2009 : local IP address xxx.xxx.xxx.109
Mon Dec 21 09:49:49 2009 : remote IP address xxx.xxx.xxx.233
Mon Dec 21 09:49:49 2009 : pptpwaitinput: Address added. previous interface setting (name: en0, address: xxx.xxx.xxx.109), current interface setting (name: ppp1, family: PPP, address: xxx.xxx.xxx.109, subnet: 255.255.255.0, destination: xxx.xxx.xxx.233).
Mon Dec 21 09:49:49 2009 : rcvd [IP data <src addr xxx.xxx.xxx.233> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Mon Dec 21 09:49:49 2009 : sent [IP data <src addr xxx.xxx.xxx.109> <dst addr xxx.xxx.xxx.233> <BOOTP Reply> <type ACK> <server id 0xc0a8016d> <domain name "nnn.nnn.nnn">]
*Server Log for iPhone L2TP login:*
2009-12-21 09:52:38 PST Incoming call... Address given to client = xxx.xxx.xxx.202
Mon Dec 21 09:52:38 2009 : Directory Services Authentication plugin initialized
Mon Dec 21 09:52:38 2009 : Directory Services Authorization plugin initialized
Mon Dec 21 09:52:38 2009 : L2TP incoming call in progress from 'xxx.xxx.xxx.xxx'...
Mon Dec 21 09:52:38 2009 : L2TP received SCCRQ
Mon Dec 21 09:52:38 2009 : L2TP sent SCCRP
Mon Dec 21 09:52:38 2009 : L2TP received SCCCN
Mon Dec 21 09:52:38 2009 : L2TP received ICRQ
Mon Dec 21 09:52:38 2009 : L2TP sent ICRP
Mon Dec 21 09:52:38 2009 : L2TP received ICCN
Mon Dec 21 09:52:38 2009 : L2TP connection established.
Mon Dec 21 09:52:38 2009 : using link 0
Mon Dec 21 09:52:38 2009 : Using interface ppp0
Mon Dec 21 09:52:38 2009 : Connect: ppp0 <--> socket[34:18]
Mon Dec 21 09:52:38 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6b3541df> <pcomp> <accomp>]
Mon Dec 21 09:52:38 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x24ff54dc> <pcomp> <accomp>]
Mon Dec 21 09:52:38 2009 : lcp_reqci: returning CONFACK.
Mon Dec 21 09:52:38 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x24ff54dc> <pcomp> <accomp>]
Mon Dec 21 09:52:39 2009 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6b3541df> <pcomp> <accomp>]
Mon Dec 21 09:52:39 2009 : sent [LCP EchoReq id=0x0 magic=0x6b3541df]
Mon Dec 21 09:52:39 2009 : sent [CHAP Challenge id=0x6d <4322331b3d22406914173d5e0d176c29>, name = "nnn.nnn.nnn"]
Mon Dec 21 09:52:39 2009 : rcvd [LCP EchoReq id=0x0 magic=0x24ff54dc]
Mon Dec 21 09:52:39 2009 : sent [LCP EchoRep id=0x0 magic=0x6b3541df]
Mon Dec 21 09:52:39 2009 : rcvd [LCP EchoRep id=0x0 magic=0x24ff54dc]
Mon Dec 21 09:52:39 2009 : rcvd [CHAP Response id=0x6d <f46ecd855c624eef611f02096c87d7650000000000000000f7430743bc328cbca68540408d0103 2e0a60fb95fcc2b83600>, name = "xxxxxxx"]
Mon Dec 21 09:52:39 2009 : sent [CHAP Success id=0x6d "S=0A046B9F1C59085076A8F2B736929E19391BDC4B M=Access granted"]
Mon Dec 21 09:52:39 2009 : CHAP peer authentication succeeded for xxxxxxx
Mon Dec 21 09:52:39 2009 : DSAccessControl plugin: User 'xxxxxx' authorized for access
Mon Dec 21 09:52:39 2009 : sent [IPCP ConfReq id=0x1 <addr xxx.xxx.xxx.109>]
Mon Dec 21 09:52:39 2009 : sent [ACSCP ConfReq id=0x1]
Mon Dec 21 09:52:40 2009 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Mon Dec 21 09:52:40 2009 : ipcp: returning Configure-NAK
Mon Dec 21 09:52:40 2009 : sent [IPCP ConfNak id=0x1 <addr xxx.xxx.xxx.202> <ms-dns1 xxx.xxx.xxx.109> <ms-dns3 xxx.xxx.xxx.109>]
Mon Dec 21 09:52:40 2009 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::8948:cf2a:8334:7077>]
Mon Dec 21 09:52:40 2009 : Unsupported protocol 0x8057 received
Mon Dec 21 09:52:40 2009 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 89 48 cf 2a 83 34 70 77]
Mon Dec 21 09:52:40 2009 : rcvd [IPCP ConfAck id=0x1 <addr xxx.xxx.xxx.109>]
Mon Dec 21 09:52:40 2009 : rcvd [LCP ProtRej id=0x2 82 35 01 01 00 04]
Mon Dec 21 09:52:40 2009 : rcvd [IPCP ConfReq id=0x2 <addr xxx.xxx.xxx.202> <ms-dns1 xxx.xxx.xxx.109> <ms-dns3 xxx.xxx.xxx.109>]
Mon Dec 21 09:52:40 2009 : ipcp: returning Configure-ACK
Mon Dec 21 09:52:40 2009 : sent [IPCP ConfAck id=0x2 <addr xxx.xxx.xxx.202> <ms-dns1 xxx.xxx.xxx.109> <ms-dns3 xxx.xxx.xxx.109>]
Mon Dec 21 09:52:40 2009 : ipcp: up
Mon Dec 21 09:52:40 2009 : pptpwaitinput: Address added. previous interface setting (name: en0, address: xxx.xxx.xxx.109), current interface setting (name: ppp0, family: PPP, address: xxx.xxx.xxx.109, subnet: 255.255.255.0, destination: xxx.xxx.xxx.202).
Mon Dec 21 09:52:40 2009 : found interface en0 for proxy arp
Mon Dec 21 09:52:40 2009 : local IP address xxx.xxx.xxx.109
Mon Dec 21 09:52:40 2009 : remote IP address xxx.xxx.xxx.202
Mon Dec 21 09:52:40 2009 : l2tpwaitinput: Address added. previous interface setting (name: en0, address: xxx.xxx.xxx.109), current interface setting (name: ppp0, family: PPP, address: xxx.xxx.xxx.109, subnet: 255.255.255.0, destination: xxx.xxx.xxx.202).

I'm having similar issues but not much luck getting any answers. I made a similar post here - maybe something in there will help you.
One thing I have been able to pinpoint is that the MobileMe Back To My Mac service was causing quite a few issues with being able to connect to the VPN. Once I turn off the service, connection seems to work fine. Although, once I'm connected, I cannot access file sharing. Still waiting for some answers on that.

PPTP on PIX501.

Similar Messages

Maybe you are looking for