PPTP VPN under Tiger 10.4.5

Similar Messages

• Pptp VPN route : Leopard does not set correct netmask

  Hello
  Today I switched from a MacOSX 10.4.11 (Tiger) PowerBook to a MacOS 10.5.5 (Leopard) MacBook Pro. I configured my pptp VPN settings with the "Internet Connection Tool" and Network-Settings-panel on Leopard identically as on my Tiger PowerBook (option route all traffic over VPN on both systems disabled).
  As far I could connect on the Leopard system to the destination VPN server without any problem, but could only establish a traffic-connection to the VPN server it self. As on my Tiger system the VPN connection worked seamless over several years now I supposed some routing problem.
  In fact on the Tiger system the routing table showed me, that the destination network has a 255.255.0.0 network mask and was correctly received and set on the Tiger routing table, but that the Leopard systems assumes a 255.255.255.0 network mask and set this assumption to the its routing table: (destination LAN has address space 10.50.0.0 - 10.50.255.255 / netmask 255.255.0.0)
  Tiger 10.4.11 :
  10.50/16 ppp0 USc 0 0 ppp0
  Leopard 10.5.5 :
  10.50/24 ppp0 USc 0 0 ppp0
  In the Leopard vpn setting panel, there is also the possibility to set manually the destination ip-address and netmask, but I found it has no effect on the real setting on Leopard. The only way to set the correct route with the correct netmask is under Leopard to do it by the command shell - first deleting the route set by Leopard and setting a new route with a the correct netmask :
  route delete -net 10.50. -interface ppp0
  route add -net 10.50. -interface ppp0 -netmask 255.255.0.0
  I do not understand, why under Tiger (and also on MacOSX 10.3.X) the pptp VPN worked always correct and set the correct netmask, and now Leopard (MacOSX 10.5.X) does some kind of assumption and is not able to set the correct netmask.
  Any Ideas ?

  How did you determine that partial traffic is sent through the VPN?
  Basic principles of VPN is to avoid using a common subnet for your client ip pool. Having an uncommon subnet will solve your #2 issue below. Simply change the 3rd octet on your home network from .1 to something else, .11
  I have a working pptp server configuration on ubuntu 10 with iphone 3g iOS 4.1 connected, invested hours of research, but only a short time configuring the server and iphone vpn client. passing internet traffic through local gateway/router from work wi-fi and accessing local desktop using windows remote desktop lite app.

• PPTP VPN on Server 2008R2 dropping users but acting like it is still connected

  Hello,
  I'm having a weird problem and I'm at a loss.  We have a couple of cloud servers that form our remote office system.  Basically, their is 1 DC, 1 Remote Desktop server, and 2 member servers being used as workstations.  The users access these
  server and resources via a PPTP VPN setup on the DC using RRAS.  Everything has worked fairly well for the last year, but recently, my users have complained that they get disconnected at random times over the last couple of weeks.  I was able
  to observe the behavior yesterday and it goes something like this:
  -The user is working fine
  -The user tries to access a share, open a web page, tries to open a remote desktop session or notices that their Outlook client is disconnected and finds that nothing can be reached outside of the local machine.  I tried pinging the DC address,
  www.google.com, and the RDP server without success. From the server, I tried pinging the errant workstation without success. The server shows the connection to be active and the workstation does not disconnect the connection. On
  one occasion, the problem just rectified itself and everything started working again. On all other occasions, the VPN had to be disconnected and reconnected. Note that some workstations are not reporting this problem.
  -The user disconnects the VPN
  -The user reconnects the VPN and usually everything is okay again for awhile, but sometimes they are disconnected within minutes.
  This is new behavior, and no changes have been made by me and the Cloud support people tell me they haven't done anything.  At this point, I'm not even sure how to go about troubleshooting it. The next time it happened, I was going to pull an ARP table
  to see if anything looks amiss, but the only other avenue I have going is a call into the cloud services support to see if they can look for dropped or filtered information between our main office and our cloud server.
  The only part of this setup that is a little bit different for me is the IPv4 settings in the RRAS console under properties of the server. Normally in the IPv4 settings, I select DHCP and allow the users to pull from the existing DHCP server. However, the
  cloud support recommended against having a DHCP server, so instead of DHCP, I selected "use static IP address pool." I put 10.216.8.197 to 10.216.8.22 and the subnet mask is picking up from the server as 255.255.255.224 and the default gateway is
  picking up from the server as 10.216.8.193.
  Does anyone have any advice on how to troubleshoot this problem?  What to try next if the cloud services support doesn't find anything, etc?
  Thanks,
  Jeffery Smith

  Hi Jeffery,
  According to your description, the VPN clients can connect the server at the beginning, but when we reconnected after going wrong, they were disconnected within minutes. Maybe the next time it happened, we could follow steps below to troubleshoot this issue.
  Use ipconfig /all command in the VPN client when we set up VPN connection, to view which IP address the VPN client obtain.
  Pull an ARP table from the VPN client to view the IP Address-Physical Address mappings as you said will help to troubleshoot this issue. The assigned IP address maybe used by other computers.
  If the static IP address pool range from 10.216.8.197 to 10.216.8.22, due to the subnet is 255.255.255.224, there are 8 subnet in the 10.216.8.0/27 network. If the static IP address pool consists of ranges of IP addresses that are for a separate subnet,
  then we need to either enable an IP routing protocol on the remote access server computer or add static IP routes consisting of the {IP Address, Mask} of each range to the routers of the intranet. If the routes are not added, then remote access clients can’t
  receive traffic from resources on the intranet.
  Best Regards,
  Tina

• Remote Desktop/Access shared files over PPTP VPN

  Hello,
  I just bought the RV180W so I can connect to my office computer from anywhere as a VPN client. The two things I need to do while I am connected as a VPN client is to be able to access my files on my office desktop and be able to remote desktop to it as well. I have Win7 on all of my computers. Ideally, I would like to do that over PPTP VPN connection but if that is not possible I can try Cisco QuickVPN software.
  I enabled PPTP on my router and created a user account. I was also able to successfully establish the connection remotely. While I was connected as a PPTP VPN client, I was able to access the Internet and my router setup page which is telling me that the connection is good. However, I was not able to either discover my office PC under my network tab in Win7 nor I was able to remote desktop. I keep my office PC on all the time and it never go to sleep. I did not create any connection policy but maybe this is the problem. Please let me know if you know of a solution.
  Thanks!

  Hi David,
  Thank you for the response.
  I was able to access the router configuration using the local IP address (in my case 192.168.1.1). I don't think I would have been able to access it using the public IP address since I have the router remote management feature disabled.
  Now after reading your email, I was finally able to remote desktop and access shared files through a PPTP VPN connection. Here is what I did:
  1- I separted the PPTP VPN IP address range from my DHCP range (in my case, PPTP VPN range is 192.168.1.200 to 210 and my DHCP range is from 192.168.1.100 to 199)
  2- I assigned my office desktop PC that I am trying to remote desktop to a fixed IP address (192.168.1.20)
  3- For remote desktop, I had to type the IP address (192.168.1.20). Typing the PC name (officepc) or searching for was not working.
  4- For shared files, I had to map a network drive as //192.168.1.20/My Pictures for example. I couldn't find my PC when searched for it under Network.
  After doing all that, I was able to do kinda what I wanted. Ideally, I would have liked to avoid using fixed IP addresses and be able to access computers by their name and see them under the Network tab. Is their a way to do this? I noticed that RV220W offers SSL VPN, would that help me?
  I would appreciate it if you could answer my last two questions.
  Thanks!
  Mustafa

• Trouble about vpn connecting (PPTP VPN did not respond)

  I am new in mac. These days I have searched a lot on line for the solution to this problem but none fixed it. So....
  Our lab only have an instruciton for connecting vpn under windows and I succeeded to do this by following this in windwos 7.
  There is a host name instead of ip address in the instruciton and I think that should not be the problem.
  And in the protocol of TCP/IP property settings, the user was asked to Remove the tick before “Use default gateway on remote network”.  Besides, in the instruction, it sets to obtain the IP address and DNS address automatically, so that I do not have such inforamtion about the server of our lab.
  In my new macbook pro (Mac ox lion 10.7.3), I did the following things:
  1. in system properties->network, Select the + button at the bottom left of the screen to add a new connection.
  2.  Select the following:
  a. Interface: VPN
  b. VPN Type: PPTP
  c. Service Name: SAS VPN
  d. Select Create.
  3.  Configuration: default
      server address: host name “xxx.xx.xxxx.xx”
      account name: (I am sure there is no error in this)
     encryptiong: none
  4. click Authorization settings to input the password.
  5. Click the Advanced button. and Select Options. Verify Send all traffic over VPN connection is checked. (and is not checked ) (I tried both, none of them worked). About the other seetings.
  6. On the TCP/IP tab, set "Configure IPv4" to "Using PPP." So I can not input the DNS server information.
  7. click apply and then try to connect.
  However, it returned me an error said " PPTP-VPN server did not respond. Try to reconnect. If that continues....."
  I think there are lots of experts in mac os x. Can anyone here help me with this? Thanks a lot in advance!

  >> encryptiong: none
  I found out, that you NEED the encryption in Lion Server VPN.
  I understand, that you use Lion Server as you mention the problem here in the Lion Server section.
  I do the following: Install the "Admin Tool VPN" from App-Store for some Euros. Than I found section PPTP and there is a check for
  a) Active
  b) Compression and Encryption
  I take the check for b) out and restart (Off / On), took my XP-Notebook and connected via PPTP and all working!
  Since Lion Apple hide a lot of things from the official tools and if you have some special tools, you can activate function. There is
  Level 1, the userlevel: Something like Dashboard in the new MS-Servers or the Server App in the new Lion Server
  Level 2, the administrator level: The difference between Server App and Server Admin! The Server Tools you need download separatly as you know after a while, something is missing. Same with the new Airport Utility: Userlevel tool = AU 6.0 with grafical fun and some basics, AU 5.6 is the tool for the admin what you separtly need download.
  Level 3, the special deeper view: Typically it is the command line interface, CLI, but if you need some GUI (grafical user interface), you buy an App like Admin VPN Tool and this tool (App for some Euros) in real does nothing else than comfortably set some inside switches and flags that the offical GUI admin tools not have realized.
  Why?
  Oh, I think it's because security issues. You want the Mac Server become like a Microsoft Server? So, you shouldn't use not encrypted connections and that's (in my understanding) the reason why the Lion Server EXPECTS YOU to use encryption and the official tools not give you the oportunity to switch the encryption off!

• SA520 PPTP VPN issue

  Hi.
  We have just setup a SA520 at a customer location. It is running firmware version 1.1.65.
  It seems to be operating fine, except PPTP VPN.
  Looking at the log from the SA520 it forwards port 1723 and 500 to the correct PPTP server in the network. But it seems like this machine it not receiving the PPTP VPN request.
  On the server is also running a FTP service which works fine - so the server is alive.
  Is there something about we also need to use GRE (Protocol 47) when using PPTP? We have looked everywhere in the SA520, but can't find it.
  Any help appreciated, thanks!
  /Ulrik
  Attached: SA520-log, PPTP-server-log, Firewall-rules.

  Hi Federico.
  I also believe GRE must be used to establish the PPTP connection, but it is not listed as a service under firewall rules or anywhere else in the SA520.
  The reason to open port 500 was because we could see a request to the port, when we were trying to connect. It doesn't change anything if the port is open or not.
  I don't think it establish the PPTP tunnel at all. The receiving server is just listening for connections as the screenshot of the log shows. It doesn't indicate an established connection.
  I am pretty sure GRE is the problem, but they big question is how do enable it in the SA520.
  /Ulrik

• [solved] SSH doesn't work over PPTP VPN with pptpclient

  I just got set up with access to my work's PPTP VPN. Using pptpclient I can establish a connection and ping servers. I can use telnet to confirm ports 22, 80 etc are accessible and I can access web services in my browser, but SSH doesn't work.
  When I try and SSH to a server it just hangs for a minute and then "Connection closed by 10.70.11.10". Wondering if SSH was using my default route rather than the appropriate tunnel, I tried setting my default route to use the VPN, and ping, telnet, nmap etc still seem to function and return expected results, but SSH still hangs and closes. There are no entries in the sshd log on the servers that I attempted to get access to. I have both Arch and CentOS servers and I cannot get to either via SSH.
  My colleague connected to the VPN on his mobile phone and managed to SSH to a server, so it doesn't seem that the VPN is blocking this... any ideas?
  Thanks
  [update]
  Solved! I found that in /etc/ppp/options, un-commenting -mru fixed this for me:
  # Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
  # 1500).
  -mru
  [/update]
  Last edited by jsteel (2014-08-10 20:06:31)

  targetbsp wrote:
  summit48 wrote:
   Windows10 has hijacked the back end believing every Laptop and Desktop PC is a Smartphone. What do you mean by that?Windows 10: Microsoft under attack over privacyhttp://www.theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings In the "one size fits all" philosophy of Microsoft there is no distinction between a smartphone and a PC. You might turn some of these privacy setting on for a smartphone but not on a PC. 

• [Solved] NetworkManager-pptp VPN not working after update to 0.9.10

  Hello,
  I have a PPTP VPN set up and it's been working for a long time.  However, after I updated last night to networkmanager-0.9.10, it is no longer able to connect to the remote network.  I can activate the VPN connection, enter my password, but after a short period of time, the connection reports:  "Error: Connection activation failed: the VPN service returned invalid configuration."  As I mentioned before, this VPN was working right before the update and I didn't change the configuration on either my computer or the destination network so I'm pretty sure that this is something to do with the update.  I'm wondering if anybody else has run into this problem and if they've been able to find a solution.  I've been searching all over these forums and the internet for some hours now and I haven't found anything yet.  I'm hoping that somebody might be able to point me in the right direction or maybe know of something that might have changed with the new update.
  Here is my VPN configuration (using NetworkManager-PPTP.  I've also obscured the public IP address):
  [connection]
  id=MyVPN
  uuid=fe6e6265-1a79-4a69-b6d1-8b47e9d4c948
  type=vpn
  permissions=user:greyseal96:;
  autoconnect=false
  timestamp=1408950986
  [vpn]
  service-type=org.freedesktop.NetworkManager.pptp
  gateway=192.168.146.114
  require-mppe=yes
  user=greyseal96
  password-flags=3
  [ipv6]
  method=auto
  [ipv4]
  method=auto
  route1=10.17.0.0/16,10.17.1.1,1
  never-default=true
  Here are my logs during the time that I tried to connect:
  Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> Starting VPN service 'pptp'...
  Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 1938
  Aug 24 23:44:15 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' appeared; activating connections
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN plugin state changed: starting (3)
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: pppd started with pid 1945
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (Connect) reply received.
  Aug 24 23:44:21 MyArchBox pppd[1945]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: Plugin /usr/lib/pppd/2.4.6/nm-pptp-pppd-plugin.so loaded.
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
  Aug 24 23:44:21 MyArchBox pppd[1945]: pppd 2.4.6 started by root, uid 0
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
  Aug 24 23:44:21 MyArchBox pppd[1945]: Using interface ppp0
  Aug 24 23:44:21 MyArchBox pppd[1945]: Connect: ppp0 <--> /dev/pts/2
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: Using interface ppp0
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: Connect: ppp0 <--> /dev/pts/2
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 10)
  Aug 24 23:44:21 MyArchBox NetworkManager[578]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/9
  Aug 24 23:44:21 MyArchBox pptp[1947]: nm-pptp-service-1938 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
  Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
  Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
  Aug 24 23:44:21 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
  Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
  Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
  Aug 24 23:44:22 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 50048).
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 6 / phase 'authenticate'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): passwd-hook, requesting credentials...
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (get_credentials): got credentials from NetworkManager-pptp
  Aug 24 23:44:25 MyArchBox pppd[1945]: CHAP authentication succeeded
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: CHAP authentication succeeded
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
  Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE 128-bit stateless compression enabled
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE 128-bit stateless compression enabled
  Aug 24 23:44:25 MyArchBox pppd[1945]: Cannot determine ethernet address for proxy ARP
  Aug 24 23:44:25 MyArchBox pppd[1945]: local  IP address 10.17.10.3
  Aug 24 23:44:25 MyArchBox pppd[1945]: remote IP address 10.17.10.1
  Aug 24 23:44:25 MyArchBox pppd[1945]: primary   DNS address 10.17.2.22
  Aug 24 23:44:25 MyArchBox pppd[1945]: secondary DNS address 10.17.2.23
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> VPN Gateway: 192.168.146.114
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> Tunnel Device: ppp0
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> IPv4 configuration:
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Address: 10.17.10.3
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Prefix: 32
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal Point-to-Point Address: 10.17.10.1
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Maximum Segment Size (MSS): 0
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Static Route: 10.17.0.0/16   Next Hop: 10.17.1.1
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Forbid Default Route: yes
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal DNS: 10.17.2.22
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   Internal DNS: 10.17.2.23
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info>   DNS Domain: '(none)'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <info> No IPv6 configuration
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.481618] [platform/nm-linux-platform.c:1716] add_object(): Netlink error adding 10.17.0.0/16 via 10.17.1.1 dev ppp0 metric 1 mss 0 src user: Unspecific failure
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <warn> VPN connection 'MyVPN' did not receive valid IP config information.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Cannot determine ethernet address for proxy ARP
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: local  IP address 10.17.10.3
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: remote IP address 10.17.10.1
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: primary   DNS address 10.17.2.22
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: secondary DNS address 10.17.2.23
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 9 / phase 'running'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): ip-up event
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_ip_up): sending Ip4Config to NetworkManager-pptp...
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: PPTP service (IP Config Get) reply received.
  Aug 24 23:44:25 MyArchBox pppd[1945]: Terminating on signal 15
  Aug 24 23:44:25 MyArchBox pppd[1945]: Modem hangup
  Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[callmgr_main:pptp_callmgr.c:245]: Closing connection (unhandled)
  Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 12 'Call-Clear-Request'
  Aug 24 23:44:25 MyArchBox pptp[1954]: nm-pptp-service-1938 log[call_callback:pptp_callmgr.c:84]: Closing connection (call state)
  Aug 24 23:44:25 MyArchBox pppd[1945]: Connect time 0.0 minutes.
  Aug 24 23:44:25 MyArchBox pppd[1945]: Sent 0 bytes, received 0 bytes.
  Aug 24 23:44:25 MyArchBox pppd[1945]: MPPE disabled
  Aug 24 23:44:25 MyArchBox pppd[1945]: Connection terminated.
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: inet 10.17.0.0/16 table main
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: priority 0x1 protocol static
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: nexthop via 10.17.1.1 dev 10
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487073] [platform/nm-linux-platform.c:2252] link_change(): Netlink error changing link 10:  <DOWN> mtu 0 (1) driver 'unknown' udi '/sys/devices/virtual/net/ppp0': No such device
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: <error> [1408949065.487153] [platform/nm-linux-platform.c:1777] delete_object(): Netlink error deleting 10.17.10.3/32 lft forever pref forever lifetime 1862-0[4294967295,4294967295] dev ppp0 src kernel: No such device (-31)
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: Terminated ppp daemon with PID 1945.
  Aug 24 23:44:25 MyArchBox kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Terminating on signal 15
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Modem hangup
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connect time 0.0 minutes.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Sent 0 bytes, received 0 bytes.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: MPPE disabled
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 10 / phase 'terminate'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: Connection terminated.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
  Aug 24 23:44:25 MyArchBox dbus[579]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.51" (uid=0 pid=1938 comm="/usr/lib/networkmanager/nm-pptp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.52" (uid=0 pid=1945 comm="/sbin/pppd pty /sbin/pptp 192.168.146.114 --nolaunc")
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
  Aug 24 23:44:25 MyArchBox pppd[1945]: Exit.
  Aug 24 23:44:25 MyArchBox NetworkManager[578]: ** (nm-pptp-service:1938): WARNING **: pppd exited with error code 16
  Aug 24 23:44:45 MyArchBox NetworkManager[578]: <info> VPN service 'pptp' disappeared
  If you've gotten this far, thank you for taking the time to read through all this!  Any help that you can give would be much appreciated.
  Last edited by greyseal96 (2014-08-27 15:20:02)

  Hmm, not sure about the 3.16 series kernel, but I found that when I upgraded to kernel 3.18 the PPTP VPN also stopped working.  This time, though, it was because, for some reason, there was a change in kernel 3.18 where the firewall kernel modules necessary for the VPN don't get loaded so the firewall won't allow some of the PPTP traffic from the remote side back in.  Since the firewall is stateful, these modules need to be loaded so that the firewall can know that the incoming PPTP traffic from the remote side is part of an existing connection.  Here's what my network manager logs looked like:
  NetworkManager[619]: <info> Starting VPN service 'pptp'...
  NetworkManager[619]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 31139
  NetworkManager[619]: <info> VPN service 'pptp' appeared; activating connections
  NetworkManager[619]: <info> VPN connection 'MyVPN' (ConnectInteractive) reply received.
  NetworkManager[619]: <info> VPN plugin state changed: starting (3)
  NetworkManager[619]: ** Message: pppd started with pid 31148
  NetworkManager[619]: <info> VPN connection 'MyVPN' (Connect) reply received.
  pppd[31148]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
  NetworkManager[619]: Plugin /usr/lib/pppd/2.4.7/nm-pptp-pppd-plugin.so loaded.
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (plugin_init): initializing
  pppd[31148]: pppd 2.4.7 started by root, uid 0
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
  pppd[31148]: Using interface ppp0
  pppd[31148]: Connect: ppp0 <--> /dev/pts/5
  NetworkManager[619]: Using interface ppp0
  NetworkManager[619]: Connect: ppp0 <--> /dev/pts/5
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
  NetworkManager[619]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 7)
  NetworkManager[619]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/6
  pptp[31150]: nm-pptp-service-31139 log[main:pptp.c:333]: The synchronous pptp option is NOT activated
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 1 'Start-Control-Connection-Request'
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:758]: Received Start Control Connection Reply
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:792]: Client connection established.
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_rep:pptp_ctrl.c:258]: Sent control packet type is 7 'Outgoing-Call-Request'
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:877]: Received Outgoing Call Reply.
  pptp[31157]: nm-pptp-service-31139 log[ctrlp_disp:pptp_ctrl.c:916]: Outgoing call established (call ID 0, peer's call ID 25344).
  pppd[31148]: LCP: timeout sending Config-Requests <===HERE IS WHERE THE CONNECTION FAILS BECAUSE THE MODULES AREN'T LOADED.
  pppd[31148]: Connection terminated.
  NetworkManager[619]: LCP: timeout sending Config-Requests
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 11 / phase 'disconnect'
  NetworkManager[619]: Connection terminated.
  NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_phasechange): status 1 / phase 'dead'
  pppd[31148]: Modem hangup
  pppd[31148]: Exit.
  NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
  NetworkManager[619]: Modem hangup
  NetworkManager[619]: ** Message: nm-pptp-ppp-plugin: (nm_exit_notify): cleaning up
  NetworkManager[619]: <warn> VPN plugin failed: connect-failed (1)
  NetworkManager[619]: <info> VPN plugin state changed: stopped (6)
  NetworkManager[619]: <info> VPN plugin state change reason: unknown (0)
  NetworkManager[619]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
  NetworkManager[619]: ** (nm-pptp-service:31139): WARNING **: pppd exited with error code 16
  NetworkManager[619]: <info> VPN service 'pptp' disappeared
  To fix this, I had to add a file to the /etc/modules-load.d directory to have the modules loaded into the kernel at boot.  I just created a file called netfilter.conf and put the following in it:
  nf_nat_pptp
  nf_conntrack_pptp
  nf_conntrack_proto_gre
  Not sure if this addresses your problem or not, but maybe it's worth a look.

• Why does Airtunes Drop Frequnetly under Tiger?

  After having sifted through the last week's worth of posts to this forum, I find that I'm having a problem that many others are also having, and that it has yet to be solved. I'm posting yet another thread on this topic, hoping that Apple will take notice.
  Since upgrading to Tiger, I've had a bad experience with Airtunes frequently dropping out. Sometimes it resumes playing after a few seconds, sometimes it doesn't. Sometimes disconnecting from my wireless network and then reconnecting fixes the problem, sometimes it doesn't. As far as I know, everything is up to date:
  Mac OS X 10.4.7
  iTunes 6.0.5 (20)
  Apple Base Station v6.3 (that's the firmware)
  Software update gives me weekly updates too, so my Airport software should be current (how does one find the version number for this?). This problem also ocured under firmware 6.1. A hard reset of the Airport Express did not fix the problem either.
  The strangest symptom that I experience is when Airtunes drops out and I try to deselect my speakers in iTunes. It just hangs and I get the dreaded spinning beach ball. After 2 or 3 minutes it finally deselects. Sometimes if I reselect the speakers, Airtunes resumes working. But other times it just seems dead.
  While all of this is going on, my internet connection through the APExpress is still ok.
  Airtunes worked flawlessly for me under Panther. So I'm fairly sure that the problem arose when I switched to Tiger.
  Anyone know how to solve this problem (other than downgrading to Panther)?

  Okay, I've read the posts in this thread and think I might be able to contribute.
  My set up is an Airport Extreme Base, with two Express's. I'm new to all this WiFi stuff, and have built this system adding each component over the past two years. So, frequent droping out has also been a problem with my setup. Yet (fingers crossed) i think I got things working pretty well with, ahem, (almost) no drop outs in days.
  1. First suggestion is this link.
  http://www.macgeekery.com/hacks/hardware/optimizingairportconnectivity
  It basically talks about channel switching the Extreme Base Station and how to find out who else might be using that channel. With hints for advanced software from Apple (and where to get it) that I did not have, that helped me monitor signal strength and other neet learning tools.
  2. I purchased airfoil recently (great software IMHO), and in the troubleshootong section it talked about how any 802.11b hardware (like my 867 Tibook) automatically down throtles your network from a potential 54 mbps to 11mbps. Now I'm not real versed on what sort of thru put you need to stream this music stuff, but 11mbps probably is not enough for two consecutive streams (w/o constantly dropping out). I have not heard of this potential problem disscussed ANYWHERE else.
  3. One of my signals has to travel down a long hallway to reach the Express & speakers, 50 feet, and the signal would always stop when (it seemed as though) I would walk down it. My body seemingly disrupting the signal.
  This has seemed to dimminish after my last (#4)suggestion. A house full of people would (i think) kill any signal(s) no matter how strong the signals are.
  4. Upon messing around with the settings in the Airport Administrator Utility,
  i accidentally had it set to 25% of its potential Transmitter power (under Airport-->Airport Network -->Wireless Options. That fixed alot, boy I felt stupid.
  So, these may be things worth looking into. In addition, I have a couple of ?'s.
  1. what is the multicast rate? it's under Airport-->Airport Network -->Wireless Options also. what do ya'all have it set at?
  2. Would WDS have a positive signal strength effect with an Extreme Base Station and 2 or more Express stations.
  I have never run any WiFi under panther, but have had constant drop out issues under tiger until recently (who knows, maybe they'll return)
  Goodluck all !!!!
  GG-01
  PowerMac Dual 2.0 (last rev.)   Mac OS X (10.4.7)   Ti Book 867

• How do I reconnect my PPTP vpn after upgrading to Yosemite

  How do I reconnect my PPTP vpn after upgrading to Yosemite on my mac mini

  See:
  http://kb.mozillazine.org/Locked_or_damaged_places.sqlite
  http://kb.mozillazine.org/Lost_bookmarks

• How to configure Multiple PPTP VPN Clients on cisco 3g supported Router

  I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
  here is the config for the one that works:
  vpdn-group 1
  request-dialin
  protocol pptp
  rotary-group 0
  initiate-to ip xxx.xxx.xxx.xxx
  interface Dialer0
  mtu 1450
  ip address negotiated
  ip pim dense-mode
  ip nat outside
  ip virtual-reassembly
  zone-member security private
  encapsulation ppp
  ip igmp query-interval 125
  dialer in-band
  dialer idle-timeout 0
  dialer string 123
  dialer vpdn
  dialer-group 1
  no peer neighbor-route
  no cdp enable
  ppp pfc local request
  ppp pfc remote apply
  ppp encrypt mppe auto
  ppp authentication ms-chap-v2 ms-chap eap chap pap callin
  ppp eap refuse
  ppp chap hostname xxx@xxx
  ppp chap password 7 xxxpassword
  But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.

  I want the router to be a PPTP VPN client to 2 independent PPTP servers, both are in different cities in Cisco routers. I have tested with one on cisco 1841 aqnd its working fine; but when I add the 2nd, its using vpdn-group 1 and therefore connecting to the wrong PPTP server:
  here is the config for the one that works:
  vpdn-group 1
  request-dialin
  protocol pptp
  rotary-group 0
  initiate-to ip xxx.xxx.xxx.xxx
  interface Dialer0
  mtu 1450
  ip address negotiated
  ip pim dense-mode
  ip nat outside
  ip virtual-reassembly
  zone-member security private
  encapsulation ppp
  ip igmp query-interval 125
  dialer in-band
  dialer idle-timeout 0
  dialer string 123
  dialer vpdn
  dialer-group 1
  no peer neighbor-route
  no cdp enable
  ppp pfc local request
  ppp pfc remote apply
  ppp encrypt mppe auto
  ppp authentication ms-chap-v2 ms-chap eap chap pap callin
  ppp eap refuse
  ppp chap hostname xxx@xxx
  ppp chap password 7 xxxpassword
  But if I create a vpdn-group 2 and a Dialer1 interface, with dialer-group 2, its still attempting to connect to the IP in vpdn-group 1 - how do I get it to use the 2nd vpdn-group, or how do I make this work? and which cisco 3G Router you prefer because these are remote sites and only 3G Internet service is available.

• Help needed to connect to remote PPTP VPN via PIX 515e

  Hello,
  A user in our office needs to connect to a client's remote PPTP VPN but can't connect.  The user is running Windows 7.  We have a Cisco PIX 515e firewall that is running PIX Version 6.3(3) - this is what our user is having to go through to try and make the connection to the client's remote VPN.
  The client's network guys have come back and said the issue is at our side.  They say that they can see some of our traffic but not all of it. The standard error is shown below, and they say it's symptomatic of the client-side firewall not allowing PPTP traffic:
  "A connection between the VPN server and the VPN client XXX.XXX.XXX.XXX has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets."
  I have very little firewall experience and absolutely no Cisco experience I'm afraid.  From looking at the PIX config I can see the following line:
  fixup protocol pptp 1723.
  Does this mean that the PPTP protcol is enabled on our firewall?  Is this for both incoming and outgoing traffic?
  I can see no reference to GRE 47 in the PIX config.  Can anyone advise me what I should look for to see if this has been enabled or not?
  I apologise again for my lack of knowledge.  Any help or advice would be very gratefully received.
  Ros

  Hi Eugene,
  Thank you for taking the time to reply to me.  Please see our full PIX config below.  I've XX'd out names and IP addresses as I'm never comfortable posting those type of details in a public forum.  I hope that the information below is still sufficient for you.
  Thanks again for your help,
  Ros
  PIX(config)# en
  Not enough arguments.
  Usage:  enable password [] [level ] [encrypted]
          no enable password level
          show enable
  PIX(config)# show config
  : Saved
  : Written by enable_15 at 10:30:31.976 GMT/BDT Mon Apr 4 2011
  PIX Version 6.3(3)
  interface ethernet0 auto
  interface ethernet1 auto
  interface ethernet2 auto
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  nameif ethernet2 DMZ security10
  enable password XXX encrypted
  passwd XXX encrypted
  hostname PIX
  domain-name XXX.com
  clock timezone GMT/BST 0
  clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol pptp 1723
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  name XX.XX.XX.XX Secondary
  access-list outside_access_in permit tcp XX.XX.XX.XX 255.255.255.240 host XX.XX.XX.XX eq smtp
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq https
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 993
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 587
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 82
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
  access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
  access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 8082
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
  access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
  access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.0.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl deny udp any any eq 135
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_40 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_60 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list USER1 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_10 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_20 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_30 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_50 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list outside_cryptomap_70 permit ip any XX.XX.XX.XX 255.255.0.0
  access-list USER2 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list USER3 permit ip any XX.XX.XX.XX 255.255.255.0
  access-list USER4 permit ip any XX.XX.XX.XX 255.255.0.0
  pager lines 24
  logging on
  logging host inside XX.XX.XX.XX
  icmp permit any outside
  icmp permit any inside
  mtu outside 1500
  mtu inside 1500
  mtu DMZ 1500
  ip address outside XX.XX.XX.XX 255.255.255.248
  ip address inside XX.XX.XX.XX 255.255.255.0
  no ip address DMZ
  ip audit info action alarm
  ip audit attack action alarm
  pdm location XX.XX.XX.XX 255.255.255.255 inside
  pdm location XX.XX.XX.XX 255.255.0.0 outside
  pdm location XX.XX.XX.XX 255.255.255.0 outside
  pdm logging debugging 100
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_outbound_nat0_acl
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
  static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
  static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
  static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX 1
  route inside XX.XX.XX.XX 255.255.0.0 XX.XX.XX.XX 1
  timeout xlate 3:00:00
  timeout conn 2:00:00 half-closed 0:30:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  aaa-server LOCAL protocol local
  ntp authenticate
  ntp server XX.XX.XX.XX source outside prefer
  http server enable
  http XX.XX.XX.XX 255.255.0.0 outside
  http XX.XX.XX.XX 255.255.255.0 outside
  http XX.XX.XX.XX 255.255.255.255 inside
  snmp-server host inside XX.XX.XX.XX
  no snmp-server location
  no snmp-server contact
  snmp-server community XXX
  snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map cola 20 set transform-set ESP-3DES-MD5
  crypto dynamic-map dod 10 set transform-set ESP-3DES-MD5
  crypto map outside_map 10 ipsec-isakmp dynamic cola
  crypto map outside_map 20 ipsec-isakmp
  crypto map outside_map 20 match address outside_cryptomap_20
  crypto map outside_map 20 set peer XX.XX.XX.XX
  crypto map outside_map 20 set transform-set ESP-3DES-MD5
  crypto map outside_map 25 ipsec-isakmp
  crypto map outside_map 25 match address USER1
  crypto map outside_map 25 set peer XX.XX.XX.XX
  crypto map outside_map 25 set transform-set ESP-3DES-MD5
  crypto map outside_map 30 ipsec-isakmp
  crypto map outside_map 30 match address outside_cryptomap_30
  crypto map outside_map 30 set peer XX.XX.XX.XX
  crypto map outside_map 30 set transform-set ESP-3DES-MD5
  crypto map outside_map 40 ipsec-isakmp
  crypto map outside_map 40 match address outside_cryptomap_40
  crypto map outside_map 40 set peer XX.XX.XX.XX
  crypto map outside_map 40 set transform-set ESP-3DES-MD5
  crypto map outside_map 50 ipsec-isakmp
  crypto map outside_map 50 match address outside_cryptomap_50
  crypto map outside_map 50 set peer XX.XX.XX.XX
  crypto map outside_map 50 set transform-set ESP-3DES-MD5
  crypto map outside_map 60 ipsec-isakmp
  crypto map outside_map 60 match address outside_cryptomap_60
  crypto map outside_map 60 set peer XX.XX.XX.XX
  crypto map outside_map 60 set transform-set ESP-3DES-MD5
  crypto map outside_map 70 ipsec-isakmp
  crypto map outside_map 70 match address outside_cryptomap_70
  crypto map outside_map 70 set peer XX.XX.XX.XX
  crypto map outside_map 70 set transform-set ESP-3DES-MD5
  crypto map outside_map 75 ipsec-isakmp
  crypto map outside_map 75 match address USER4
  crypto map outside_map 75 set peer XX.XX.XX.XX
  crypto map outside_map 75 set transform-set ESP-3DES-MD5
  crypto map outside_map 80 ipsec-isakmp
  crypto map outside_map 80 match address USER2
  crypto map outside_map 80 set peer XX.XX.XX.XX
  crypto map outside_map 80 set transform-set ESP-3DES-MD5
  crypto map outside_map 90 ipsec-isakmp
  crypto map outside_map 90 match address USER3
  crypto map outside_map 90 set peer XX.XX.XX.XX
  crypto map outside_map 90 set transform-set ESP-3DES-MD5
  crypto map outside_map interface outside
  isakmp enable outside
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
  isakmp policy 20 authentication pre-share
  isakmp policy 20 encryption 3des
  isakmp policy 20 hash md5
  isakmp policy 20 group 2
  isakmp policy 20 lifetime 86400
  telnet XX.XX.XX.XX 255.255.0.0 outside
  telnet XX.XX.XX.XX 255.255.255.255 inside
  telnet XX.XX.XX.XX 255.255.255.255 inside
  telnet XX.XX.XX.XX 255.255.255.255 inside
  telnet timeout 30
  ssh XX.XX.XX.XX 255.255.255.248 outside
  ssh XX.XX.XX.XX 255.255.255.248 outside
  ssh timeout 30
  management-access inside
  console timeout 0
  terminal width 80
  Cryptochecksum:XXX
  PIX(config)#

• Has anyone got PPTP VPN to work on Lion Server?

  Has anyone got PPTP VPN to work on Lion Server?
  I had a go with the terminal commnds posted by apple support but no joy. Since then Apple has pulled the suport article - is it because it didn't work?
  I get PPTP is less secure but PPTP seems to be more reliable don't know whey they can't keep as GUI. I've got them both running on our 10.4 server and L2TP stoped allowing connections for no reason PPTP was still working L2TP started working again on its own. Plus L2TP drops my connection when I connect with a 2nd device e.g connected with my Macbook connect with my iPhone (different username) it drops my Macbook.
  Any advice getting PPTP to work on Lion Server would be appreciated
  Thanks
  Ben

  Hi,
  I have posted a bugreport on this issue to Apple. Currently (10.7.2) it is not possible to run PPTP on any Mac OS X Server when using a 10.7 Server as Directory Server.
  I have tried 'everything', but the MPPE encryption mechanism seems to be broken.
  Edit: I see now that the bugreport is filed as a duplicate to an older case, which is now closed. I hope this means they have found the problem and will release a fix in the next update.

• [SOLVED]How to configure pptp vpn start on boot with netcfg?

  I've configured 2 profiles:
  eth0 and ppp0, where ppp0 is a pptp vpn tunnel.
  $ ls /etc/network.d/
  eth0  examples  interfaces  ppp0
  $ cat /etc/network.d/ppp0
  CONNECTION='ppp'
  INTERFACE='ppp0'
  PEER='dxt'
  PPP_TIMEOUT=10
  $ cat /etc/conf.d/netcfg
  # Enable these netcfg profiles at boot time.
  #   - prefix an entry with a '@' to background its startup
  #   - set to 'last' to restore the profiles running at the last shutdown
  #   - set to 'menu' to present a menu (requires the dialog package)
  # Network profiles are found in /etc/network.d
  NETWORKS=(eth0 ppp0)
  # Specify the name of your wired interface for net-auto-wired
  WIRED_INTERFACE="eth0"
  # Specify the name of your wireless interface for net-auto-wireless
  WIRELESS_INTERFACE="wlan0"
  Manually, I can start up ppp0 correctly.
  $ sudo netcfg -u ppp0
  :: ppp0 up                                                                                                                                                                 [ BUSY ] Using interface ppp0
  Connect: ppp0 <--> /dev/pts/3
  CHAP authentication succeeded
  MPPE 128-bit stateless compression enabled
  Cannot determine ethernet address for proxy ARP
  local  IP address 10.100.3.132
  remote IP address 10.100.3.1
                                                                                                                                                                             [ DONE ]
  $ ip addr list dev ppp0
  8: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast state UNKNOWN qlen 3
      link/ppp
      inet 10.100.3.132 peer 10.100.3.1/32 scope global ppp0
  But after booting, only eth0 is up. How to configure ppp0 to start on boot with netcfg?
  Last edited by rchiang (2012-12-21 01:09:32)

  Thanks a lot for your instruction.
  netcfg works now!
  chris_l wrote:
  Did you
  systemctl enable [email protected]

• 2 questions about PPTP VPN on 878

  Hello,
  I've configured my 878 router as a PPTP VPN server. It works very fine and very quickly. Using the XP VPN client from a remote site, I can "see" all servers in my network.
  2 questions
  1) When doing telnet on the 878 through the VPN, it is very slow.
  2) I would have to get access to the internet through the VPN. But this does not work.
  What should I change in this config :
  Thanks in advance,
  Guy
  version 12.3
  no service pad
  service timestamps debug datetime localtime show-timezone
  service timestamps log datetime localtime show-timezone
  service password-encryption
  service linenumber
  service sequence-numbers
  hostname ineo-21029
  boot-start-marker
  boot-end-marker
  no logging buffered
  enable secret 5 .....
  username ...
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  ip subnet-zero
  no ip cef
  no ip dhcp use class
  ip name-server 212.100.160.51
  ip name-server 212.100.160.52
  ip port-map ms-sql port 1433
  vpdn enable
  vpdn-group 1
  ! Default PPTP VPDN group
  accept-dialin
  protocol pptp
  virtual-template 1
  no ftp-server write-enable
  isdn switch-type basic-net3
  controller DSL 0
  mode atm
  line-term cpe
  line-mode 2-wire line-zero
  dsl-mode shdsl symmetric annex B
  line-rate auto
  interface BRI0
  no ip address
  shutdown
  isdn switch-type basic-net3
  interface ATM0
  description === to PE/Router ====
  no ip address
  ip accounting output-packets
  load-interval 30
  no atm ilmi-keepalive
  interface ATM0.1 point-to-point
  description $ES_WAN$
  pvc 8/35
  oam-pvc manage 5
  oam-pvc manage cc end direction both
  oam retry 3 3 1
  oam retry cc end 3 3 30
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface Virtual-Template1
  ip unnumbered Vlan1
  peer default ip address pool test
  no keepalive
  ppp encrypt mppe auto
  ppp authentication pap chap ms-chap ms-chap-v2
  interface Vlan1
  description $FW_INSIDE$
  ip address 192.168.2.2 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Dialer1
  description $FW_OUTSIDE$
  ip address negotiated
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  no cdp enable
  ppp chap hostname ....
  ppp chap password ....
  ppp pap sent-username ....
  ip local pool test 192.168.2.240 192.168.2.250
  ip classless
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  no ip http secure-server
  ip nat inside source list 101 interface Dialer1 overload
  access-list 101 permit ip 192.168.2.0 0.0.0.255 any
  dialer-list 1 protocol ip permit
  control-plane
  line con 0
  exec-timeout 120 0
  no modem enable
  transport preferred all
  transport output all
  stopbits 1
  line aux 0
  transport preferred all
  transport output all
  line vty 0 4
  access-class 113 in
  exec-timeout 0 0
  transport preferred all
  transport input all
  transport output all
  scheduler max-task-time 5000

  Thanks for this message.
  Finding no solution to my problem, i've switched to other tools : Easy VPN server in the router + Cisco VPN client. My 2 questions have now received a positive answer.
  I was very important for me to get Internet acess through the VPN. Because we rent a dedicated server, located somewhere, and the access to this server is firewall-protected on our public IP address. Thus, when i'm outside and want to manage this serveur, i've to connect via VPN at our central office first.
  Best regards,
  Guy