Skip navigation

PPTP VPN errors, 10.7

30564 Views 33 Replies Latest reply: May 25, 2012 8:00 AM by RoseValley RSS
1 2 3 Previous Next
James Spong Level 1 Level 1 (100 points)
Currently Being Moderated
Aug 2, 2011 10:58 AM

Hi,

 

I have been trying to get the PPTP VPN service working in Lion with no luck and wanted to see if anyone can help...

 

I found this document - http://support.apple.com/kb/HT4748 - and went over the instructions and entered the relevant settings into Terminal.  This is what I entered:

 

bash-3.2# serveradmin settings

vpn:Servers:com.apple.ppp.pptp:enabled = yes

vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = 192.168.2.236

vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = 192.168.2.240

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_ index:0 = MSCHAP2            

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = DSAuth

vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 1   

vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1

 

After pressing ctrl-d to save, this is what was returned:

 

vpn:Servers:com.apple.ppp.pptp:enabled = yes

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol = _empty_array

vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0

vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"

vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.2.224"

vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.2.254"

 

So, straight away it seems that there is problem - the 'AuthenticatorProtocol' setting hasn't taken nor has the starting and ending addresses or 40bit key setting.  When setting up a connection from a client I get the following errors in the VPN logs on the server:

 

2011-08-02 17:41:33 BST          Incoming call... Address given to client = 192.168.2.224

Tue Aug  2 17:41:33 2011 : Directory Services Authentication plugin initialized

Tue Aug  2 17:41:33 2011 : Directory Services Authorization plugin initialized

Tue Aug  2 17:41:33 2011 : PPTP incoming call in progress from '192.168.2.20'...

Tue Aug  2 17:41:33 2011 : PPTP connection established.

Tue Aug  2 17:41:33 2011 : using link 0

Tue Aug  2 17:41:33 2011 : Using interface ppp0

Tue Aug  2 17:41:33 2011 : Connect: ppp0 <--> socket[34:17]

Tue Aug  2 17:41:33 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x658dba54> <pcomp> <accomp>]

Tue Aug  2 17:41:34 2011 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x343c484c> <pcomp> <accomp>]

Tue Aug  2 17:41:34 2011 : lcp_reqci: returning CONFACK.

Tue Aug  2 17:41:34 2011 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x343c484c> <pcomp> <accomp>]

Tue Aug  2 17:41:36 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x658dba54> <pcomp> <accomp>]

Tue Aug  2 17:41:36 2011 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x658dba54> <pcomp> <accomp>]

Tue Aug  2 17:41:36 2011 : sent [LCP EchoReq id=0x0 magic=0x658dba54]

Tue Aug  2 17:41:36 2011 : sent [CHAP Challenge id=0x19 <5856042b4d496d0d7628283f036a342a>, name = "test1.example.com"]

Tue Aug  2 17:41:36 2011 : rcvd [LCP EchoReq id=0x0 magic=0x343c484c]

Tue Aug  2 17:41:36 2011 : sent [LCP EchoRep id=0x0 magic=0x658dba54]

Tue Aug  2 17:41:36 2011 : rcvd [LCP EchoRep id=0x0 magic=0x343c484c]

Tue Aug  2 17:41:37 2011 : rcvd [CHAP Response id=0x19 <1e54910872fb421f0c33a14170a86ae50000000000000000ec5a9244356ad3301e54400736f5c6 ab5e2efcdb72c1b32100>, name = "admin"]

Tue Aug  2 17:41:37 2011 : DSAuth plugin: Failed to retrieve MPPE encryption keys from the password server.

Tue Aug  2 17:41:37 2011 : sent [CHAP Success id=0x19 "S=19042A45445ADAAB6BD0356FC1CB5EFFD3130904 M=Access granted"]

Tue Aug  2 17:41:37 2011 : CHAP peer authentication succeeded for admin

Tue Aug  2 17:41:37 2011 : DSAccessControl plugin: User 'admin' authorized for access

Tue Aug  2 17:41:37 2011 : MPPE required, but keys are not available.  Possible plugin problem?

Tue Aug  2 17:41:37 2011 : sent [LCP TermReq id=0x2 "MPPE required but not available"]

Tue Aug  2 17:41:37 2011 : Connection terminated.

Tue Aug  2 17:41:37 2011 : Connect time 0.1 minutes.

Tue Aug  2 17:41:37 2011 : Sent 0 bytes, received 0 bytes.

Tue Aug  2 17:41:37 2011 : PPTP disconnecting...

Tue Aug  2 17:41:37 2011 : PPTP disconnected

2011-08-02 17:41:37 BST             --> Client with address = 192.168.2.224 has hungup

 

I have dug around and seen that the 'DSAuth plugin: Failed to retrieve MPPE encryption keys from the password server' error is not a new one and has been seen before in upgrades to 10.4, 10.5 and 10.6, however everything that is suggested in those threads doesn't resolve this problem - I still get the same errors in the log.

 

I have tried rebuilding the keyagentuser (sudo vpnaddkeyagentuser /LDAPv3/127.0.0.1 - this is the OD master as well as VPN server) with no luck and have re-entered the sudo serveradmin settings above again, with no change.

 

I don't know enough about how the VPN service works to know what to do/try next and documentation/discussions on this are thin on the ground - if anyone has any idea, it would be great to kow!

 

Thanks

 

JS

MacBook Pro, Mac OS X (10.6.8)
  • cryptochrome Level 1 Level 1 (5 points)
    Currently Being Moderated
    Aug 4, 2011 12:03 PM (in response to James Spong)

    Got the same problem here.

     

    I tried re-ordering some of the entries you have to put into the serveradmin command which resulted in having more of them being accepted. The only one that was never accepted

    was vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_ index:0 = MSCHAP2.

     

    So I am still stuck at the same error messages you see.

  • James Brochtrup Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 4, 2011 4:23 PM (in response to cryptochrome)

    James,

     

    I changed the com.apple.ppp to my domain. 

     

    My input was:

    sudo serveradmin settings

    Password:

    vpn:Servers:net.domain.mms.pptp:enabled = yes

    vpn:Servers:net.domain.mms.pptp:IPv4:DestAddressRanges:_array_index:0 = 10.0.0.64

    vpn:Servers:net.domain.mms.pptp:IPv4:DestAddressRanges:_array_index:1 = 10.0.0.90

    vpn:Servers:net.domain.mms.pptp:PPP:AuthenticatorProtocol:_array_ index:0 = MSCHAP2

    vpn:Servers:net.domain.mms.pptp:PPP:AuthenticatorPlugins:_array_index:0 = DSAuth

    vpn:Servers:net.domain.mms.pptp:PPP:MPPEKeySize40 = 1

    vpn:Servers:net.domain.mms.pptp:PPP:MPPEKeySize128 = 1

    ctrl+d

     

    The output I recieved was:

    2011-08-04 13:10:34.029 serveradmin[6681:307] -[__NSCFDictionary objectAtIndex:]: unrecognized selector sent to instance 0x7f984043c080

    2011-08-04 13:10:34.076 serveradmin[6681:307] Exception in doCommand for module servermgr_vpn on thread 0x7f9840416d40: -[__NSCFDictionary objectAtIndex:]: unrecognized selector sent to instance 0x7f984043c080

    2011-08-04 13:10:34.077 serveradmin[6681:307] --request was {

        command = writeSettings;

        configuration =     {

            Servers =         {

                "net.4pads.mms.pptp" =             {

                    IPv4 =                 {

                        DestAddressRanges =                     (

                            "10.0.0.64",

                            "10.0.0.90"

                        );

                    };

                    PPP =                 {

                        AuthenticatorPlugins =                     (

                            DSAuth

                        );

                        AuthenticatorProtocol =                     {

                            "_array_ index" =                         {

                                0 = MSCHAP2;

                            };

                        };

                        MPPEKeySize128 = 1;

                        MPPEKeySize40 = 1;

                    };

                    enabled = 1;

                };

            };

        };

    }

    mms:~ admin$

     

    The connection fails with the message:

    The PPTP-VPN server did not respond.  Try reconnecting.  If the problem continues, verify your settings and contact your Administrator.

     

    I am trying to figure out how to determine if the server is running.  Any ideas?

    James

  • James Brochtrup Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 4, 2011 4:34 PM (in response to James Brochtrup)

    Found the command to check the vpn settings.

    sudo serveradmin settings vpn

     

    Here is another thread on the subject:

    https://discussions.apple.com/message/15759817#15759817

  • cryptochrome Level 1 Level 1 (5 points)
    Currently Being Moderated
    Aug 4, 2011 11:29 PM (in response to James Spong)

    I got it working now. Don't ask me how I did it exactly. I was shuffeling around the entries to the serveradmin until each and everyone was accepted. It seems you need to add the entries in the right order. The pptp enable must be the last one because that will always return to off unless all other settings are already set up.

  • mgilan Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 9, 2011 4:07 AM (in response to James Spong)

    Hi,

     

    I have the same issue after upgrading from SL to Lion Server. I think the problem is with:

     

    ...
    Tue Aug 9 11:49:43 2011 : DSAuth plugin: Failed to retrieve MPPE encryption keys from the password server.
    ...
    Tue Aug 9 11:49:44 2011 : MPPE required, but keys are not available. Possible plugin problem?

    ...

     

    Also the workaround with vpnaddkeyagentuser is not working for me beacuse I'm not able to use my admin user when it asks for it.

  • mgilan Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 9, 2011 5:40 AM (in response to James Spong)

    I'm using this as home server so I never really used OD. Just after upgrade to Lion I deleted some users and created them again thru the new Server.app. So I thought the OD admin will be my local admin. I was looking into the LDAP tree and found user diradmin, but I'm not sure if I can change his password.

  • gtrazanka Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 10, 2011 8:11 PM (in response to cryptochrome)

    Yes can you please post the order you used to get it working?

     

    Thanks!

  • cryptochrome Level 1 Level 1 (5 points)
    Currently Being Moderated
    Aug 11, 2011 1:17 AM (in response to gtrazanka)

    I don't remember the exact order, sorry. I made sure that I always set those options first that would be needed by the options I entered after that. e.g. I enabled the PPTP service at the very end after all other settings were set because else the service would not start.

     

    You have to play around with this and use the order that makes the most logical sense. What also helps is setting the commands in increments (one command, exit utility, start utility, next command, exit utility... you get the idea).

  • Christoph Ewering1 Level 1 Level 1 (5 points)
    Currently Being Moderated
    Oct 21, 2011 4:23 PM (in response to James Spong)

    Hello James!

     

    You saw the typo in HT4748?

    There is no blank at vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = MSCHAP2

    between "array_" and "index".

     

    But for me this does not help, either. Still no luck.

    Stopped vpn

    set things up as mentioned in HT4748

    removed vpn-key-user with directory editor

    created a new one with vpnkey....

    started vpn

    Still the same problem :-(

     

    Bye

  • sfatula Level 2 Level 2 (150 points)
    Currently Being Moderated
    Oct 30, 2011 5:43 PM (in response to Christoph Ewering1)

    Seems to just be broken. I would bet you could turn encryption off and it would work fine. Seems to be a problem when using OD, likely works without OD but that's useless. As is using it without encryption.

     

    Has anyone tried Apple tech support?

  • sfatula Level 2 Level 2 (150 points)
    Currently Being Moderated
    Oct 31, 2011 12:43 PM (in response to sfatula)

    So, I called and opened up a case. Turns out I am not the only one (as you may have guessed). The response I got is that it is a known issue with no current useable workaround (disabling encryption is not useable). But, they are working on it. I volunteered to be a tester should they come up with a patch, etc.

  • UptimeJeff Level 4 Level 4 (3,390 points)
    Currently Being Moderated
    Jan 21, 2012 12:11 PM (in response to James Spong)

    Fixed in 10.7.3 dev build

     

    Copy /usr/sbin/vpnd

    to your 10.7.2 install

     

    this fixes the pptp auth issue

1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.