11 Replies Latest reply: Apr 14, 2012 7:08 PM by apollo777
dinne Level 1 Level 1 (0 points)

I have an issue on iOS 5 when trying to establish a VPN connection with a Draytek Vigor 2750Vn DSL router.

 

The PPTP connection works perfect, but for the L2TP connection only the machine authentication works (the "outer authentication") but the inner authentication is rejected by the iPhone (!?). It seems that the iPhone allows MS-CHAP2 on PPTP but not on L2TP?

 

I have following logs from PPP daemon on the Vigor that seem to show this:

 

>>> PPTP Connection BEGIN

Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.

pptpd-logwtmp: $Version$

Plugin pptp.so loaded.

PPTP plugin version 0.8.5 compiled for pppd-2.4.4, linux-2.6.23.17

using channel 64

Using interface ppp600

Connect: ppp600 <--> pptp (80.187.107.100)

sent [LCP ConfReq id=0x1 <mru 1482> <auth chap MS-v2> <magic 0x8398e700>]

rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x5b8a120d> <pcomp> <accomp>]

sent [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]

rcvd [LCP ConfAck id=0x1 <mru 1482> <auth chap MS-v2> <magic 0x8398e700>]      <-------------------------------------------------- here iPhone accepts CHAP MS-V2

rcvd [LCP ConfReq id=0x2 <magic 0x5b8a120d>]

sent [LCP ConfAck id=0x2 <magic 0x5b8a120d>]

sent [LCP EchoReq id=0x0 magic=0x8398e700]

sent [CHAP Challenge id=0xa4 <f0e54907ac6add87ed863398a36ff3af>, name = "pptp-server"]

rcvd [LCP EchoReq id=0x0 magic=0x5b8a120d]

sent [LCP EchoRep id=0x0 magic=0x8398e700]

rcvd [LCP EchoRep id=0x0 magic=0x5b8a120d]

rcvd [CHAP Response id=0xa4 <XXXXXXXXXXXXXXobfuscated>, name = "XXXXXXXXXXXobfuscated"]

sent [CHAP Success id=0xa4 "S=XXXXXXXXXXXXXXXXobfuscated M=Access granted"]

sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D +C>]

rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]

sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]

sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]

MPPE 128-bit stateless compression enabled

sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.1.1>]

rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

sent [IPCP ConfNak id=0x1 <addr 192.168.1.221> <ms-dns1 192.168.1.1> <ms-dns3 8.8.8.8>]

rcvd [IPV6CP ConfReq id=0x1 <addr fe80::obfuscated>]

Unsupported protocol 'IPv6 Control Protovol' (0x8057) received

sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a e8 33 89 6d 01 ea 2f 08]

rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

sent [IPCP ConfReq id=0x2 <addr 192.168.1.1>]

rcvd [IPCP ConfReq id=0x2 <addr 192.168.1.221> <ms-dns1 192.168.1.1> <ms-dns3 8.8.8.8>]

sent [IPCP ConfAck id=0x2 <addr 192.168.1.221> <ms-dns1 192.168.1.1> <ms-dns3 8.8.8.8>]

rcvd [IPCP ConfAck id=0x2 <addr 192.168.1.1>]

found interface br-lan for proxy arp

local  IP address 192.168.1.1

remote IP address 192.168.1.221

>>> PPTP Connection END

 

 

 

>>> L2TP Connection BEGIN

using channel 69

Using interface ppp650

Connect: ppp650 <--> /dev/pts/2

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xf6168af8>]

rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]       <-------------------------------------------------------------- it seems that CHAP MS-v2 is rejected by the iPhone!?

sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xf6168af8>]

rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0xf6168af8>]

rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x50f4a687> <pcomp> <accomp>]

sent [LCP ConfRej id=0x1 <pcomp> <accomp>]

rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x50f4a687>]

sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x50f4a687>]

sent [LCP EchoReq id=0x0 magic=0xf6168af8]

peer refused to authenticate: terminating link

sent [LCP TermReq id=0x3 "peer refused to authenticate"]

rcvd [LCP EchoReq id=0x0 magic=0x50f4a687]

rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

Discarded non-LCP packet when LCP not open

rcvd [LCP EchoRep id=0x0 magic=0x50f4a687]

rcvd [LCP TermAck id=0x3]

>>>> L2TP Connection END

 

 

 

I tried to switch the router to CHAP MS V1 and to CHAP MD5, but both were rejected, too.

 

It only works out if I remove inner authentication by configuring "noauth" in pppd.conf on the router.

 

Following questions:

1) Can anybody confirm this behavior?

2) What inner authentication would the iPhone acceppt in L2TP?


iPhone 4, iOS 5.0.1
  • 1. Re: VPN L2TP issue
    dinne Level 1 Level 1 (0 points)

    Addendum: The root cause seems to be the iPhone (iOS5.0.1) as CHAP-MD5 perfectly works from a Windows Vista Client (same as for MS-CHAPv2)

     

     

    >>>

    Using interface ppp650

    Connect: ppp650 <--> /dev/pts/0

    sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0x710647b8>]

    rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0x710647b8>]

    rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x2b110c5c> <pcomp> <accomp> <callback CBCP>]

    sent [LCP ConfRej id=0x1 <pcomp> <accomp> <callback CBCP>]

    rcvd [LCP ConfReq id=0x2 <mru 1400> <magic 0x2b110c5c>]

    sent [LCP ConfAck id=0x2 <mru 1400> <magic 0x2b110c5c>]

    sent [LCP EchoReq id=0x0 magic=0x710647b8]

    sent [CHAP Challenge id=0xba <XXXobfuscated>, name = "XXXobfuscated"]

    rcvd [LCP Ident id=0x3 magic=0x2b110c5c "MSRASV5.20"]

    rcvd [LCP Ident id=0x4 magic=0x2b110c5c "MSRAS-0-XXXobfuscated"]

    rcvd [LCP Ident id=0x5 magic=0x2b110c5c "XXXobfuscated"]

    rcvd [LCP EchoRep id=0x0 magic=0x2b110c5c]

    rcvd [CHAP Response id=0xba <fd32671cc068ceea94832e1cb2106471>, name = "XXXobfuscated"]

    sent [CHAP Success id=0xba "Access granted"]

    sent [IPCP ConfReq id=0x1 <addr 192.168.1.XXXObfuscated>]

    rcvd [CCP ConfReq id=0x6 <mppe +H -M -S -L -D +C>]

    Unsupported protocol 'Compression Control Protocol' (0x80fd) received

    sent [LCP ProtRej id=0x2 80 fd 01 06 00 0a 12 06 01 00 00 01]

    rcvd [IPCP ConfReq id=0x7 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]

    sent [IPCP ConfRej id=0x7 <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]

    rcvd [IPCP ConfAck id=0x1 <addr 192.168.1.xxx>]

    rcvd [IPCP ConfReq id=0x8 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

    sent [IPCP ConfNak id=0x8 <addr 192.168.1.xxx> <ms-dns1 192.168.1.1> <ms-dns3 XXXobfuscated>]

    rcvd [IPCP ConfReq id=0x9 <addr 192.168.1.xxx> <ms-dns1 192.168.1.1> <ms-dns3 XXXobfuscated>]

    sent [IPCP ConfAck id=0x9 <addr 192.168.1.xxx> <ms-dns1 192.168.1.1> <ms-dns3 XXXobfuscated]

    found interface br-lan for proxy arp

    local  IP address 192.168.1.xxx

    remote IP address 192.168.1.xxx

    Script /etc/ppp/ip-up started (pid 7038)

    >>> END

  • 2. Re: VPN L2TP issue
    apollo777 Level 1 Level 1 (0 points)

    Over the past three years I have used the L2TP VPN on the iPhone extensively to connect to a server on my home network. I posted my configuration here in 2009:

     

    http://www.linuxquestions.org/questions/linux-networking-3/ipsec-l2tp-vpn-server -on-ubuntu-for-iphone-718264/

     

    Definitely, something broke with iOS 5. I have an old iPhone 3G that is running iOS 4.2.1 and the VPN still works perfectly on this phone. That tells me the problem is with iOS 5, not with my server setup.

     

    For several months I have occasionally been searching for other people experiencing this same problem. Your post is the first one I've seen that seems to be identical to what I am experiencing. Unfortunately, I don't have a solution. I tried your suggest to configure "no auth" in pppd.conf. That did not work for me -- no difference. My setup is different than your's. The VPN server runs in a VM running Ubuntu. I'm absolutely convinced this is a problem that was introduced with iOS 5.

     

    This is something Apple needs to fix. I hope they do it soon.

     

    Apollo

  • 3. Re: VPN L2TP issue
    dinne Level 1 Level 1 (0 points)

    Apollo, can you please post your pppd.log to see if you encounter the same issue with the iphone refusing to authenticate in ppp session? For me, all before this (the "outer" stuff) seems works perfectly, only the "inner" stuff makes troubles.

  • 4. Re: VPN L2TP issue
    apollo777 Level 1 Level 1 (0 points)

    Ok, you might need to help me here -- I think I fall into the category of "hacker" with this stuff. I got it to work originally, but I didn't really know what I was doing .

     

    I haven't got a pppd.log. Maybe a relevant excerpt from my syslog is just as good.

     

    This is an unsuccessful connection attempt from my iPhone 4S running iOS 5.1:

     

    ==========================

     

    Apr 13 21:35:12 bird7g xl2tpd[5105]: Connection established to 10.0.0.1, 53867.  Local: 52933, Remote: 52 (ref=0/0).  LNS session is 'default'

    Apr 13 21:35:12 bird7g xl2tpd[5105]: start_pppd: I'm running:

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "/usr/sbin/pppd"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "passive"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "-detach"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "192.168.0.231:192.168.0.232"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "refuse-pap"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "refuse-chap"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "auth"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "name"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "l2tp.bird.loc"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "debug"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "file"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "/etc/ppp/options.xl2tpd"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: "/dev/pts/1"

    Apr 13 21:35:12 bird7g xl2tpd[5105]: Call established with 10.0.0.1, Local: 52242, Remote: 16222, Serial: 1

    Apr 13 21:35:12 bird7g pppd[5747]: pppd 2.4.4 started by root, uid 0

    Apr 13 21:35:12 bird7g pppd[5747]: using channel 2

    Apr 13 21:35:12 bird7g pppd[5747]: Using interface ppp0

    Apr 13 21:35:12 bird7g pppd[5747]: Connect: ppp0 <--> /dev/pts/1

    Apr 13 21:35:12 bird7g pppd[5747]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xc4304f5> <pcomp> <accomp>]

    Apr 13 21:35:12 bird7g pppd[5747]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1af61537> <pcomp> <accomp>]

    Apr 13 21:35:12 bird7g pppd[5747]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1af61537> <pcomp> <accomp>]

    Apr 13 21:35:12 bird7g pppd[5747]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]

    Apr 13 21:35:12 bird7g pppd[5747]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xc4304f5> <pcomp> <accomp>]

    Apr 13 21:35:12 bird7g pppd[5747]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0xc4304f5> <pcomp> <accomp>]

    Apr 13 21:35:12 bird7g pppd[5747]: sent [LCP EchoReq id=0x0 magic=0xc4304f5]

    Apr 13 21:35:12 bird7g pppd[5747]: peer refused to authenticate: terminating link

    Apr 13 21:35:12 bird7g pppd[5747]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]

    Apr 13 21:35:12 bird7g pppd[5747]: rcvd [LCP EchoReq id=0x0 magic=0x1af61537]

    Apr 13 21:35:12 bird7g pppd[5747]: rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

    Apr 13 21:35:12 bird7g pppd[5747]: Discarded non-LCP packet when LCP not open

    Apr 13 21:35:12 bird7g pppd[5747]: rcvd [IPV6CP ConfReq id=0x1 <addr fe80::09cb:4816:cea2:1f32>]

    Apr 13 21:35:12 bird7g pppd[5747]: Discarded non-LCP packet when LCP not open

    Apr 13 21:35:12 bird7g pppd[5747]: rcvd [LCP EchoRep id=0x0 magic=0x1af61537]

    Apr 13 21:35:12 bird7g pppd[5747]: rcvd [LCP TermAck id=0x3]

    Apr 13 21:35:12 bird7g pppd[5747]: Connection terminated.

    Apr 13 21:35:12 bird7g pppd[5747]: Exit.

    Apr 13 21:35:12 bird7g xl2tpd[5105]: child_handler : pppd exited for call 16222 with code 11

    Apr 13 21:35:12 bird7g xl2tpd[5105]: call_close: Call 52242 to 10.0.0.1 disconnected

    Apr 13 21:35:12 bird7g xl2tpd[5105]: result_code_avp: result code out of range (768 52242 14).  Ignoring.

    Apr 13 21:35:12 bird7g xl2tpd[5105]: control_finish: Connection closed to 10.0.0.1, serial 1 ()

    Apr 13 21:35:12 bird7g xl2tpd[5105]: Untrustingly terminating pppd: sending KILL signal to pid 5747

    Apr 13 21:35:12 bird7g xl2tpd[5105]: pppd 5747 successfully terminated

    Apr 13 21:35:12 bird7g xl2tpd[5105]: result_code_avp: result code out of range (256 52242 14).  Ignoring.

    Apr 13 21:35:12 bird7g xl2tpd[5105]: control_finish: Peer tried to disconnect without specifying result code.

    Apr 13 21:36:17 bird7g xl2tpd[5105]: Maximum retries exceeded for tunnel 52933.  Closing.

    Apr 13 21:36:17 bird7g xl2tpd[5105]: Connection 52 closed to 10.0.0.1, port 53867 (Timeout)

    Apr 13 21:36:22 bird7g xl2tpd[5105]: Unable to deliver closing message for tunnel 52933. Destroying anyway.

     

    ==========================

     

    Now here is the same contents from a successful connection from my iPhone 3G running iOS 4.2.1

     

     

    Apr 13 22:05:40 bird7g xl2tpd[5097]: Connection established to 10.0.0.1, 56152.  Local: 39072, Remote: 2 (ref=0/0).  LNS session is 'default'

    Apr 13 22:05:40 bird7g xl2tpd[5097]: start_pppd: I'm running:

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "/usr/sbin/pppd"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "passive"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "-detach"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "192.168.0.231:192.168.0.232"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "refuse-pap"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "refuse-chap"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "auth"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "name"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "l2tp.bird.loc"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "debug"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "file"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "/etc/ppp/options.xl2tpd"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: "/dev/pts/0"

    Apr 13 22:05:40 bird7g xl2tpd[5097]: Call established with 10.0.0.1, Local: 22648, Remote: 61, Serial: 1

    Apr 13 22:05:40 bird7g kernel: [93761.076928] PPP generic driver version 2.4.2

    Apr 13 22:05:40 bird7g pppd[5678]: pppd 2.4.4 started by root, uid 0

    Apr 13 22:05:40 bird7g pppd[5678]: using channel 1

    Apr 13 22:05:40 bird7g pppd[5678]: Using interface ppp0

    Apr 13 22:05:40 bird7g pppd[5678]: Connect: ppp0 <--> /dev/pts/0

    Apr 13 22:05:40 bird7g pppd[5678]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x551629a9> <pcomp> <accomp>]

    Apr 13 22:05:40 bird7g pppd[5678]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4a580d09> <pcomp> <accomp>]

    Apr 13 22:05:40 bird7g pppd[5678]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4a580d09> <pcomp> <accomp>]

    Apr 13 22:05:40 bird7g pppd[5678]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x551629a9> <pcomp> <accomp>]

    Apr 13 22:05:40 bird7g pppd[5678]: sent [LCP EchoReq id=0x0 magic=0x551629a9]

    Apr 13 22:05:40 bird7g pppd[5678]: sent [CHAP Challenge id=0x62 <9449b216763c4485c85e9f0a7e05b234>, name = "l2tpd"]

    Apr 13 22:05:41 bird7g pppd[5678]: rcvd [LCP EchoReq id=0x0 magic=0x4a580d09]

    Apr 13 22:05:41 bird7g pppd[5678]: sent [LCP EchoRep id=0x0 magic=0x551629a9]

    Apr 13 22:05:41 bird7g pppd[5678]: rcvd [LCP EchoRep id=0x0 magic=0x4a580d09]

    Apr 13 22:05:41 bird7g pppd[5678]: rcvd [CHAP Response id=0x62 <faab283c9f921dae2de2bc548fafbc820000000000000000d0b189ac301aa5e6c556da29d535f2 0ef33235f0e376ea7100>, name = "monkey"]

    Apr 13 22:05:41 bird7g pppd[5678]: sent [CHAP Success id=0x62 "S=7A82ADF1AF44F86969796F2E4468EC12DF93BAC5 M=Access granted"]

    Apr 13 22:05:41 bird7g kernel: [93761.872923] PPP BSD Compression module registered

    Apr 13 22:05:41 bird7g kernel: [93761.903465] PPP Deflate Compression module registered

    Apr 13 22:05:41 bird7g pppd[5678]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]

    Apr 13 22:05:41 bird7g pppd[5678]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.0.231>]

    Apr 13 22:05:41 bird7g pppd[5678]: rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

    Apr 13 22:05:41 bird7g pppd[5678]: sent [IPCP ConfNak id=0x1 <addr 192.168.0.232> <ms-dns1 192.168.0.112> <ms-dns3 192.168.0.112>]

    Apr 13 22:05:41 bird7g pppd[5678]: rcvd [IPV6CP ConfReq id=0x1 <addr fe80::2560:3129:71c3:9422>]

    Apr 13 22:05:41 bird7g pppd[5678]: Unsupported protocol 'IPv6 Control Protovol' (0x8057) received

    Apr 13 22:05:41 bird7g pppd[5678]: sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 25 60 31 29 71 c3 94 22]

    Apr 13 22:05:41 bird7g pppd[5678]: rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]

    Apr 13 22:05:41 bird7g pppd[5678]: Protocol-Reject for 'Compression Control Protocol' (0x80fd) received

    Apr 13 22:05:41 bird7g pppd[5678]: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]

    Apr 13 22:05:41 bird7g pppd[5678]: sent [IPCP ConfReq id=0x2 <addr 192.168.0.231>]

    Apr 13 22:05:41 bird7g pppd[5678]: rcvd [IPCP ConfReq id=0x2 <addr 192.168.0.232> <ms-dns1 192.168.0.112> <ms-dns3 192.168.0.112>]

    Apr 13 22:05:41 bird7g pppd[5678]: sent [IPCP ConfAck id=0x2 <addr 192.168.0.232> <ms-dns1 192.168.0.112> <ms-dns3 192.168.0.112>]

    Apr 13 22:05:41 bird7g pppd[5678]: rcvd [IPCP ConfAck id=0x2 <addr 192.168.0.231>]

    Apr 13 22:05:41 bird7g pppd[5678]: found interface eth1 for proxy arp

    Apr 13 22:05:41 bird7g pppd[5678]: local  IP address 192.168.0.231

    Apr 13 22:05:41 bird7g pppd[5678]: remote IP address 192.168.0.232

    Apr 13 22:05:41 bird7g pppd[5678]: Script /etc/ppp/ip-up started (pid 5708)

    Apr 13 22:05:41 bird7g pppd[5678]: Script /etc/ppp/ip-up finished (pid 5708), status = 0x0

     

    ==========================

     

    Not sure if there are any clues in there or not.

     

    One last thing ... here is the message I see on my iPhone 4S when the VPN fails:

     

    VPN Fail.jpg

     

    Apollo

  • 5. Re: VPN L2TP issue
    dinne Level 1 Level 1 (0 points)

    That's great!

    Following lines are the key ones:

     

    iOS 5.1 rejects to authenticate ("ConfRej" ... "auth chap MS-v2")

    Apr 13 21:35:12 bird7g pppd[5747]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]

     

     

    iOS 4.2.1 accepts to authenticate ("ConfAck" ... "auth chap MS-v2")

    Apr 13 22:05:40 bird7g pppd[5678]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x551629a9> <pcomp> <accomp>]

     

     

    That really helps me as I do not have a 4.2.1 iPhone at hand. If all other configuration is identical at your side, then this reveals a problem in iOS 5.x (I currently run 5.0.1 on iPhone 4).

     

    I hope, Apple reads this and provides a fix in one of the next iOS updates.

     

    PS: for me running a Draytek router with ipsec server, it helped to disable the "inner authentication" by adding a "noauth" line to /etc/ppp/options.pptp (the pptp configuration file)

  • 6. Re: VPN L2TP issue
    apollo777 Level 1 Level 1 (0 points)

    Just to complete the picture, here is what my L2TP setup looks like on my iPhone 4S (it's identical on the iPhone 3G). Three years ago when I was trying to get this working, I needed to see a screenshot just like this one, but I just couldn't find what the iPhone configuration was supposed to look like. I got it finally just by trial and error. Oh and in case anyone is trying to connect to my VPN, I changed the Server name and Account name (don't waste your time).

     

    photo.PNG

  • 7. Re: VPN L2TP issue
    apollo777 Level 1 Level 1 (0 points)

    Ok, this is REALLY bizarre. You're not going to like this. In addition to my 3G and 4S, I also have an iPhone 4. It also runs iOS 5.1 . I thought, hmmm, let's see if the 4 will connect to my server. Much to my surprise, it connects just fine. I don't get what is going on here. There is a slight difference in the version. The iPhone 4 runs iOS 5.1 (9B176). The iPhone 4S runs iOS 5.1 (9B179). I'm going to assume that version difference is just related to different hardware requiring a slightly different version (... maybe?). I suppose I might also have upgraded the two phones at different times and the version had changed. Still, I'd be surprised if the VPN code is different between the two versions.

     

    Dinne, why don't you try upgrading your iPhone 4 to iOS 5.1 . In theory, that would make your iPhone 4 the same as mine. Maybe that would solve your problem.

  • 8. Re: VPN L2TP issue
    dinne Level 1 Level 1 (0 points)

    Apollo, I run untehered jailbreaked on 5.0.1, this is why I cannot upgrade as of now.

     

    BUT: I own an iPad 3/3G that runs on 5.1 (9B176) and that has exact the same issue. This is why I don't think the problem is limited to 5.0.1

  • 9. Re: VPN L2TP issue
    apollo777 Level 1 Level 1 (0 points)

    Actually, this is making some sense. I was running an untethered JB on my iPhone 4 with iOS5.0.1 when I first noticed the VPN not working on the iPhone 4. Same thing on the iPhone 4S -- iOS 5.01 with a JB -- VPN not working. At some point right after iOS 5.1 was released, I decided to drop the JB and upgrade to iOS 5.1 on both the 4 and the 4S. The 4S became my main phone and the 4 is now just kind of kicking around as an extra "iPod touch" essentially (it doesn't have a working SIM card). Yesterday was the first time I tried the VPN on the iPhone 4 since upgrading it to iOS 5.1.

     

    Clear as mud?

     

    Summary:

     

    iPhone 3G, iOS 4.2.1 : VPN works!

    iPhone 4, iOS 5.0.1 (with JB): VPN broken

    iPhone 4, iOS 5.1 (no JB): VPN works!

    iPhone 4S: iOS 5.0.1 (with JB): VPN broken

    iPhone 4S: iOS 5.1 (no JB): VPN broken

     

    In all cases above I am connecting to the same server and the iPhone L2TP configurations are identical. There are no typos in the password or secret (I have re-entered them very carefully multiple times -- they are correct and identical on all 3 phones).

     

    I get it that you don't want to upgrade to iOS 5.1 until a good untethered JB is ready (last time I checked it wasn't). For me, Apple has addressed some of my reasons for jailbreaking. The personal hotspot was a huge one for me. Prior to that I used MyWi for this. I do miss a few JB apps. For example, My3G is a great app that allows you to override restrictions on 3G data. I used to do FaceTime over 3G regularly. Now I can't.

     

    Apollo

  • 10. Re: VPN L2TP issue
    apollo777 Level 1 Level 1 (0 points)

    I just tried my daughter's iPod touch (4th generation). It runs iOS 5.1. It connects to my VPN server without any problems.

     

    New Summary:

     

    iPhone 3G, iOS 4.2.1 (with and without JB) : VPN works!

    iPhone 4, iOS 5.0.1 (with JB): VPN broken

    iPhone 4, iOS 5.1 (no JB): VPN works!

    iPhone 4S: iOS 5.0.1 (with JB): VPN broken

    iPhone 4S: iOS 5.1 (no JB): VPN broken

    iPod Touch (4th G): iOS 5.1 (no JB): VPN works!

     

    So, I don't know what to make of that. I'm probably just going to wait it out until another iOS update and hope this issue is resolved.

  • 11. Re: VPN L2TP issue
    apollo777 Level 1 Level 1 (0 points)

    Problem solved!

     

    The VPN configuration on my 4S was originally set up on either my 4 or 3G. When I initially set up my iPhone 4S I simply did a restore from my most recent iPhone 4 backup. All the apps, contacts, settings, etc were carried over from the 4 to the 4S. It crossed my mind today that there might have been something incompatible with the settings that got carried over from the 4 to the 4S.

     

    Anyway, whatever the cause, I simply decided to delete the VPN configuration on my 4S and re-enter it from scratch. Now it works. Easy.

     

    Dinne, there's no guarantee this will solve your situation also, but give it a try and let me know what happens.

     

    Apollo