Stourview
Level 1 (5 points)
Mac OS X

Q: Server 5.2 - PPTP has disappeared

I just updated to server 5.2 on El Capitan and have discovered PPTP clients can no longer log in. PPTP configuration on the server has disappeared!

 

How can I re-enable PPTP server or how can I revert to the last version of Server App?

 

I have some clients that are unable to connect with L2TP as they don't have the shared secret. I need PPTP!

 

Help!

 

Dave S

Mac mini (Late 2009), Mac OS X (10.6.8), OS X Server 10.6.8

Posted on Oct 5, 2016 2:46 PM

Close
Stourview

Q: Server 5.2 - PPTP has disappeared

  • All replies
  • Helpful answers

  • by John Lockwood,

    John Lockwood John Lockwood Oct 6, 2016 5:22 AM in response to Stourview
    Level 6 (9,384 points)
    Servers Enterprise
    Oct 6, 2016 5:22 AM in response to Stourview

    PPTP is very old and has known security weaknesses. Apple have quite rightly killed it off. You can think of PPTP as being so weak security wise as to be equivalent to the ancient WiFi encryption scheme called WEP which also no-one should be using these days.

     

    Server.app 5.2 is the oldest version that will run under macOS Sierra. If you want to run an older version you must first downgrade to El Capitan.

     

    Even L2TP is known to also have security weaknesses although not as bad as PPTP. I suggest you configure L2TP in Server.app if it is not already done so - including setting a Pre-Shared-Key and tell your users the appropriate settings.

     

    Note: You can use Profile Manager to push settings out to users.

     

    Frankly I personally regard Apple's VPN server as a bit of a joke and not fit for business use - only home use. I setup a Linux based Cisco IPSec compatible VPN server with security certificates and VPN on Demand and routing all traffic via the VPN which is far more secure. The built-in Mac VPN client can still connect to this Linux VPN server.

  • by Stourview,

    Stourview Stourview Oct 6, 2016 6:02 AM in response to John Lockwood
    Level 1 (5 points)
    Mac OS X
    Oct 6, 2016 6:02 AM in response to John Lockwood

    I understand the security benefits of L2TP/IPSec and that PPTP is weaker but I would like to continue to support it for now.

     

    Sadly I have some clients on windows that find L2TP unreliable (its fine from Macs) and so have fallen back to PPTP which always works (worked!). I also have some routers which have no L2TP/IPSec settings to configure, for them PPTP is (was) the only option.

     

    I am still on El Capitan so Server 5.1.7 is fine. I stupidly updated to 5.2!

     

    I have reverted back to 5.1.7 and I have controls back in server for PPTP in VPN section but running 5.2 obviously changed something under the surface that 5.1.7 can't undo. PPTP connections bounce off, rejected immediately, like the port (1723) was closed, but its not. Not sure what 5.2 changed but I need to put it back!

     

    Dave S

  • by RiotMac,

    RiotMac RiotMac Oct 18, 2016 10:00 PM in response to Stourview
    Level 1 (4 points)
    Servers Enterprise
    Oct 18, 2016 10:00 PM in response to Stourview

    Have you made any progress on PPTP problem with Server app 5.2? I updated and forgot I had one user that has to use PPTP because he is running windows 10 home. Apparently PPTP is just depreciated in 5.2 and you can still configure it via the command line. I have enabled PPTP, but still cannot connect from Windows 10.

  • by fra83cas,

    fra83cas fra83cas Oct 18, 2016 10:56 PM in response to Stourview
    Level 1 (16 points)
    Servers Enterprise
    Oct 18, 2016 10:56 PM in response to Stourview

    Same problem here.

    I have a QNAP that can not connect as L2TP client but even if I enable on server PPTP via command line (sudo serveradmin settings vpn...) still not work. neither in LAN.

     

    Thanks.