Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: W. McHargue
W. McHargue Author
User level: Level 1
24 points

L2TP VPN Error: "MPPE required but peer negotiation failed"

Clean Leopard Server install. Fairly clean Leopard client, too. Tried to setup an L2TP VPN service, and connect to it from the client machine, and I get this in the client's log:

11/6/07 2007-11-06 T 20:23:52 (PST) pppd[374] IPSec connection established
11/6/07 2007-11-06 T 20:23:52 (PST) pppd[374] L2TP connection established.
11/6/07 2007-11-06 T 20:23:52 (PST) pppd[374] Connect: ppp0 <--> socket[34:18]
11/6/07 2007-11-06 T 20:23:53 (PST) pppd[374] MPPE required but peer negotiation failed
11/6/07 2007-11-06 T 20:23:53 (PST) pppd[374] Connection terminated.

As far as I can tell from searching the web, MPPE should not even be involved (but I really don't know the protocol). If I setup a PPTP VPN on the same pair of machines all is well.

I really think this is a bug in either Leopard or Leopard Server. Anyone else bumping into this wall?


regards,

Bill.

Mac OS X (10.5)

Posted on Nov 6, 2007 8:35 PM

Reply
26 replies
User profile for user: Noam
Noam
User level: Level 1
4 points

Nov 10, 2007 2:18 PM in response to W. McHargue

Same problem here, but via PPTP:

Sat Nov 10 14:14:08 2007 : PPTP connection established.
Sat Nov 10 14:14:08 2007 : Using interface ppp0
Sat Nov 10 14:14:08 2007 : Connect: ppp0 <--> socket[34:17]
Sat Nov 10 14:14:11 2007 : LCP terminated by peer (MPPE required but not available)
Sat Nov 10 14:14:11 2007 : Connection terminated.
Sat Nov 10 14:14:11 2007 : PPTP disconnecting...
Sat Nov 10 14:14:11 2007 : PPTP disconnected
Reply
User profile for user: Noam
Noam
User level: Level 1
4 points

Nov 10, 2007 2:25 PM in response to W. McHargue

The log excerpt I posted above was from a 10.4.10 client. Here's one from a 10.5 client:


Sat Nov 10 14:21:17 2007 : PPTP connection established.
Sat Nov 10 14:21:17 2007 : using link 0
Sat Nov 10 14:21:17 2007 : Using interface ppp0
Sat Nov 10 14:21:17 2007 : Connect: ppp0 <--> socket[34:17]
Sat Nov 10 14:21:17 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xfac2d9f7> <pcomp> <accomp>]
Sat Nov 10 14:21:17 2007 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xfac2d9f7> <pcomp> <accomp>]
Sat Nov 10 14:21:20 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xfac2d9f7> <pcomp> <accomp>]
Sat Nov 10 14:21:20 2007 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xd1dbe09d> <pcomp> <accomp>]
Sat Nov 10 14:21:20 2007 : lcp_reqci: returning CONFACK.
Sat Nov 10 14:21:20 2007 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xd1dbe09d> <pcomp> <accomp>]
Sat Nov 10 14:21:20 2007 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xfac2d9f7> <pcomp> <accomp>]
Sat Nov 10 14:21:20 2007 : sent [LCP EchoReq id=0x0 magic=0xfac2d9f7]
Sat Nov 10 14:21:21 2007 : rcvd [CHAP Challenge id=0xf9 <5d9afe09cb408337b32ea83cc0efa39d>, name = "server address"]
Sat Nov 10 14:21:21 2007 : sent [CHAP Response id=0xf9 <d1f28b1e24b1202e4579d56216cf418f00000000000000002c862b990f218657281399f9638a5e f50b36ff394eeeb68c00>, name = "name"]
Sat Nov 10 14:21:21 2007 : rcvd [LCP EchoRep id=0x0 magic=0xd1dbe09d]
Sat Nov 10 14:21:21 2007 : rcvd [CHAP Success id=0xf9 "S=1247DA51914932A4510EE99CF2CA17362DDA0AB4 M=Access granted"]
Sat Nov 10 14:21:21 2007 : sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
Sat Nov 10 14:21:24 2007 : sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
Sat Nov 10 14:21:25 2007 : rcvd [LCP TermReq id=0x3 "MPPE required but not available"]
Sat Nov 10 14:21:25 2007 : LCP terminated by peer (MPPE required but not available)
Reply
User profile for user: jalb
jalb
User level: Level 1
0 points

Nov 12, 2007 8:19 AM in response to W. McHargue

Same error here, this is the log excerpt from a 10.5 Server, the 10.4 clients can connect flawlessly but the 10.5 clients get "Could not negociate a conection with the remote PPP server".


2007-11-12 11:05:54 EST Incoming call... Address given to client = 192.168.0.183
Mon Nov 12 11:05:54 2007 : Directory Services Authentication plugin initialized
Mon Nov 12 11:05:54 2007 : Directory Services Authorization plugin initialized
Mon Nov 12 11:05:54 2007 : L2TP incoming call in progress from '74.56.208.75'...
Mon Nov 12 11:05:54 2007 : L2TP received SCCRQ
Mon Nov 12 11:05:54 2007 : L2TP sent SCCRP
Mon Nov 12 11:05:54 2007 : L2TP received SCCCN
Mon Nov 12 11:05:54 2007 : L2TP received ICRQ
Mon Nov 12 11:05:54 2007 : L2TP sent ICRP
Mon Nov 12 11:05:54 2007 : L2TP received ICCN
Mon Nov 12 11:05:54 2007 : L2TP connection established.
Mon Nov 12 11:05:54 2007 : using link 1
Mon Nov 12 11:05:54 2007 : Using interface ppp1
Mon Nov 12 11:05:54 2007 : Connect: ppp1 <--> socket[34:18]
Mon Nov 12 11:05:54 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x1351a441> <pcomp> <accomp>]
Mon Nov 12 11:05:54 2007 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xb1bff63f> <pcomp> <accomp>]
Mon Nov 12 11:05:54 2007 : lcp_reqci: returning CONFACK.
Mon Nov 12 11:05:54 2007 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xb1bff63f> <pcomp> <accomp>]
Mon Nov 12 11:05:54 2007 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x1351a441> <pcomp> <accomp>]
Mon Nov 12 11:05:54 2007 : sent [LCP EchoReq id=0x0 magic=0x1351a441]
Mon Nov 12 11:05:54 2007 : sent [CHAP Challenge id=0x39 <7dc5e7b04fe03be6bb998ac58c0d5347>, name = "matix.private"]
Mon Nov 12 11:05:54 2007 : rcvd [LCP EchoReq id=0x0 magic=0xb1bff63f]
Mon Nov 12 11:05:54 2007 : sent [LCP EchoRep id=0x0 magic=0x1351a441]
Mon Nov 12 11:05:54 2007 : rcvd [LCP EchoRep id=0x0 magic=0xb1bff63f]
Mon Nov 12 11:05:54 2007 : rcvd [CHAP Response id=0x39 <a41ff886f553abc7e312a7fe50548fd00000000000000000d6a1d20794d48ab9afe33cb3460f0f 43c9e806066848f19d00>, name = "jalb"]
Mon Nov 12 11:05:54 2007 : sent [CHAP Success id=0x39 "S=271F84561DD67FE6962A3787F16F2587F174FDC1 M=Access granted"]
Mon Nov 12 11:05:54 2007 : CHAP peer authentication succeeded for jalb
Mon Nov 12 11:05:54 2007 : DSAccessControl plugin: User 'jalb' authorized for access
Mon Nov 12 11:05:54 2007 : sent [IPCP ConfReq id=0x1 <addr 192.168.0.110>]
Mon Nov 12 11:05:54 2007 : sent [ACSCP] 01 01 00 04
Mon Nov 12 11:05:54 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
Mon Nov 12 11:05:54 2007 : Unsupported protocol 'Compression Control Protocol' (0x80fd) received
Mon Nov 12 11:05:54 2007 : sent [LCP ProtRej id=0x2 80 fd 01 01 00 0a 12 06 01 00 00 60]
Mon Nov 12 11:05:54 2007 : rcvd [IPCP TermAck id=0x1]
Mon Nov 12 11:05:54 2007 : rcvd [ACSCP] 06 01 00 04
Mon Nov 12 11:05:54 2007 : rcvd [LCP TermReq id=0x2 "MPPE required but peer negotiation failed"]
Mon Nov 12 11:05:54 2007 : LCP terminated by peer (MPPE required but peer negotiation failed)
Mon Nov 12 11:05:54 2007 : sent [LCP TermAck id=0x2]
Mon Nov 12 11:05:54 2007 : L2TP received CDN
Mon Nov 12 11:05:54 2007 : Connection terminated.
Mon Nov 12 11:05:54 2007 : Connect time 0.0 minutes.
Mon Nov 12 11:05:54 2007 : Sent 0 bytes, received 0 bytes.
Mon Nov 12 11:05:54 2007 : L2TP disconnecting...
Mon Nov 12 11:05:54 2007 : L2TP sent CDN
Mon Nov 12 11:05:54 2007 : L2TP sent StopCCN
Mon Nov 12 11:05:54 2007 : L2TP disconnected
2007-11-12 11:05:54 EST --> Client with address = 192.168.0.183 has hungup
Mon Nov 12 11:10:19 2007 : rcvd [LCP TermReq id=0x2 "Peer not responding"]
Mon Nov 12 11:10:19 2007 : LCP terminated by peer (Peer not responding)
Mon Nov 12 11:10:19 2007 : ipcp: down
Mon Nov 12 11:10:19 2007 : sent [LCP TermAck id=0x2]
Mon Nov 12 11:10:22 2007 : rcvd [LCP TermReq id=0x3 "Peer not responding"]
Mon Nov 12 11:10:22 2007 : sent [LCP TermAck id=0x3]
Mon Nov 12 11:10:22 2007 : Connection terminated.
Mon Nov 12 11:10:22 2007 : Connect time 9.4 minutes.
Mon Nov 12 11:10:22 2007 : Sent 13988109 bytes, received 169539 bytes.
Mon Nov 12 11:10:22 2007 : L2TP disconnecting...
Mon Nov 12 11:10:22 2007 : L2TP disconnected
2007-11-12 11:10:22 EST --> Client with address = 192.168.0.181 has hungup
Reply
User profile for user: Komakino
Komakino
User level: Level 1
5 points

Nov 26, 2007 8:53 PM in response to W. McHargue

Same problem here, Mac OS X 10.5.1 attempting to connect to Mac OS X 10.4.11 Server using L2TP over IPSec. Mac OS X 10.4.x clients continue to connect normally. Here is the client log:

Nov 26 20:21:01 pppd[27503]: L2TP connecting to server '<hostname of server>' (<IP Address of server>)...
Nov 26 20:21:04 pppd[27503]: IPSec connection started
Nov 26 20:21:05 MBP pppd[27503]: IPSec connection established
Nov 26 20:21:07 MBP pppd[27503]: L2TP connection established.
Nov 26 20:21:07 MBP pppd[27503]: Connect: ppp0 <--> socket[34:18]
Nov 26 20:21:07 MBP pppd[27503]: MPPE required, but kernel has no support.
Nov 26 20:21:08 MBP pppd[27503]: Connection terminated.
Nov 26 20:21:08 MBP pppd[27503]: L2TP disconnecting...
Reply
User profile for user: mriedel
mriedel
User level: Level 1
0 points

Dec 2, 2007 2:53 PM in response to W. McHargue

I have the exact same problem. Hopefully Apple will fix this soon. I'm trying to connect to a Linux Box with OpenSwan and L2tpd.

My Logs:

Leopard:
Dec 2 14:43:44 MRiedel-PB-G4 pppd[18603]: L2TP connecting to server XXXXXXXX...
Dec 2 14:43:47 MRiedel-PB-G4 pppd[18603]: IPSec connection started
Dec 2 14:43:48 MRiedel-PB-G4 pppd[18603]: IPSec connection established
Dec 2 14:43:51 MRiedel-PB-G4 pppd[18603]: L2TP connection established.
Dec 2 14:43:51 MRiedel-PB-G4 pppd[18603]: Connect: ppp0 <--> socket[34:18]
Dec 2 14:43:51 MRiedel-PB-G4 pppd[18603]: MPPE required but peer negotiation failed
Dec 2 14:43:52 MRiedel-PB-G4 pppd[18603]: Connection terminated.
Dec 2 14:43:52 MRiedel-PB-G4 pppd[18603]: L2TP disconnecting...
Dec 2 14:43:52 MRiedel-PB-G4 pppd[18603]: L2TP disconnected

And on the Linux Box:
Dec 2 23:43:47 bt-server pluto[2941]: "L2TP-PSK"[9] 63.231.xxx.xxx #16: STATE QUICKR2: IPsec SA established {ESP=>0x09c22235 <0x8522bdef xfrm=AES 128-HMACSHA1 NATD=63.231.52.188:4500 DPD=none}
Dec 2 23:43:49 bt-server l2tpd[6376]: control_finish: Peer requested tunnel 8 twice, ignoring second one.
Dec 2 23:43:49 bt-server l2tpd[6376]: Connection established to 63.231.xxx.xxx, 56177. Local: 51805, Remote: 8. LNS session is 'default'
Dec 2 23:43:49 bt-server l2tpd[6376]: Call established with 63.231.xxx.xxx, Local: 56732, Remote: 18603, Serial: 1
Dec 2 23:43:49 bt-server pppd[7541]: pppd 2.4.3 started by root, uid 0
Dec 2 23:43:49 bt-server pppd[7541]: using channel 2105
Dec 2 23:43:49 bt-server pppd[7541]: Using interface ppp2
Dec 2 23:43:49 bt-server pppd[7541]: Connect: ppp2 <--> /dev/pts/4
Dec 2 23:43:49 bt-server pppd[7541]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6d3895f7> <pcomp> <accomp>]
Dec 2 23:43:49 bt-server pppd[7541]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4d928d7a> <pcomp> <accomp>]
Dec 2 23:43:49 bt-server pppd[7541]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4d928d7a> <pcomp> <accomp>]
Dec 2 23:43:49 bt-server pppd[7541]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x6d3895f7> <pcomp> <accomp>]
Dec 2 23:43:49 bt-server pppd[7541]: sent [LCP EchoReq id=0x0 magic=0x6d3895f7]
Dec 2 23:43:49 bt-server pppd[7541]: sent [CHAP Challenge id=0x12 <4885f2c708e0dbd85a3cf7cf60ed6b24>, name = "IPsecVPN"]
Dec 2 23:43:50 bt-server pppd[7541]: rcvd [LCP EchoReq id=0x0 magic=0x4d928d7a]
Dec 2 23:43:50 bt-server pppd[7541]: sent [LCP EchoRep id=0x0 magic=0x6d3895f7]
Dec 2 23:43:50 bt-server pppd[7541]: rcvd [LCP EchoRep id=0x0 magic=0x4d928d7a]
Dec 2 23:43:50 bt-server pppd[7541]: rcvd [CHAP Response id=0x12 <c574d7703411572a98de35e99f3d81ad00000000000000000b4906c55495f2727310659600c5c1 405145b06079ad9fbe00>, name = "xxx"]
Dec 2 23:43:50 bt-server pppd[7541]: sent [CHAP Success id=0x12 "S=2C78FC23BCE0D753988BB8A6AA9EB3EB22326318 M=Access granted"]
Dec 2 23:43:50 bt-server pppd[7541]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
Dec 2 23:43:50 bt-server pppd[7541]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.184.2>]
Dec 2 23:43:50 bt-server pppd[7541]: rcvd [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
Dec 2 23:43:50 bt-server pppd[7541]: sent [CCP ConfRej id=0x1 <mppe +H -M +S +L -D -C>]
Dec 2 23:43:50 bt-server pppd[7541]: rcvd [LCP TermReq id=0x2 "MPPE required but peer negotiation failed"]
Dec 2 23:43:50 bt-server pppd[7541]: LCP terminated by peer (MPPE required but peer negotiation failed)
Dec 2 23:43:50 bt-server pppd[7541]: sent [LCP TermAck id=0x2]
Dec 2 23:43:50 bt-server pppd[7541]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
Dec 2 23:43:50 bt-server pppd[7541]: Discarded non-LCP packet when LCP not open
Dec 2 23:43:50 bt-server l2tpd[6376]: control_finish: Connection closed to 63.231.xxx.xxx, serial 1 ()
Dec 2 23:43:50 bt-server pppd[7541]: Terminating on signal 15
Dec 2 23:43:50 bt-server pppd[7541]: Modem hangup
Dec 2 23:43:50 bt-server pppd[7541]: Connection terminated.
Dec 2 23:43:50 bt-server pppd[7541]: Connect time 0.1 minutes.
Dec 2 23:43:50 bt-server pppd[7541]: Sent 41 bytes, received 10 bytes.
Dec 2 23:43:50 bt-server pppd[7541]: Exit.

Even if I force MPPE on the linux side, I get the same error. Please fix!

Regards
Reply
User profile for user: mriedel
mriedel
User level: Level 1
0 points

Dec 2, 2007 11:56 PM in response to Leif Carlsson

Thanks for the URL! I did use this website a lot while setting up the server last year. I didn't have any problems with Tiger, so I don't think that my Linux Server is the problem. And to cite:

+Oct 30, 2007: First tests with Mac OS X 10.5 (Leopard) are inconclusive: some users report success, others had problems.+

Apparently I am one of those having problems... The problem can be described pretty straightforward. Ipsec connection gets established fine. L2tpd envokes pppd fine. Authentication succeeds. But no matter what encryption or compression the server proposes (tried some..), Leopard always replies with the same error...

Martin
Reply
User profile for user: Robert Goeres
Robert Goeres
User level: Level 1
129 points

Dec 20, 2007 7:51 AM in response to W. McHargue

So i followed the different steps in the discussions but still VPN no longer work through the network.

Can make a VPN connection (as welle PPTP as L2TP) form:
10.4.11 client -> 10.4.11 server OK
10.4.11 client -> 10.5.1 server NO
10.5.1 client -> 10.4.11 server NO
10.5.1 client -> 10.4.11 server OK on local network with no router
10.5.1 client -> 10.5.1 server NO

this is the log I have on the 10.5.1 server

Thu Dec 20 16:29:33 2007 : CHAP peer authentication succeeded for TestUser
Thu Dec 20 16:29:33 2007 : DSAccessControl plugin: User 'TestUser' authorized for access
Thu Dec 20 16:29:33 2007 : MPPE required, but keys are not available. Possible plugin problem?
Thu Dec 20 16:29:33 2007 : sent [LCP TermReq id=0x2 "MPPE required but not available"]
Reply
User profile for user: SpaceBass
SpaceBass
User level: Level 2
420 points

Dec 26, 2007 6:23 PM in response to W. McHargue

Just adding to the list of frustrated people...
I cannot say that my MPPE error coincided with any updates (perhaps it did) but I've spent a VERY frustrating 2 days fighting this thing.

I have two 10.5.1 clients with my, trying to connected to a 10.4 OS X Server l2tp endpoint.

One works perfectly (my wife's, predictably), mine has connected a few times, but 95% of the time it fails with the MPPE error. Its clearly a client thing as the VPNd logs show that the client is requesting it.

I would think there has to be a way to disable the requirement.

What I cannot understand is why two identical macbooks have different results
Reply

L2TP VPN Error: "MPPE required but peer negotiation failed"

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up