L2TP VPN and MPPE required but peer negotiation failed

Question

Level 1

0 points

L2TP VPN and MPPE required but peer negotiation failed

I have setup a VPN using L2TP and am not able to get fully connected. The authentication all seems fine, but I'm getting this MPPE error and have not been able to figure out how to disable MPPE/fix the problem. PPTP is not an option right now so please don't offer solutions for PPTP! I have scoured the web and these forums, my issue is not related to PPTP issues. That being said, I do appreciate any ideas. : )

Here is the full connection sequence form the VPN logs:

2007-12-13 02:59:35 EST Incoming call... Address given to client = 192.168.0.160
Thu Dec 13 02:59:36 2007 : Directory Services Authentication plugin initialized
Thu Dec 13 02:59:36 2007 : Directory Services Authorization plugin initialized
Thu Dec 13 02:59:36 2007 : L2TP incoming call in progress from '216.80.121.166'...
Thu Dec 13 02:59:36 2007 : L2TP received SCCRQ
Thu Dec 13 02:59:36 2007 : L2TP sent SCCRP
Thu Dec 13 02:59:36 2007 : L2TP received SCCCN
Thu Dec 13 02:59:36 2007 : L2TP received ICRQ
Thu Dec 13 02:59:36 2007 : L2TP sent ICRP
Thu Dec 13 02:59:36 2007 : L2TP received ICCN
Thu Dec 13 02:59:36 2007 : L2TP connection established.
Thu Dec 13 02:59:36 2007 : using link 0
Thu Dec 13 02:59:36 2007 : Using interface ppp0
Thu Dec 13 02:59:36 2007 : Connect: ppp0 <--> socket[34:18]
Thu Dec 13 02:59:36 2007 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x86d47f36> <pcomp> <accomp>]
Thu Dec 13 02:59:36 2007 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xbfd5837> <pcomp> <accomp>]
Thu Dec 13 02:59:36 2007 : lcp_reqci: returning CONFACK.
Thu Dec 13 02:59:36 2007 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xbfd5837> <pcomp> <accomp>]
Thu Dec 13 02:59:36 2007 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x86d47f36> <pcomp> <accomp>]
Thu Dec 13 02:59:36 2007 : sent [LCP EchoReq id=0x0 magic=0x86d47f36]
Thu Dec 13 02:59:36 2007 : sent [CHAP Challenge id=0x49 <5a0ea77e197d35bd949c76f4efc7c425>, name = "rdu.crosscomm.net"]
Thu Dec 13 02:59:36 2007 : rcvd [LCP EchoReq id=0x0 magic=0xbfd5837]
Thu Dec 13 02:59:36 2007 : sent [LCP EchoRep id=0x0 magic=0x86d47f36]
Thu Dec 13 02:59:36 2007 : rcvd [LCP EchoRep id=0x0 magic=0xbfd5837]
Thu Dec 13 02:59:36 2007 : rcvd [CHAP Response id=0x49 <97a4b16ae95c01baf75b4ad296a79c990000000000000000ce64495a8b4818d0549587e9d50e26 9dfc9450911844d81700>, name = "carlmartens"]
Thu Dec 13 02:59:36 2007 : DSAuth plugin: Could not retrieve key agent account information.
Thu Dec 13 02:59:36 2007 : sent [CHAP Success id=0x49 "S=DAFBB496E5F3228D27045892C301CF39DE93D214 M=Access granted"]
Thu Dec 13 02:59:36 2007 : CHAP peer authentication succeeded for carlmartens
Thu Dec 13 02:59:36 2007 : DSAccessControl plugin: User 'carlmartens' authorized for access
Thu Dec 13 02:59:36 2007 : sent [IPCP ConfReq id=0x1 <addr 192.168.0.100>]
Thu Dec 13 02:59:36 2007 : sent [ACSCP] 01 01 00 04
Thu Dec 13 02:59:36 2007 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
Thu Dec 13 02:59:36 2007 : Unsupported protocol 'Compression Control Protocol' (0x80fd) received
Thu Dec 13 02:59:36 2007 : sent [LCP ProtRej id=0x2 80 fd 01 01 00 0a 12 06 01 00 00 60]
Thu Dec 13 02:59:36 2007 : rcvd [IPCP TermAck id=0x1]
Thu Dec 13 02:59:36 2007 : rcvd [ACSCP] 06 01 00 04
Thu Dec 13 02:59:36 2007 : rcvd [LCP TermReq id=0x2 "MPPE required but peer negotiation failed"]
Thu Dec 13 02:59:36 2007 : LCP terminated by peer (MPPE required but peer negotiation failed)
Thu Dec 13 02:59:36 2007 : sent [LCP TermAck id=0x2]
Thu Dec 13 02:59:36 2007 : L2TP received CDN
Thu Dec 13 02:59:36 2007 : Connection terminated.
Thu Dec 13 02:59:36 2007 : Connect time 0.0 minutes.
Thu Dec 13 02:59:36 2007 : Sent 0 bytes, received 0 bytes.
Thu Dec 13 02:59:36 2007 : L2TP disconnecting...
Thu Dec 13 02:59:36 2007 : L2TP sent CDN
Thu Dec 13 02:59:36 2007 : L2TP sent StopCCN
Thu Dec 13 02:59:36 2007 : L2TP disconnected
2007-12-13 02:59:36 EST --> Client with address = 192.168.0.160 has hungup

Running OSX Server 10.5.1

Mac OS X (10.5.1), OSX Server 10.5.1

Posted on Dec 13, 2007 12:16 AM

Reply

Answer 1

Sal Co

Level 1

35 points

Feb 6, 2008 10:38 AM in response to Shrift

The server is saying it doesn't support MPPE (Microsoft Point to Point Encryption).

Turn it off on your client. If you're using OS X, try turning the encryption setting in Internet Connect to "none"

Reply

Answer 2

Feb 14, 2008 1:40 AM in response to Shrift

I was bitten by the same bug.

First, try to find if it is part of a specific user setting: create another user, and set up the same VPN configuration via that user. If it works over there, you know it has to do with user settings. I found out it had to do with a specific user (me of course).

After that I started to throw away al kinds of settings related to internet connect, internet etc in my Preferences, but that did not help.

What did help, however, was weeding out my Keychain. I had heaps of IPSecShared Secret Keys and PPP keys, no of them discernible as they all had the same name. After throwing all of these away, and starting afresh, my L2TP configurations started to work.

Make sure you have our passwords and shared secrets jotted down somewhere before throwing these things away...

Reply

Answer 3

elmex

Level 1

0 points

Feb 20, 2008 11:00 AM in response to Shrift

I have a similar problem, but my VPN connection was working fine for month, since monday, it fails with a similar MPPE problem with 10.4.11
Nothing was changed on the VPN-Server side, just what i had change was to install the newest system update.

Here is the ppp log snippet from last friday:

Fri Feb 15 16:11:33 2008 : PPTP connecting to server 'THE-SERVER' (THE-IP)...
Fri Feb 15 16:11:33 2008 : PPTP connection established.
Fri Feb 15 16:11:34 2008 : using link 0
Fri Feb 15 16:11:34 2008 : Using interface ppp0
Fri Feb 15 16:11:34 2008 : Connect: ppp0 <--> socket[34:17]
Fri Feb 15 16:11:35 2008 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6d61926> <pcomp> <accomp>]
Fri Feb 15 16:11:35 2008 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x6d61926> <pcomp> <accomp>]
Fri Feb 15 16:11:36 2008 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS> <magic 0x1ce56397> <pcomp> <accomp>]
Fri Feb 15 16:11:36 2008 : lcp_reqci: returning CONFACK.
Fri Feb 15 16:11:36 2008 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS> <magic 0x1ce56397> <pcomp> <accomp>]
Fri Feb 15 16:11:36 2008 : sent [LCP EchoReq id=0x0 magic=0x6d61926]
Fri Feb 15 16:11:36 2008 : rcvd [LCP EchoReq id=0x0 magic=0x1ce56397]
Fri Feb 15 16:11:36 2008 : sent [LCP EchoRep id=0x0 magic=0x6d61926]
Fri Feb 15 16:11:36 2008 : rcvd [CHAP Challenge id=0x1 <3a7526c92869420f>, name = "Draytek"]
Fri Feb 15 16:11:36 2008 : sent [CHAP Response id=0x1 <xxxxx>, name = "Username"]
Fri Feb 15 16:11:36 2008 : rcvd [LCP EchoRep id=0x0 magic=0x1ce56397]
Fri Feb 15 16:11:36 2008 : rcvd [CHAP Success id=0x1 "Welcome to Draytek."]
Fri Feb 15 16:11:36 2008 : CHAP authentication succeeded: Welcome to Draytek.
Fri Feb 15 16:11:36 2008 : Disabling 40-bit MPPE; MS-CHAP LM not supported
Fri Feb 15 16:11:36 2008 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Fri Feb 15 16:11:36 2008 : rcvd [IPCP ConfReq id=0x1 <addr 10.6.0.1> <compress VJ 0f 01>]
Fri Feb 15 16:11:36 2008 : sent [IPCP TermAck id=0x1]
Fri Feb 15 16:11:36 2008 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
Fri Feb 15 16:11:36 2008 : sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
Fri Feb 15 16:11:36 2008 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Fri Feb 15 16:11:36 2008 : rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
Fri Feb 15 16:11:36 2008 : sent [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
Fri Feb 15 16:11:36 2008 : MPPE 128-bit stateless compression enabled
Fri Feb 15 16:11:36 2008 : sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Fri Feb 15 16:11:36 2008 : sent [IPV6CP ConfReq id=0x1 <addr fe80::0214:51ff:fe9b:9600>]
Fri Feb 15 16:11:36 2008 : sent [ACSCP] 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01
Fri Feb 15 16:11:36 2008 : rcvd [IPCP ConfRej id=0x1 <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Fri Feb 15 16:11:36 2008 : sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
Fri Feb 15 16:11:36 2008 : rcvd [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 14 51 ff fe 9b 96 00]
Fri Feb 15 16:11:36 2008 : rcvd [LCP ProtRej id=0x3 82 35 01 01 00 10 01 06 00 00 00 01 02 06 00 00 00 01]
Fri Feb 15 16:11:36 2008 : rcvd [IPCP ConfNak id=0x2 <addr 10.6.0.225>]
Fri Feb 15 16:11:36 2008 : sent [IPCP ConfReq id=0x3 <addr 10.6.0.225>]
Fri Feb 15 16:11:36 2008 : rcvd [IPCP ConfAck id=0x3 <addr 10.6.0.225>]
Fri Feb 15 16:11:39 2008 : rcvd [IPCP ConfReq id=0x1 <addr 10.6.0.1> <compress VJ 0f 01>]
Fri Feb 15 16:11:39 2008 : ipcp: returning Configure-REJ
Fri Feb 15 16:11:39 2008 : sent [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
Fri Feb 15 16:11:39 2008 : rcvd [IPCP ConfReq id=0x2 <addr 10.6.0.1>]
Fri Feb 15 16:11:39 2008 : ipcp: returning Configure-ACK
Fri Feb 15 16:11:39 2008 : sent [IPCP ConfAck id=0x2 <addr 10.6.0.1>]
Fri Feb 15 16:11:39 2008 : ipcp: up
Fri Feb 15 16:11:39 2008 : local IP address 10.6.0.225
Fri Feb 15 16:11:39 2008 : remote IP address 10.6.0.1
Fri Feb 15 19:11:47 2008 : Hangup (SIGHUP)
Fri Feb 15 19:11:48 2008 : ipcp: down
Fri Feb 15 19:11:48 2008 : MPPE disabled
Fri Feb 15 19:11:48 2008 : sent [LCP TermReq id=0x2 "MPPE disabled"]
Fri Feb 15 19:11:48 2008 : sent [LCP TermReq id=0x3 "MPPE disabled"]
Fri Feb 15 19:11:48 2008 : rcvd [LCP TermAck id=0x2]
Fri Feb 15 19:11:48 2008 : Connection terminated.
Fri Feb 15 19:11:48 2008 : Connect time 180.3 minutes.
Fri Feb 15 19:11:48 2008 : Sent 1468688 bytes, received 10356031 bytes.
Fri Feb 15 19:11:48 2008 : PPTP disconnecting...
Fri Feb 15 19:11:48 2008 : PPTP disconnected

But since monday, i got messages like that:

Fri Feb 15 16:11:33 2008 : PPTP connecting to server 'THE-SERVER' (THE-IP)...
Mon Feb 18 23:17:23 2008 : PPTP connection established.
Mon Feb 18 23:17:23 2008 : using link 0
Mon Feb 18 23:17:23 2008 : Using interface ppp0
Mon Feb 18 23:17:23 2008 : Connect: ppp0 <--> socket[34:17]
Mon Feb 18 23:17:23 2008 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xfe8f496d> <pcomp> <accomp>]
Mon Feb 18 23:17:23 2008 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xfe8f496d> <pcomp> <accomp>]
Mon Feb 18 23:17:26 2008 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS> <magic 0x6887acc8> <pcomp> <accomp>]
Mon Feb 18 23:17:26 2008 : lcp_reqci: returning CONFACK.
Mon Feb 18 23:17:26 2008 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS> <magic 0x6887acc8> <pcomp> <accomp>]
Mon Feb 18 23:17:26 2008 : sent [LCP EchoReq id=0x0 magic=0xfe8f496d]
Mon Feb 18 23:17:26 2008 : rcvd [LCP EchoReq id=0x0 magic=0x6887acc8]
Mon Feb 18 23:17:26 2008 : sent [LCP EchoRep id=0x0 magic=0xfe8f496d]
Mon Feb 18 23:17:26 2008 : rcvd [CHAP Challenge id=0x1 <065d60c64b0851c2>, name = "Draytek"]
Fri Feb 15 16:11:36 2008 : sent [CHAP Response id=0x1 <xxxxx>, name = "Username"]
Mon Feb 18 23:17:26 2008 : rcvd [LCP EchoRep id=0x0 magic=0x6887acc8]
Mon Feb 18 23:17:26 2008 : rcvd [CHAP Success id=0x1 "Welcome to Draytek."]
Mon Feb 18 23:17:26 2008 : CHAP authentication succeeded: Welcome to Draytek.
Mon Feb 18 23:17:26 2008 : Disabling 40-bit MPPE; MS-CHAP LM not supported
Mon Feb 18 23:17:26 2008 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Mon Feb 18 23:17:26 2008 : rcvd [IPCP ConfReq id=0x1 <addr 10.6.0.1> <compress VJ 0f 01>]
Mon Feb 18 23:17:26 2008 : sent [IPCP TermAck id=0x1]
Mon Feb 18 23:17:26 2008 : rcvd [CCP ConfReq id=0x1 <mppe +H -M -S +L -D -C>]
Mon Feb 18 23:17:26 2008 : MPPE required but peer negotiation failed
Mon Feb 18 23:17:26 2008 : sent [LCP TermReq id=0x2 "MPPE required but peer negotiation failed"]
Mon Feb 18 23:17:26 2008 : sent [CCP ConfRej id=0x1 <mppe +H -M -S +L -D -C>]
Mon Feb 18 23:17:26 2008 : rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Mon Feb 18 23:17:26 2008 : rcvd [LCP TermAck id=0x2]
Mon Feb 18 23:17:26 2008 : Connection terminated.
Mon Feb 18 23:17:26 2008 : PPTP disconnecting...
Mon Feb 18 23:17:26 2008 : PPTP disconnected

Anyone any idea, how to fix? It's really urgent, because i had to use my winddof laptop now for all VPN work 😟
And i hate the fact, that win does not have any problems with the VPN. Same Router, same login, same server. Win=ok, mac=failure. This should not be!

Reply

Answer 4

Feb 20, 2008 11:30 PM in response to Shrift

10.5.2 update resolved this issue for me.

Reply

Answer 5

elmex

Level 1

0 points

Feb 21, 2008 3:14 AM in response to andrussuitsu

But this will mean, i have to buy new software 😟

Nobody any idea, how to fix it on 10.4.11?

Reply

Answer 6

Feb 21, 2008 3:21 AM in response to elmex

I referred to updating the server to 10.5.2. You already have 10.5.1, no cost there.

Reply

Answer 7

sp0radic

Level 1

123 points

Apr 1, 2008 4:58 PM in response to elmex

I would also like to know how to fix it in 10.4.11 server.

I read about trying:
sudo vpnaddkeyagentuser /LDAPv3/10.0.1.102

(Where 10.0.1.102 would be the IP address of your master directory)

...I'll give it a go and report back.

Reply