Skip navigation

PPTP Won't work after 4.3 Upgrade

73166 Views 123 Replies Latest reply: Aug 4, 2012 10:02 AM by sguilliard RSS
  • Steveclv Calculating status...
    Currently Being Moderated
    Mar 29, 2011 10:19 PM (in response to Asatoran)
    Asatoran

    You are not thinking this through logically

    As many posters have pointed out, the iPad/iPhone with iOS 4.2 worked with PPTP VPN connections and have now stopped working on the same networks with 4.3 and 4.3.1.

    No-one has changed their routers so this removes them from the equation.

    Discussing routers and their configuration is meaningless and distracts from the problem which is that Apple have broken PPTP VPN connections in iOS 4.3 - PERIOD.

    I think livinginamoment explained it and I have a similar experience - within my WiFi network I have working PPTP VPN connections (Mac OSX, Windows 7 and iOS 4.2) and non-working PPTP VPN connections (iPad 4.3, iPad 2 4.3.1, iPhone 4.3)
    They all use the same router.

    So to be clear - this problem has nothing whatsoever to do with the Router.
    iPad, iOS 4, iOS 4.3
  • Steveclv Level 1 Level 1 (0 points)
    Currently Being Moderated
    Mar 29, 2011 10:28 PM (in response to Steveclv)
    Sorry, just to be clear in my last post

    The home network router is transparent in this problem (which is what my last post was addressing) - if you are refering to the end point VPN router then that is different - in my case I have no idea what equipment has been set up to provide the end point of the VPN tunnel. I imagine that most non-IT people have any idea either.
    iPad, iOS 4, iOS 4.3
  • motd2k Calculating status...
    Currently Being Moderated
    Mar 29, 2011 11:05 PM (in response to JC_MacD)
    Just use a decent VPN provider... the problem is NOT on Apple's side, and they won't be fixing it.

    https://www.overplay.net/blog/pptp-with-apple-ios-4-3
    Windows Vista
  • Asatoran Level 4 Level 4 (2,535 points)
    Currently Being Moderated
    Mar 30, 2011 2:02 AM (in response to Steveclv)
    Steveclv wrote:
    Asatoran

    You are not thinking this through logically

    As many posters have pointed out, the iPad/iPhone with iOS 4.2 worked with PPTP VPN connections and have now stopped working on the same networks with 4.3 and 4.3.1.

    No-one has changed their routers so this removes them from the equation.


    You are showing that you are not understanding anything I said. I did NOT, repeat NOT, repeat NOT say that the problem is NOT iOS4.3. Far from it, I am agreeing that it was something that Apple changed. However, since not everyone is having a problem, the next step is to determine what is common with all the "broken" VPNs (besides using iOS4.3.) As I posted, the last several people that provided detailed info had used DD-WRT as their VPN endpoints. So I had pointed out that there is a POSSIBLE, repeat POSSIBLE focus for investigation.

    Discussing routers and their configuration is meaningless and distracts from the problem which is that Apple have broken PPTP VPN connections in iOS 4.3 - PERIOD.


    No, since all that was being posted was "me too" without any new info, how was it going to fix the issue? So gathering more info is required, and as I said above, we have preliminary data pointing toward DD-WRT and Linksys hardware.

    I think livinginamoment explained it and I have a similar experience - within my WiFi network I have working PPTP VPN connections (Mac OSX, Windows 7 and iOS 4.2) and non-working PPTP VPN connections (iPad 4.3, iPad 2 4.3.1, iPhone 4.3)
    They all use the same router.


    You're being shortsighted. Yes, you didn't change your router, but what do you have in common with the other people that are having issues? (Again, besides iOS4.3.)

    So to be clear - this problem has nothing whatsoever to do with the Router.
    Steveclv wrote:
    Sorry, just to be clear in my last post

    The home network router is transparent in this problem (which is what my last post was addressing) - if you are refering to the end point VPN router then that is different - in my case I have no idea what equipment has been set up to provide the end point of the VPN tunnel. I imagine that most non-IT people have any idea either.


    You are again thinking shortsightedly. You may not be in control of the VPN endpoint, but others are, the ones that have the VPN endpoint at home and are VPNing to their home. Those people can provide the extra info. I was NOT talking about the NON-VPN-ENDPOINT router, but about the router that IS being used as the VPN endpoint, which is of course of interest. And if you are not an IT person and you don't know what VPN equipment you're using, then I suggest you have your IT department work with Apple to fix the issue, since you wouldn't have access to the technical info needed to troubleshoot the issue. (i.e.: log files of the VPN endpoint.) "Me too" posts are what is "meaningless and distracting" since we already know that there is an issue, but "me too" doesn't do anything toward a resolution. I've already said that troubleshooting VPN issues is often difficult and if, as you infer, are not an IT person and don't know what kind of VPN endpoint and settings you're using, then how do you "know" it's not the router?

    Put it this way, I'm trying to point you toward ways to fix YOUR problem. I'm not affected by the issue, and if anything, I would NOT want Apple to put out an update since it could then "break" my VPN. So if I were selfish, I would tell Apple to NOT fix anything and tell you to replace your VPN equipment with a (very expensive) Cisco ASA5000 series box, which uses IPSec, which is much more reliable and secure than PPTP, and as has been posted definitely does work with iOS4.3 & iOS4.3.1. So if I were selfish, I would have said that the "issue" is your equipment since my equipment and setup is working fine, as well as other people's setup, and you don't even know what equipment you're connecting to.
    MBP 15" Penryn, Mini 2009, iPad1 3G (4.3.1), Mac OS X (10.6.7)
  • Steveclv Level 1 Level 1 (0 points)
    Currently Being Moderated
    Mar 30, 2011 7:44 AM (in response to Asatoran)
    I could add a scathing reply but that would not add anything to this discussion.

    It was not clear that you were referring to the end-point router in your earlier posts and at least that has been clarified.

    I have no idea what end-point router is being used because we didn't set it up - we simply purchase a monthly service from a supplier. I suggest that many others are in the same situation.

    Whilst the posting of 'me too' messages that seem to cause you some distress may add nothing technical to the discussion, it is indicative that the issues are widespread and whilst you do not believe that Apple staff read these threads, I can assure you that they do. They do not use it for providing support responses or for a dialog with Apple customers - but the information does disseminate back to Cupertino.

    We all agree that 4.3 broke something - whether it was the hardening of the security protocols or incompetence due to insufficient testing or both we do not know and only Apple can truly answer and address that. Using one specific brand of end-point router or changing the protocol is not the answer (but may be a quick fix).
    iPad, iOS 4, iOS 4.3
  • Asatoran Level 4 Level 4 (2,535 points)
    Currently Being Moderated
    Mar 30, 2011 9:50 AM (in response to Steveclv)
    @Steveclv, I'm leaving out other comments since it won't help the issue. I'll just give one more suggestion:

    I have no idea what end-point router is being used because we didn't set it up - we simply purchase a monthly service from a supplier. I suggest that many others are in the same situation.

    We all agree that 4.3 broke something - whether it was the hardening of the security protocols or incompetence due to insufficient testing or both we do not know and only Apple can truly answer and address that. Using one specific brand of end-point router or changing the protocol is not the answer (but may be a quick fix).


    Why aren't you yelling at your VPN provider? Whenever Apple comes out with a new model, the case manufacturers have to change their designs. When Apple updates OSX, it is not uncommon for software and hardware manufacturers to have to update their software or firmware. So it should not come as a surprise that a change to iOS would mean that some service providers may need to update their configurations, in this case a VPN service provider. Yes, it was not the service provider's fault, but it is in the service provider's best interest to work with Apple and get this resolved. The are looking at the potential loss of revenue from hudreds, thousands or perhaps millions of iOS clients.

    Changing hardware, in this case, means changing service providers. That is not a quick fix, but the threat of leaving is powerful...if you were a good or large client.

    Considering that most of the computer industry considers PPTP to be very weak security-wise, changing protocols shouldn't be much of an issue to a good quality service provider, since they should already be setup to use a better protocol. It's one thing if an individual had to change hardware to change protocol on their endpoint they owned at home, but a service provider that only supports PPTP does not sounds like a service provider that I'd want to rely on.

    You are free to sit here and blame Apple all you want, but what will that get you? I agree that Apple may read some of the things on these forums, but this is not the official channel so is arguably the slowest channel for getting your issue resolved. Get your service provider on board.
    MBP 15" Penryn, Mini 2009, iPad1 3G (4.3.1), Mac OS X (10.6.7)
  • Silence0 Calculating status...
    Currently Being Moderated
    Mar 30, 2011 11:33 AM (in response to JC_MacD)
    About this issue:
    After my long investigation I have some positive result.

    1. My iPad sometimes connect "1/15"
    2. Connection is established with vpn endpoint (dd-wrt point of view) but immediately after iOS brake this connection and no errors in the logs

    Some logs from vpn when connection is unsuccessful (from iPad2)
    Mar 30 19:48:26 pptpd[12423]: CTRL: Client "IP" control connection started
    Mar 30 19:48:26 pptpd[12423]: CTRL: Starting call (launching pppd, opening GRE)
    Mar 30 19:48:26 pppd[12424]: pppd 2.4.4 started by root, uid 0

    connection established


    Ending connection


    Mar 30 19:48:29 pptpd[12423]: CTRL: EOF or bad error reading ctrl packet length.
    Mar 30 19:48:29 pptpd[12423]: CTRL: couldn't read packet header (exit)
    Mar 30 19:48:29 pptpd[12423]: CTRL: CTRL read failed
    Mar 30 19:48:29 pptpd[12423]: CTRL: Reaping child PPP[12424]
    Mar 30 19:48:29 pppd[12424]: Exit.
    Mar 30 19:48:29 pptpd[12423]: CTRL: Client "IP" control connection finished


    Some logs from vpn when connection is successful (from MBP)
    Mar 30 20:00:34 pptpd[12906]: CTRL: Client "IP" control connection started
    Mar 30 20:00:34 pptpd[12906]: CTRL: Starting call (launching pppd, opening GRE)
    Mar 30 20:00:34 pppd[12907]: pppd 2.4.4 started by root, uid 0

    connection established


    Ending connection


    Mar 30 20:00:56 pptpd[12906]: CTRL: EOF or bad error reading ctrl packet length.
    Mar 30 20:00:56 pptpd[12906]: CTRL: couldn't read packet header (exit)
    Mar 30 20:00:56 pptpd[12906]: CTRL: CTRL read failed
    Mar 30 20:00:56 pptpd[12906]: CTRL: Reaping child PPP[12907]
    Mar 30 20:00:56 pppd[12907]: Exit.
    Mar 30 20:00:56 pptpd[12906]: CTRL: Client "IP" control connection finished


    So it is no difference in the logs between 2 connections


    Anyway from ddwrt point of view no problem with both connections.
    Ipad2, iOS 4, 4.3.1
  • Triplet79 Calculating status...
    Currently Being Moderated
    Mar 31, 2011 7:57 AM (in response to BritViewer)
    I too am having identical problems.

    All work fine remotely as of 10:53 EST on 3/31/2011:
    My iOS 4.2.1 iPhone 4
    HP EliteBook 8540p running Windows 7 Enterprise
    Dell Vostro 1700 running Windows Vista Home
    2010 MacBook Pro, fully patched

    Does NOT work:
    New iPad 2 iOS 4.3
    Friends iPhone 4 running iOS 4.3

    The server everything is connected to is a Linksys WRT54g rev 2, DD-WRT v24-sp2 (11/02/09) vpn which has worked fine for months.

    The problem is simple. iOS device pre 4.3 works fine, upgrade it and it stops working. If I can't get this iPad 2 working with VPN soon, it is going back to the store. I purchased it so I wouldn't have to take my MacBook Pro everywhere.
    iPad 2, iOS 4
  • c0t0d0s0 Calculating status...
    Currently Being Moderated
    Apr 4, 2011 6:21 PM (in response to JC_MacD)
    Support knows about this issue because I called them and even sent logs from my iPads. They just don't care unless you are willing to pay $99 for them to look into it with no guarantee that they will find the problem and no refund if it is their fault.

    -Mike
    iPad2, iOS 4
  • Cosworth Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 6, 2011 1:39 PM (in response to JC_MacD)
    Just a quick note. I too am having issues connecting via PPTP VPN to a router loaded with DD-WRT firmware (DD-WRT v24-sp2 (10/10/09) std) on a Motorola WR850Gv2 with an iPhone and iPad running iOS 4.3. I can connect to other PPTP servers with these same devices including my works PPTP and to a Snow Leopard machine running VPN Activator. So I am not sure that Apple "broke" something they may have changed something that has affected this combination of equipment, firmware and software. Yes I can still connect to the VPN with other devices like a Mac and on older phone running iOS 4.21. I think we really need to hear from the folks who put together the DD-WRT firmware to get their opinion on this topic. I wish Apple would include OpenVPN support in iOS it has been done on jailbroken devices already.
    iPhone 4, iOS 4, 32GB, iOS4.3
  • slinge Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 6, 2011 2:32 PM (in response to JC_MacD)
    It's not a DDWRT problem; my 3GS worked before and after updating to 4.3.1 however an iPad 2 will not connect with 4.3 or 4.3.1

    I tried with DDWRT build 15962, then updated to 16454 on Asus RT-N16, but no difference.

    It's got to be an iOS problem.
    Mac OS X (10.5.7)
  • Asatoran Level 4 Level 4 (2,535 points)
    Currently Being Moderated
    Apr 6, 2011 3:07 PM (in response to slinge)
    slinge wrote:
    It's not a DDWRT problem; my 3GS worked before and after updating to 4.3.1 however an iPad 2 will not connect with 4.3 or 4.3.1

    I tried with DDWRT build 15962, then updated to 16454 on Asus RT-N16, but no difference.

    It's got to be an iOS problem.


    While I agree that the issue is with iOS, considering that most (if not all) the people that reported which VPN endpoints they had problems with were DD-WRT, rather than getting tunnel-vision on "it's not DD-WRT", perhaps the question should be "what is it about DD-WRT that iOS doesn't like?"

    Also, since your post states that your iPhone 3GS is working with iOS4.3.1 to a DD-WRT VPN, then one could argue that it is NOT iOS. (IOW, if "it's got to be iOS", then shouldn't your 3GS have failed also?)

    (My apologies if it sounds like I'm picking on you. It's not my intent. Just when I saw the "It's got to be" that usually raises red flags for me. )
    MBP 15" Penryn, Mini 2009, iPad1 3G (4.3.1), Mac OS X (10.6.7)
  • Syrex Calculating status...
    Currently Being Moderated
    Apr 7, 2011 5:23 AM (in response to Asatoran)
    Ok, the problem does appear to specifically affect the PopTopD PPTP server. This would explain the problem with the DDWRT routers, as they utilise this package. This however affects nearly every single Linux based firewall as well. The problem appears to be a bug in iOS 4.3 & 4.3.1 in that the client doesn't wait for LCP to proceed to 'open'.

    If anyone has a work around I'd love to try it...

    Detailed here:
    http://forum.hidemyass.com/showthread.php?tid=2879
    IPad, iOS 4
  • Syrex Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 7, 2011 7:28 AM (in response to Syrex)
    After comparing numerous tcpdump outputs and turning up the debug logging the problem is actually quite simple... AND DEFINITELY AN APPLE BUG.

    To replicate:
    1. Turn on debug logging for pppd when launched by pptpd
    echo 'debug' >> /etc/ppp/options.pptpd
    2. Set syslog to direct debug information to the system log file
    3. tail -f /var/log/messages | grep -v 'racoon\|snmp'

    Debug messages:
    Windows 7 Laptop:
    Apr 7 15:24:57 unix-03 pppd[22806]: Connect: ppp0 <--> /dev/pts/8
    Apr 7 15:24:57 unix-03 pppd[22806]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xd861a44a> <pcomp> <accomp>]
    Apr 7 15:24:57 unix-03 pppd[22806]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x4f8f6313> <pcomp> <accomp> <callback CBCP>]

    iOS 4.3+:
    Apr 7 15:17:10 unix-03 pppd[22084]: Connect: ppp0 <--> /dev/pts/8
    Apr 7 15:17:10 unix-03 pppd[22084]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe4445c4f> <pcomp> <accomp>]
    Apr 7 15:17:28 unix-03 last message repeated 8 times


    The iOS 4.3 and 4.3.1 devices simply stop sending traffic back after the PPTP server offers it's Configuration Request. Adding either 'nopcomp', 'noaccomp'
    or both to /etc/ppp/options.pptpd results in the connections working every time.

    In Other Words:
    iOS 4.3 and 4.3.1 immediately stop trying to establish a VPN connection
    when they are offered both pcomp (protocol field compression negotiation)
    and accomp (address/control compression). This is the default behaviour
    in PPP and presumably why allot of Linux based routers are subsequently unable
    to establish connections with iOS 4.3+.
    IPad, iOS 4
1 ... 3 4 5 6 7 ... 9 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.