PPTP VPN errors, 10.7
Hi,
I have been trying to get the PPTP VPN service working in Lion with no luck and wanted to see if anyone can help...
I found this document - http://support.apple.com/kb/HT4748 - and went over the instructions and entered the relevant settings into Terminal. This is what I entered:
bash-3.2# serveradmin settings
vpn:Servers:com.apple.ppp.pptp:enabled = yes
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = 192.168.2.236
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = 192.168.2.240
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_ index:0 = MSCHAP2
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = DSAuth
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 1
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
After pressing ctrl-d to save, this is what was returned:
vpn:Servers:com.apple.ppp.pptp:enabled = yes
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol = _empty_array
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.2.224"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.2.254"
So, straight away it seems that there is problem - the 'AuthenticatorProtocol' setting hasn't taken nor has the starting and ending addresses or 40bit key setting. When setting up a connection from a client I get the following errors in the VPN logs on the server:
2011-08-02 17:41:33 BST Incoming call... Address given to client = 192.168.2.224
Tue Aug 2 17:41:33 2011 : Directory Services Authentication plugin initialized
Tue Aug 2 17:41:33 2011 : Directory Services Authorization plugin initialized
Tue Aug 2 17:41:33 2011 : PPTP incoming call in progress from '192.168.2.20'...
Tue Aug 2 17:41:33 2011 : PPTP connection established.
Tue Aug 2 17:41:33 2011 : using link 0
Tue Aug 2 17:41:33 2011 : Using interface ppp0
Tue Aug 2 17:41:33 2011 : Connect: ppp0 <--> socket[34:17]
Tue Aug 2 17:41:33 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x658dba54> <pcomp> <accomp>]
Tue Aug 2 17:41:34 2011 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x343c484c> <pcomp> <accomp>]
Tue Aug 2 17:41:34 2011 : lcp_reqci: returning CONFACK.
Tue Aug 2 17:41:34 2011 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x343c484c> <pcomp> <accomp>]
Tue Aug 2 17:41:36 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x658dba54> <pcomp> <accomp>]
Tue Aug 2 17:41:36 2011 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x658dba54> <pcomp> <accomp>]
Tue Aug 2 17:41:36 2011 : sent [LCP EchoReq id=0x0 magic=0x658dba54]
Tue Aug 2 17:41:36 2011 : sent [CHAP Challenge id=0x19 <5856042b4d496d0d7628283f036a342a>, name = "test1.example.com"]
Tue Aug 2 17:41:36 2011 : rcvd [LCP EchoReq id=0x0 magic=0x343c484c]
Tue Aug 2 17:41:36 2011 : sent [LCP EchoRep id=0x0 magic=0x658dba54]
Tue Aug 2 17:41:36 2011 : rcvd [LCP EchoRep id=0x0 magic=0x343c484c]
Tue Aug 2 17:41:37 2011 : rcvd [CHAP Response id=0x19 <1e54910872fb421f0c33a14170a86ae50000000000000000ec5a9244356ad3301e54400736f5c6 ab5e2efcdb72c1b32100>, name = "admin"]
Tue Aug 2 17:41:37 2011 : DSAuth plugin: Failed to retrieve MPPE encryption keys from the password server.
Tue Aug 2 17:41:37 2011 : sent [CHAP Success id=0x19 "S=19042A45445ADAAB6BD0356FC1CB5EFFD3130904 M=Access granted"]
Tue Aug 2 17:41:37 2011 : CHAP peer authentication succeeded for admin
Tue Aug 2 17:41:37 2011 : DSAccessControl plugin: User 'admin' authorized for access
Tue Aug 2 17:41:37 2011 : MPPE required, but keys are not available. Possible plugin problem?
Tue Aug 2 17:41:37 2011 : sent [LCP TermReq id=0x2 "MPPE required but not available"]
Tue Aug 2 17:41:37 2011 : Connection terminated.
Tue Aug 2 17:41:37 2011 : Connect time 0.1 minutes.
Tue Aug 2 17:41:37 2011 : Sent 0 bytes, received 0 bytes.
Tue Aug 2 17:41:37 2011 : PPTP disconnecting...
Tue Aug 2 17:41:37 2011 : PPTP disconnected
2011-08-02 17:41:37 BST --> Client with address = 192.168.2.224 has hungup
I have dug around and seen that the 'DSAuth plugin: Failed to retrieve MPPE encryption keys from the password server' error is not a new one and has been seen before in upgrades to 10.4, 10.5 and 10.6, however everything that is suggested in those threads doesn't resolve this problem - I still get the same errors in the log.
I have tried rebuilding the keyagentuser (sudo vpnaddkeyagentuser /LDAPv3/127.0.0.1 - this is the OD master as well as VPN server) with no luck and have re-entered the sudo serveradmin settings above again, with no change.
I don't know enough about how the VPN service works to know what to do/try next and documentation/discussions on this are thin on the ground - if anyone has any idea, it would be great to kow!
Thanks
JS
MacBook Pro, Mac OS X (10.6.8)