Stourview

Q: Server 5.2 - PPTP has disappeared

I just updated to server 5.2 on El Capitan and have discovered PPTP clients can no longer log in. PPTP configuration on the server has disappeared!

 

How can I re-enable PPTP server or how can I revert to the last version of Server App?

 

I have some clients that are unable to connect with L2TP as they don't have the shared secret. I need PPTP!

 

Help!

 

Dave S

Mac mini (Late 2009), Mac OS X (10.6.8), OS X Server 10.6.8

Posted on Oct 5, 2016 2:46 PM

Close

Q: Server 5.2 - PPTP has disappeared

  • All replies
  • Helpful answers

  • by John Lockwood,

    John Lockwood John Lockwood Oct 6, 2016 5:22 AM in response to Stourview
    Level 6 (9,379 points)
    Servers Enterprise
    Oct 6, 2016 5:22 AM in response to Stourview

    PPTP is very old and has known security weaknesses. Apple have quite rightly killed it off. You can think of PPTP as being so weak security wise as to be equivalent to the ancient WiFi encryption scheme called WEP which also no-one should be using these days.

     

    Server.app 5.2 is the oldest version that will run under macOS Sierra. If you want to run an older version you must first downgrade to El Capitan.

     

    Even L2TP is known to also have security weaknesses although not as bad as PPTP. I suggest you configure L2TP in Server.app if it is not already done so - including setting a Pre-Shared-Key and tell your users the appropriate settings.

     

    Note: You can use Profile Manager to push settings out to users.

     

    Frankly I personally regard Apple's VPN server as a bit of a joke and not fit for business use - only home use. I setup a Linux based Cisco IPSec compatible VPN server with security certificates and VPN on Demand and routing all traffic via the VPN which is far more secure. The built-in Mac VPN client can still connect to this Linux VPN server.

  • by Stourview,

    Stourview Stourview Oct 6, 2016 6:02 AM in response to John Lockwood
    Level 1 (4 points)
    Mac OS X
    Oct 6, 2016 6:02 AM in response to John Lockwood

    I understand the security benefits of L2TP/IPSec and that PPTP is weaker but I would like to continue to support it for now.

     

    Sadly I have some clients on windows that find L2TP unreliable (its fine from Macs) and so have fallen back to PPTP which always works (worked!). I also have some routers which have no L2TP/IPSec settings to configure, for them PPTP is (was) the only option.

     

    I am still on El Capitan so Server 5.1.7 is fine. I stupidly updated to 5.2!

     

    I have reverted back to 5.1.7 and I have controls back in server for PPTP in VPN section but running 5.2 obviously changed something under the surface that 5.1.7 can't undo. PPTP connections bounce off, rejected immediately, like the port (1723) was closed, but its not. Not sure what 5.2 changed but I need to put it back!

     

    Dave S