View Full Version : VPN - PPTP Broken
Oct 26, 2003, 05:05 PM
I can no longer connect to the VPN at my school. Internet connect gives:
Could not negotiate a connection with the remote PPP server. Please verify your settings and try again.
And the console reports:
Oct 26 14:00:12 localhost pppd: MPPE required but peer negotiation failed
It worked fine under Jaguar, but under Panther it fails.
Oct 27, 2003, 03:48 PM
I have the same problem. MX stream from KPN, Dutch Telecom uses VPN to connect to the server with an ADSL connection. The communication with the speedtouch modem works fine but VPN can't connect.
The Network log:
PPTP connecting to server '10.0.0.138' (10.0.0.138)...
PPTP connection established.
Using interface ppp0
Connect: ppp0 <--> socket[34:17]
and in the consol.log:
SystemUIServer Error: Unable to get extended status.
Time for OS X 10.3.1?
Oct 27, 2003, 09:36 PM
Mine works fine but I did a fresh install and not an upgrade.
Go into System Preferences and Network. Open Network Port Configurations and delete all instances of VPN. Now launch Internet Connect and recreate it.
It seems that the VPN now supports L2TP and PPTP, so there may be confusion there.
Oct 28, 2003, 06:53 AM
I've done a fresh install and it's a VPN (PPTP) connections.
Oct 28, 2003, 01:53 PM
I found an Apple support article regarding VPN connections in 10.3:
In essence, you can edit the /Library/Preferences/SystemConfiguration/preferences.plist file to match your ISP requirements.
I set CCPEnabled to 0 and was able to get by the MPPE error and connect, but a few seconds later I get the error:
LCP terminated by peer
I played with some of the other settings and I still cannot connect.
Oct 29, 2003, 08:11 AM
It worked for me.
I'll mail it to the "helpdesk". It seems that a lot of Mac users using MX Stream are in for some stress with this setting enabled.
Maybe the LCP thing is not related to VPN(PPTP) problems?
Jan 15, 2004, 02:41 AM
I am having problems with pptp in panther too. Originally I was getting the ppp error, then when I tried the solution in the link above i get
"The connection was terminated by the communication device. Please verify your settings and try again."
Is anybody else still having problems? I think ppp may be broken in panther. I'm going to poke around. Anybody else with these issues please post here.
Jan 16, 2004, 05:00 AM
Apple's pppd in Jaguar supports MPPC (http://www.faqs.org/rfcs/rfc2118.html) (MPPE (http://www.faqs.org/rfcs/rfc3078.html) Compression), but the one in Panther does not. (Don't be confused by this: MPPE is negotiated as a PPP compression mode, but it's not the same thing as MPPC. You want MPPE for encryption, you don't want MPPC if you want it to work with Panther.)
My guess is that Apple hit some legal problems with their MPPC code as the compression algorithm is patented by Stac Electronics, the people who sued Microsoft (http://www.base.com/software-patents/articles/stac.html) some time ago for the same sort of reason.
This was real time waster to diagnose as the change isn't documented anywhere that I can see. Okay, I can understand that they had to remove it, but why not make it a little easier to find out why Jaguar's PPTP VPN works and Panther's doesn't by posting a Tech Note or similar? It took hours and hours over well over a month to gather enough evidence, from crawling through protocol specification documents and packet dumps, to convince our Network Engineering department of what needed to be done to work around this problem.
Fortunately the solution is simple: disable MPPC. We made that one change on the Nortel Contivity switch that we use as a VPN server and now PPTP VPN in Panther can connect to it perfectly.
Jan 18, 2004, 11:58 PM
I managed to patch pppd and rebuild it, and now PPTP works in panther!
I don't know the exact details, but it seems that in my case it was 40-bit MPPE that pppd was choking on. By all acounts, 128-bit MPPE is functional in pppd, but I didn't have the access to reconfigure the VPN server.
Anyway, I found a patch on a mailing list for linux, and with a little mangling managed to apply it to Darwin's pppd.
If anyone needs the patch email me at tim_hollingsworth(no spam)@lasata.com.au
Jan 21, 2004, 06:12 PM
How do you disable MPPC?
Really relieved to find this thread - i've been going NUTS over this, and my ISP and the helpdesks here have no idea what's going on. they're running Jaguar, still.
Feb 3, 2004, 07:08 PM
All sounds very technical! I don't have a VPN connection but I am receiving the same error message "could not negotiate a to the PPP server and the right hand green light on my alcatel USB speedtouch modem is flashing all the time. Have the latest drivers and have re-installed software.
Various feedback from other threads say get rid and buy an ethernet modem, could someone name me one??
Have seen lots of bad things written about the speedtouch modem and OS X compatibility and BT don't have a clue!
Could it be I have not configured PPoE?
My Panther is an upgrade, but has worked before at another address.
I'm tempted to buy another modem but want advice on what to buy and guarantee to work.
Would be glad of any assistance.
Feb 8, 2004, 01:21 AM
Originally posted by matsya
How do you disable MPPC?
That depends on what the VPN server is. In most cases it should just be a configuration option somewhere.
asmdsr: There's nothing wrong with MPPE. It's MPPE Compression (MPPC) that's not supported by Panther's pppd. (This is the same communication problem I had when dealing with our Network Engineering department.) If you're sure you had a key size problem, then you might be talking about a completely different issue from mine.
Jul 14, 2004, 03:45 PM
The Content on this link http://docs.info.apple.com/article.html?artnum=107706 has changed since I last looked at it.
Here is what we did to fix our client.
Edit the file /Library/Preferences/SystemConfiguration/preferences.plist
look for <key>CCPEnabled</key>
Change the 1 to a zero.. so it should look like this
Reboot (I don't know what to HUP or reset so this is the lazy way)
This worked for us.