vpn connection trouble

Discussion in 'macOS' started by mkr, Sep 24, 2005.

  1. mkr macrumors newbie

    Joined:
    Sep 24, 2005
    #1
    hello mac gurus!

    i am new to both this forum and apple (although i am quite experienced in linux), so please be patient if i am asking something dumb!

    i am trying to establish a pptp-vpn connection with mac os x 10.2.x, 10.3.x and 10.4.x to a linux vpn server but only 10.2.x works (at least somehow, i got a lot "Protocol-Reject for unsupported protocol" messages, but these can be due to a poor networking connection..). with 10.3.x or 10.4.x i get the the following error messages:

    10.3.x (panther):
    Sat Sep 24 19:06:08 2005 : PPTP connection established.
    Sat Sep 24 19:06:08 2005 : Using interface ppp0
    Sat Sep 24 19:06:08 2005 : Connect: ppp0 <--> socket[34:17]
    Sat Sep 24 19:06:11 2005 : Remote message: Access granted
    Sat Sep 24 19:06:11 2005 : LCP terminated by peer (MPPE required but cannot negotiate MPPE key length)
    Sat Sep 24 19:06:11 2005 : Connection terminated.
    Sat Sep 24 19:06:11 2005 : PPTP disconnecting...
    Sat Sep 24 19:06:11 2005 : PPTP disconnected

    10.4.x (tiger)
    Sat Sep 24 18:39:33 2005 : PPTP connection established.
    Sat Sep 24 18:39:33 2005 : Using interface ppp0
    Sat Sep 24 18:39:33 2005 : Connect: ppp0 <--> socket[34:17]
    Sat Sep 24 18:39:36 2005 : Refusing MPPE stateful mode offered by peer
    Sat Sep 24 18:39:36 2005 : MPPE required but peer negotiation failed
    Sat Sep 24 18:39:36 2005 : Connection terminated.
    Sat Sep 24 18:39:36 2005 : PPTP disconnecting...
    Sat Sep 24 18:39:36 2005 : PPTP disconnected

    i read on some places about this problem (also this place), but found no solution, at least non that is working for me (http://forums.macrumors.com/archive/index.php/t-43648.html says something about setting CCPEnabled, but this has no effect).
    somewhere (else) i read about a patch for pppd, but can not find it! (btw. i also have no clue where to get the source code! is there a download site for the sources or can i use the ones from opendarwin.org)

    does anyone have an idea how i can solve this? any tipps/hints/links are welcome!

    thanks in advance for your help!

    markus
     
  2. varmit macrumors 68000

    varmit

    Joined:
    Aug 5, 2003
    #2
    Found this: http://forums.macrumors.com/archive/index.php/t-43648.html

    Apple's pppd in Jaguar supports MPPC (http://www.faqs.org/rfcs/rfc2118.html) (MPPE (http://www.faqs.org/rfcs/rfc3078.html) Compression), but the one in Panther does not. (Don't be confused by this: MPPE is negotiated as a PPP compression mode, but it's not the same thing as MPPC. You want MPPE for encryption, you don't want MPPC if you want it to work with Panther.)

    My guess is that Apple hit some legal problems with their MPPC code as the compression algorithm is patented by Stac Electronics, the people who sued Microsoft (http://www.base.com/software-patents/articles/stac.html) some time ago for the same sort of reason.

    This was real time waster to diagnose as the change isn't documented anywhere that I can see. Okay, I can understand that they had to remove it, but why not make it a little easier to find out why Jaguar's PPTP VPN works and Panther's doesn't by posting a Tech Note or similar? It took hours and hours over well over a month to gather enough evidence, from crawling through protocol specification documents and packet dumps, to convince our Network Engineering department of what needed to be done to work around this problem.

    Fortunately the solution is simple: disable MPPC. We made that one change on the Nortel Contivity switch that we use as a VPN server and now PPTP VPN in Panther can connect to it perfectly.

    There are other posts in the Thread that might help, did you see this one yet?
     
  3. mkr thread starter macrumors newbie

    Joined:
    Sep 24, 2005
    #3
    thanks for your answer, but this is exactly the thread i was referring to in my first post, so ... yes, i read it. the solution mentioned in the cited thread (by wes_zuber) does not have any affect.
    but doesn't disabling mppc disabling encryption? (btw. how can i do this?)
    no encryption is no option for me.

    is there a way to patch pppd to enable encryption?

    thanks in advance for your help!

    markus
     
  4. varmit macrumors 68000

    varmit

    Joined:
    Aug 5, 2003
    #4
    http://www.vortech.net/phorums/read.php?5,50861,51073
    It seems that a lot of people are saying that the default encryption is the problem, and that it needs to be bumped up to 128-bit for the Linux server to accept the connection. Check the Linux server and make sure it is not set to allow "no-encryption"

    http://www.vortech.net/phorums/read.php?5,37204,37204,quote=1

    only a little helpful with the fact he was having some of the same issures and it was due to low encyption. http://pptpclient.sourceforge.net/howto-diagnosis-2003-08-12.phtml

    It sounds like you need some heavy tech support, I would try giving Apple a call, and asking for an engineer to help you out with the situation. To help you bump up your encryption that is, since I'm not sure how to do it.
     
  5. TeknoTurd macrumors newbie

    Joined:
    Oct 8, 2003
    #5
    I'm running into this same problem when trying to use the Google Secure Access script that was released a few weeks ago. It seemed to work for a few times then stopped and hasn't worked since. I'm getting errors just like the ones above. Has anyone found a solution or work around for this?
     
  6. schalliol macrumors regular

    Joined:
    May 7, 2002
    Location:
    Carmel, IN
    #6
    So, I'm resurrecting a 3+ year old thread, but I am having the same problem in Leopard (same console messages) connecting to PPTP on a DD-WRT Linux router running on a Linksys WRT-54GL. So far I've found that a Windows user is able to connect and I can connect via my iPhone and Macs, but only if I turn encryption off. Has anyone figured out how to gain encryption? Thanks!
     
  7. Amdahl macrumors 65816

    Joined:
    Jul 28, 2004
    #7
    Just a guess.. try chaging the bit-number encryption options and see if one of them works.
     
  8. schalliol macrumors regular

    Joined:
    May 7, 2002
    Location:
    Carmel, IN
    #8
    I tried both settings, only "None" works, unfortunately.
     
  9. Amdahl macrumors 65816

    Joined:
    Jul 28, 2004
    #9
    Maybe it is a bug you can report with the dd-wrt people. I used it once a year or maybe two ago when it was very new, and had no success using the pptp features. Maybe I'll check it out again over Christmas.
     
  10. schalliol macrumors regular

    Joined:
    May 7, 2002
    Location:
    Carmel, IN
    #10
    Since it works on Windows machines and I believe this same trouble occurs with other servers too, I think it must be a Mac-specific issue, but I'm asking around at DD-WRT just in case. Thanks!
     
  11. Amdahl macrumors 65816

    Joined:
    Jul 28, 2004
    #11
    A lot of bugs never get fixed because 'it works with Windows.'
     

Share This Page