VPN 10.6 Setup (server)

Discussion in 'Mac OS X Server, Xserve, and Networking' started by ^squirrel^, Oct 6, 2010.

  1. ^squirrel^ macrumors 6502a

    ^squirrel^

    Joined:
    Apr 4, 2006
    Location:
    England
    #1
    Hi,

    I'm trying to setup VPN on my xserve running 10.6 server.

    I've enabled VPN in Server Admin and selected start.

    I've decided to use PPTP and have enabled a DHCP range for the VPN.

    When i connect it asks for my password, but then fails to connect.

    "A Connection could not be established to the PPP Server. Try reconnecting. If your problem continues.........."

    Can anyone help me configure the server side. It looks pretty straight forward but i must be missing something.

    I've tried turning the firewall off and Open Directory is correctly configured.

    Thanks guys
    Darren
     
  2. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
  3. ^squirrel^ thread starter macrumors 6502a

    ^squirrel^

    Joined:
    Apr 4, 2006
    Location:
    England
    #3
    sorry, i should have done that from the start.

    Wed Oct 6 15:35:43 2010 : peer refused to authenticate: terminating link
    Wed Oct 6 15:35:43 2010 : sent [LCP TermReq id=0x3 "peer refused to authenticate"]
    Wed Oct 6 15:35:43 2010 : Connection terminated.
    Wed Oct 6 15:35:43 2010 : PPTP disconnecting...
    Wed Oct 6 15:35:43 2010 : PPTP disconnected
    2010-10-06 15:35:43 BST --> Client with address = xxx.xxx.xxx.xxx has hungup
     
  4. ^squirrel^ thread starter macrumors 6502a

    ^squirrel^

    Joined:
    Apr 4, 2006
    Location:
    England
    #4
    Ok here's the update.

    I've got it working over PPTP but only using the administrator account. Do i need to enable something in the workgroup manager to enable the clients to connect?


    Thanks
     
  5. ^squirrel^ thread starter macrumors 6502a

    ^squirrel^

    Joined:
    Apr 4, 2006
    Location:
    England
    #5
    *Bump*

    Sorry hate doing this. Is there anything that needs to be enabled to the accounts in Workgroup Manager? I can't see anything.

    Administrator works fine so i know the VPN works. Just can't get my username or others working.

    Thanks for your help
     
  6. MacsRgr8 macrumors 604

    MacsRgr8

    Joined:
    Sep 8, 2002
    Location:
    The Netherlands
    #6
    Have you checked in Server Admin?
    Select your server, and on the right choose "Access". You can restrict access to services there.
     
  7. ^squirrel^ thread starter macrumors 6502a

    ^squirrel^

    Joined:
    Apr 4, 2006
    Location:
    England
    #7
    Thanks for your reply.

    Yep all services and all users are enabled.
     
  8. ^squirrel^ thread starter macrumors 6502a

    ^squirrel^

    Joined:
    Apr 4, 2006
    Location:
    England
    #8
    Can anyone help on this issue, maybe someone who has VPN working with the server?

    Thanks
     
  9. mh530 macrumors newbie

    Joined:
    Oct 14, 2010
    #9
    I have had a vpn going on server for several months. We had a few hiccups on setup-
    Are you using a shared secret to authenticate? Make sure this is on the client machine and matches that on the server.
    Other things that got me the first time:
    -Use the users' short name on the client computer (i.e. Bob Smith = bobsmith <--use this)
    -Make sure that each user is enabled for VPN access in Server prefs or admin
    -You can use the config file generated by Server Prefs to simplify some of the setup, particularly when you are trying to get your shared secret out (if you are using this type of security)
    -Check the log files on your client machine as well
    Let us know what you come up with, post logs if you want
    mike
     
  10. ^squirrel^ thread starter macrumors 6502a

    ^squirrel^

    Joined:
    Apr 4, 2006
    Location:
    England
    #10
    I'm afraid it's still not working with my short name.

    As you can see from the logs, admin works fine.

    It appears that something seems to be missing when i login with my short name.
    Tue Oct 19 09:40:19 2010 : MPPE required, but keys are not available. Possible plugin problem?
    Tue Oct 19 09:40:19 2010 : sent [LCP TermReq id=0x2 "MPPE required but not available"]

    ADMINISTRATOR

    Tue Oct 19 09:38:36 2010 : Directory Services Authentication plugin initialized
    Tue Oct 19 09:38:36 2010 : PPTP incoming call in progress from '192.168.1.9'...
    Tue Oct 19 09:38:36 2010 : PPTP connection established.
    Tue Oct 19 09:38:36 2010 : using link 0
    Tue Oct 19 09:38:36 2010 : Using interface ppp0
    Tue Oct 19 09:38:36 2010 : Connect: ppp0 <--> socket[34:17]
    Tue Oct 19 09:38:36 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x50c70293> <pcomp> <accomp>]
    Tue Oct 19 09:38:36 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1c5c9f78> <pcomp> <accomp>]
    Tue Oct 19 09:38:36 2010 : lcp_reqci: returning CONFACK.
    Tue Oct 19 09:38:36 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1c5c9f78> <pcomp> <accomp>]
    Tue Oct 19 09:38:39 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x50c70293> <pcomp> <accomp>]
    Tue Oct 19 09:38:39 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x50c70293> <pcomp> <accomp>]
    Tue Oct 19 09:38:39 2010 : sent [LCP EchoReq id=0x0 magic=0x50c70293]
    Tue Oct 19 09:38:39 2010 : sent [CHAP Challenge id=0x33 <410501243d186b412f26740c0a64037f>, name = "xx.xx.co.uk"]
    Tue Oct 19 09:38:39 2010 : rcvd [LCP EchoReq id=0x0 magic=0x1c5c9f78]
    Tue Oct 19 09:38:39 2010 : sent [LCP EchoRep id=0x0 magic=0x50c70293]
    Tue Oct 19 09:38:39 2010 : rcvd [LCP EchoRep id=0x0 magic=0x1c5c9f78]
    Tue Oct 19 09:38:39 2010 : rcvd [CHAP Response id=0x33 <5b6b5bcc453004ece3a40ae04f2b4f06000000000000000029431444871c3c4f7a3628a6f987401ac597ff5628f41a5000>, name = "administrator"]
    Tue Oct 19 09:38:39 2010 : sent [CHAP Success id=0x33 "S=A14AD551668E480DA4006A7882CF5DEDD1D40A47 M=Access granted"]
    Tue Oct 19 09:38:39 2010 : CHAP peer authentication succeeded for administrator
    Tue Oct 19 09:38:39 2010 : sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
    Tue Oct 19 09:38:39 2010 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
    Tue Oct 19 09:38:39 2010 : sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
    Tue Oct 19 09:38:39 2010 : rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
    Tue Oct 19 09:38:39 2010 : sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
    Tue Oct 19 09:38:39 2010 : rcvd [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
    Tue Oct 19 09:38:39 2010 : sent [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
    Tue Oct 19 09:38:39 2010 : rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
    Tue Oct 19 09:38:39 2010 : MPPE 128-bit stateless compression enabled
    Tue Oct 19 09:38:39 2010 : sent [IPCP ConfReq id=0x1 <addr 192.168.1.120>]
    Tue Oct 19 09:38:39 2010 : sent [ACSCP ConfReq id=0x1]
    Tue Oct 19 09:38:39 2010 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
    Tue Oct 19 09:38:39 2010 : ipcp: returning Configure-NAK
    Tue Oct 19 09:38:39 2010 : sent [IPCP ConfNak id=0x1 <addr 192.168.1.63> <ms-dns1 192.168.1.120> <ms-dns3 192.168.1.120>]
    Tue Oct 19 09:38:39 2010 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::021f:f3ff:fe53:bfe1>]
    Tue Oct 19 09:38:39 2010 : Unsupported protocol 0x8057 received
    Tue Oct 19 09:38:39 2010 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 1f f3 ff fe 53 bf e1]
    Tue Oct 19 09:38:39 2010 : rcvd [ACSCP ConfReq id=0x1 <ms-dns1 0.0.0.1> <ms-dns1 0.0.0.1>]
    Tue Oct 19 09:38:39 2010 : sent [ACSCP ConfRej id=0x1 <ms-dns1 0.0.0.1> <ms-dns1 0.0.0.1>]
    Tue Oct 19 09:38:39 2010 : rcvd [IPCP ConfAck id=0x1 <addr 192.168.1.120>]
    Tue Oct 19 09:38:39 2010 : rcvd [ACSCP ConfAck id=0x1]
    Tue Oct 19 09:38:39 2010 : rcvd [IPCP ConfReq id=0x2 <addr 192.168.1.63> <ms-dns1 192.168.1.120> <ms-dns3 192.168.1.120>]
    Tue Oct 19 09:38:39 2010 : ipcp: returning Configure-ACK
    Tue Oct 19 09:38:39 2010 : sent [IPCP ConfAck id=0x2 <addr 192.168.1.63> <ms-dns1 192.168.1.120> <ms-dns3 192.168.1.120>]
    Tue Oct 19 09:38:39 2010 : ipcp: up
    Tue Oct 19 09:38:39 2010 : found interface en0 for proxy arp
    Tue Oct 19 09:38:39 2010 : local IP address 192.168.1.120
    Tue Oct 19 09:38:39 2010 : remote IP address 192.168.1.63
    Tue Oct 19 09:38:39 2010 : pptp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.1.120), current interface setting (name: ppp0, family: PPP, address: 192.168.1.120, subnet: 255.255.255.0, destination: 192.168.1.63).
    Tue Oct 19 09:38:39 2010 : rcvd [ACSCP ConfReq id=0x2]
    Tue Oct 19 09:38:39 2010 : sent [ACSCP ConfAck id=0x2]

    MY USER ID

    2010-10-19 09:40:19 BST Incoming call... Address given to client = 192.168.1.64
    Tue Oct 19 09:40:19 2010 : Directory Services Authentication plugin initialized
    Tue Oct 19 09:40:19 2010 : PPTP incoming call in progress from '192.168.1.9'...
    Tue Oct 19 09:40:19 2010 : PPTP connection established.
    Tue Oct 19 09:40:19 2010 : using link 0
    Tue Oct 19 09:40:19 2010 : Using interface ppp0
    Tue Oct 19 09:40:19 2010 : Connect: ppp0 <--> socket[34:17]
    Tue Oct 19 09:40:19 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x29532057> <pcomp> <accomp>]
    Tue Oct 19 09:40:19 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x78cfe493> <pcomp> <accomp>]
    Tue Oct 19 09:40:19 2010 : lcp_reqci: returning CONFACK.
    Tue Oct 19 09:40:19 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x78cfe493> <pcomp> <accomp>]
    Tue Oct 19 09:40:19 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x29532057> <pcomp> <accomp>]
    Tue Oct 19 09:40:19 2010 : sent [LCP EchoReq id=0x0 magic=0x29532057]
    Tue Oct 19 09:40:19 2010 : sent [CHAP Challenge id=0x58 <616c0b10285811095f05774d150d5616>, name = "intelxserve.ivy-group.co.uk"]
    Tue Oct 19 09:40:19 2010 : rcvd [LCP EchoReq id=0x0 magic=0x78cfe493]
    Tue Oct 19 09:40:19 2010 : sent [LCP EchoRep id=0x0 magic=0x29532057]
    Tue Oct 19 09:40:19 2010 : rcvd [LCP EchoRep id=0x0 magic=0x78cfe493]
    Tue Oct 19 09:40:19 2010 : rcvd [CHAP Response id=0x58 <b6b12cb9ab533753fa63e5f4a107c8340000000000000000ba38318ff1cc7e702568a359d2286eab7925a674f64dd5d900>, name = "darrensenadhira"]
    Tue Oct 19 09:40:19 2010 : DSAuth plugin: Could not retrieve key agent account information.
    Tue Oct 19 09:40:19 2010 : sent [CHAP Success id=0x58 "S=597DA8CA5FD74225912FDB2348349BDE4357F2C7 M=Access granted"]
    Tue Oct 19 09:40:19 2010 : CHAP peer authentication succeeded for darrensenadhira
    Tue Oct 19 09:40:19 2010 : MPPE required, but keys are not available. Possible plugin problem?
    Tue Oct 19 09:40:19 2010 : sent [LCP TermReq id=0x2 "MPPE required but not available"]
    Tue Oct 19 09:40:19 2010 : Connection terminated.
    Tue Oct 19 09:40:19 2010 : Connect time 0.0 minutes.
    Tue Oct 19 09:40:19 2010 : Sent 0 bytes, received 0 bytes.
    Tue Oct 19 09:40:19 2010 : PPTP disconnecting...
    Tue Oct 19 09:40:19 2010 : PPTP disconnected
    2010-10-19 09:40:19 BST --> Client with address = 192.168.1.64 has hungup
     
  11. Alrescha macrumors 68020

    Joined:
    Jan 1, 2008
    #11
    I've never seen this problem personally, but you might want to google "vpnaddkeyagentuser" and/or read the man page for it.

    A.
     
  12. nepamac macrumors newbie

    Joined:
    Sep 11, 2010
    #12
    Darren,

    I am having the same issue. The admin account works just fine, but the user accounts will not work. I am assuming that you have a similar setup as what we have in that one server is your OD Master and your VPN server is a secondary server that is bound to it. I get the identical message in the server logs and the same error message when I try to connect with an LDAP account. Have you resolved this issue?
     

Share This Page