VPN - PPTP Broken

Discussion in 'Mac OS X 10.3 (Panther) Discussion' started by ontheverge, Oct 26, 2003.

  ontheverge

    Oct 26, 2003
    Victoria, BC
    I can no longer connect to the VPN at my school. Internet connect gives:

    And the console reports:

    It worked fine under Jaguar, but under Panther it fails.
  abel

    Oct 27, 2003
    I have the same problem. MX stream from KPN, Dutch Telecom uses VPN to connect to the server with an ADSL connection. The communication with the speedtouch modem works fine but VPN can't connect.

    The Network log:
    PPTP connecting to server '' (
    PPTP connection established.
    Using interface ppp0
    Connect: ppp0 <--> socket[34:17]

    and in the consol.log:
    SystemUIServer[219] Error: Unable to get extended status.

    Time for OS X 10.3.1?
  tomf87


    Sep 10, 2003
    Mine works fine but I did a fresh install and not an upgrade.

    Go into System Preferences and Network. Open Network Port Configurations and delete all instances of VPN. Now launch Internet Connect and recreate it.

    It seems that the VPN now supports L2TP and PPTP, so there may be confusion there.
  abel

    Oct 27, 2003
    I've done a fresh install and it's a VPN (PPTP) connections.
  ontheverge

    Oct 26, 2003
    Victoria, BC
    Apple support

    I found an Apple support article regarding VPN connections in 10.3:


    In essence, you can edit the /Library/Preferences/SystemConfiguration/preferences.plist file to match your ISP requirements.

    I set CCPEnabled to 0 and was able to get by the MPPE error and connect, but a few seconds later I get the error:

    LCP terminated by peer

    I played with some of the other settings and I still cannot connect.
  abel

    Oct 27, 2003
    Great link!!!
    It worked for me.
    I'll mail it to the "helpdesk". It seems that a lot of Mac users using MX Stream are in for some stress with this setting enabled.

    Maybe the LCP thing is not related to VPN(PPTP) problems?
  asmdsr

    Jan 14, 2004
    I am having problems with pptp in panther too. Originally I was getting the ppp error, then when I tried the solution in the link above i get

    "The connection was terminated by the communication device. Please verify your settings and try again."

    Is anybody else still having problems? I think ppp may be broken in panther. I'm going to poke around. Anybody else with these issues please post here.

  advocate

    Jan 16, 2004
    Apple's pppd in Jaguar supports MPPC (MPPE Compression), but the one in Panther does not. (Don't be confused by this: MPPE is negotiated as a PPP compression mode, but it's not the same thing as MPPC. You want MPPE for encryption, you don't want MPPC if you want it to work with Panther.)

    My guess is that Apple hit some legal problems with their MPPC code as the compression algorithm is patented by Stac Electronics, the people who sued Microsoft some time ago for the same sort of reason.

    This was real time waster to diagnose as the change isn't documented anywhere that I can see. Okay, I can understand that they had to remove it, but why not make it a little easier to find out why Jaguar's PPTP VPN works and Panther's doesn't by posting a Tech Note or similar? It took hours and hours over well over a month to gather enough evidence, from crawling through protocol specification documents and packet dumps, to convince our Network Engineering department of what needed to be done to work around this problem.

    Fortunately the solution is simple: disable MPPC. We made that one change on the Nortel Contivity switch that we use as a VPN server and now PPTP VPN in Panther can connect to it perfectly.
  asmdsr

    Jan 14, 2004

    I managed to patch pppd and rebuild it, and now PPTP works in panther!

    I don't know the exact details, but it seems that in my case it was 40-bit MPPE that pppd was choking on. By all acounts, 128-bit MPPE is functional in pppd, but I didn't have the access to reconfigure the VPN server.

    Anyway, I found a patch on a mailing list for linux, and with a little mangling managed to apply it to Darwin's pppd.

    If anyone needs the patch email me at tim_hollingsworth(no spam)@lasata.com.au
  matsya

    Jan 21, 2004
    How do you disable MPPC?

    Really relieved to find this thread - i've been going NUTS over this, and my ISP and the helpdesks here have no idea what's going on. they're running Jaguar, still.

  macbeginner

    Nov 20, 2003
    Hungerford, England
    Could not negotiate...etc


    All sounds very technical! I don't have a VPN connection but I am receiving the same error message "could not negotiate a to the PPP server and the right hand green light on my alcatel USB speedtouch modem is flashing all the time. Have the latest drivers and have re-installed software.

    Various feedback from other threads say get rid and buy an ethernet modem, could someone name me one??
    Have seen lots of bad things written about the speedtouch modem and OS X compatibility and BT don't have a clue!

    Could it be I have not configured PPoE?
    My Panther is an upgrade, but has worked before at another address.

    I'm tempted to buy another modem but want advice on what to buy and guarantee to work.

    Would be glad of any assistance.

    Yours despairingly

    Mark:( :(
  advocate

    Jan 16, 2004
    That depends on what the VPN server is. In most cases it should just be a configuration option somewhere.

    asmdsr: There's nothing wrong with MPPE. It's MPPE Compression (MPPC) that's not supported by Panther's pppd. (This is the same communication problem I had when dealing with our Network Engineering department.) If you're sure you had a key size problem, then you might be talking about a completely different issue from mine.
  Wes_Zuber

    Jul 14, 2004
    PPTP Fix for Panther

    The Content on this link http://docs.info.apple.com/article.html?artnum=107706 has changed since I last looked at it.

    Here is what we did to fix our client.

    Edit the file /Library/Preferences/SystemConfiguration/preferences.plist

    look for <key>CCPEnabled</key>

    Change the 1 to a zero.. so it should look like this


    Reboot (I don't know what to HUP or reset so this is the lazy way)

    This worked for us.


