10.5, PPTP (not L2TP/IPSec).
I have verbose logging on, so here's the log of a session that supposedly fails at authentication:
Code:
Sat Jan 12 21:26:06 2008 : PPTP connecting to server [..]
Sat Jan 12 21:26:07 2008 : PPTP connection established.
Sat Jan 12 21:26:07 2008 : using link 0
Sat Jan 12 21:26:07 2008 : Using interface ppp0
Sat Jan 12 21:26:07 2008 : Connect: ppp0 <--> socket[34:17]
Sat Jan 12 21:26:07 2008 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x353d85fb> <pcomp> <accomp>]
Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0x61122bde> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint 13 17 01 ae d9 02 c1 91 94 4d 63 a8 0c e0 be f5 69 5c 55 00 00 00 00> < 17 04 00 0e>]
Sat Jan 12 21:26:07 2008 : lcp_reqci: rcvd unknown option 13
Sat Jan 12 21:26:07 2008 : lcp_reqci: rcvd unknown option 23
Sat Jan 12 21:26:07 2008 : lcp_reqci: returning CONFREJ.
Sat Jan 12 21:26:07 2008 : sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 0e>]
Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x353d85fb> <pcomp> <accomp>]
Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x61122bde> <pcomp> <accomp> <endpoint 13 17 01 ae d9 02 c1 91 94 4d 63 a8 0c e0 be f5 69 5c 55 00 00 00 00>]
Sat Jan 12 21:26:07 2008 : lcp_reqci: returning CONFACK.
Sat Jan 12 21:26:07 2008 : sent [LCP ConfAck id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x61122bde> <pcomp> <accomp> <endpoint 13 17 01 ae d9 02 c1 91 94 4d 63 a8 0c e0 be f5 69 5c 55 00 00 00 00>]
Sat Jan 12 21:26:07 2008 : sent [LCP EchoReq id=0x0 magic=0x353d85fb]
Sat Jan 12 21:26:07 2008 : rcvd [CHAP Challenge id=0x0 <805ffcb88a699a213f7b918b3511a2e5>, name = "FIREWALL"]
Sat Jan 12 21:26:07 2008 : sent [CHAP Response id=0x0 <f90b7cf154829c41faa860bf81325bcf0000000000000000fd64a5581250f44846b8310709f4634c22d91ffec8e3642500>, name = "S\37777777703\37777777666ren"]
Sat Jan 12 21:26:07 2008 : rcvd [LCP EchoRep id=0x0 magic=0x61122bde]
Sat Jan 12 21:26:08 2008 : rcvd [CHAP Failure id=0x0 "E=691 R=1 C=EFBEDD81C41AC69CBC390B36E2342534 V=3"]
Sat Jan 12 21:26:08 2008 : MS-CHAP authentication failed: E=691 Authentication failure
Sat Jan 12 21:26:09 2008 : rcvd [CHAP Failure id=0x0 "E=691 R=1 C=EFBEDD81C41AC69CBC390B36E2342534 V=3"]
Sat Jan 12 21:26:09 2008 : MS-CHAP authentication failed: E=691 Authentication failure
Sat Jan 12 21:26:11 2008 : rcvd [CHAP Failure id=0x0 "E=691 R=1 C=EFBEDD81C41AC69CBC390B36E2342534 V=3"]
Sat Jan 12 21:26:11 2008 : MS-CHAP authentication failed: E=691 Authentication failure
Sat Jan 12 21:26:12 2008 : sent [CHAP Response id=0x1 <15583d346d73fedac7c1473afb2feab80000000000000000644a8c1097688284a6ef02ff66f673c3d6c82e62397508dc00>, name = "S\37777777703\37777777666ren"]
Sat Jan 12 21:26:12 2008 : rcvd [CHAP Failure id=0x1 "E=691 R=1 C=E1B89E3BC154B8FB4F401356DFECC0BD V=3"]
Sat Jan 12 21:26:12 2008 : MS-CHAP authentication failed: E=691 Authentication failure
Sat Jan 12 21:26:13 2008 : sent [LCP TermReq id=0x2 "User cancelled authentication"]
Sat Jan 12 21:26:13 2008 : rcvd [LCP TermAck id=0x2 "User cancelled authentication"]
Sat Jan 12 21:26:13 2008 : Connection terminated.
Sat Jan 12 21:26:13 2008 : PPTP disconnecting...
Sat Jan 12 21:26:13 2008 : PPTP disconnected
Points of interest:
I cannot force MS-CHAPv2 because I cannot edit pppd's options: Leopard passes those directly using launchd with some weird undocumented trick.
Now, it would be nice if I got this to work on Leopard, but not prudent. It
does work in Windows. But! Windows's VPN client doesn't appear to have an on-demand feature. I don't mind connecting to the VPN once a day, but I do mind having to reconnect every now and then because it lost its connection, and I certainly get aggravated when Outlook and Visual SourceSafe and IDontCareWhatElse tell me they can't connect. As I understand it, OS X's VPN client has an on-demand feature where you define a domain (say, applenova.com) and then whenever a connection attempt is made by any app to something.applenova.com, the VPN connection gets opened automatically.
So, does anyone know a third-party app that accomplishes just that in Windows, so I can have some peace & quiet?