Thread: Can't connect to VPN; works from Windows
View Single Post
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2008-01-12, 15:39
10.5, PPTP (not L2TP/IPSec).

I have verbose logging on, so here's the log of a session that supposedly fails at authentication:
Code:
Sat Jan 12 21:26:06 2008 : PPTP connecting to server [..] Sat Jan 12 21:26:07 2008 : PPTP connection established. Sat Jan 12 21:26:07 2008 : using link 0 Sat Jan 12 21:26:07 2008 : Using interface ppp0 Sat Jan 12 21:26:07 2008 : Connect: ppp0 <--> socket[34:17] Sat Jan 12 21:26:07 2008 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x353d85fb> <pcomp> <accomp>] Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0x61122bde> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint 13 17 01 ae d9 02 c1 91 94 4d 63 a8 0c e0 be f5 69 5c 55 00 00 00 00> < 17 04 00 0e>] Sat Jan 12 21:26:07 2008 : lcp_reqci: rcvd unknown option 13 Sat Jan 12 21:26:07 2008 : lcp_reqci: rcvd unknown option 23 Sat Jan 12 21:26:07 2008 : lcp_reqci: returning CONFREJ. Sat Jan 12 21:26:07 2008 : sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 0e>] Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x353d85fb> <pcomp> <accomp>] Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x61122bde> <pcomp> <accomp> <endpoint 13 17 01 ae d9 02 c1 91 94 4d 63 a8 0c e0 be f5 69 5c 55 00 00 00 00>] Sat Jan 12 21:26:07 2008 : lcp_reqci: returning CONFACK. Sat Jan 12 21:26:07 2008 : sent [LCP ConfAck id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x61122bde> <pcomp> <accomp> <endpoint 13 17 01 ae d9 02 c1 91 94 4d 63 a8 0c e0 be f5 69 5c 55 00 00 00 00>] Sat Jan 12 21:26:07 2008 : sent [LCP EchoReq id=0x0 magic=0x353d85fb] Sat Jan 12 21:26:07 2008 : rcvd [CHAP Challenge id=0x0 <805ffcb88a699a213f7b918b3511a2e5>, name = "FIREWALL"] Sat Jan 12 21:26:07 2008 : sent [CHAP Response id=0x0 <f90b7cf154829c41faa860bf81325bcf0000000000000000fd64a5581250f44846b8310709f4634c22d91ffec8e3642500>, name = "S\37777777703\37777777666ren"] Sat Jan 12 21:26:07 2008 : rcvd [LCP EchoRep id=0x0 magic=0x61122bde] Sat Jan 12 21:26:08 2008 : rcvd [CHAP Failure id=0x0 "E=691 R=1 C=EFBEDD81C41AC69CBC390B36E2342534 V=3"] Sat Jan 12 21:26:08 2008 : MS-CHAP authentication failed: E=691 Authentication failure Sat Jan 12 21:26:09 2008 : rcvd [CHAP Failure id=0x0 "E=691 R=1 C=EFBEDD81C41AC69CBC390B36E2342534 V=3"] Sat Jan 12 21:26:09 2008 : MS-CHAP authentication failed: E=691 Authentication failure Sat Jan 12 21:26:11 2008 : rcvd [CHAP Failure id=0x0 "E=691 R=1 C=EFBEDD81C41AC69CBC390B36E2342534 V=3"] Sat Jan 12 21:26:11 2008 : MS-CHAP authentication failed: E=691 Authentication failure Sat Jan 12 21:26:12 2008 : sent [CHAP Response id=0x1 <15583d346d73fedac7c1473afb2feab80000000000000000644a8c1097688284a6ef02ff66f673c3d6c82e62397508dc00>, name = "S\37777777703\37777777666ren"] Sat Jan 12 21:26:12 2008 : rcvd [CHAP Failure id=0x1 "E=691 R=1 C=E1B89E3BC154B8FB4F401356DFECC0BD V=3"] Sat Jan 12 21:26:12 2008 : MS-CHAP authentication failed: E=691 Authentication failure Sat Jan 12 21:26:13 2008 : sent [LCP TermReq id=0x2 "User cancelled authentication"] Sat Jan 12 21:26:13 2008 : rcvd [LCP TermAck id=0x2 "User cancelled authentication"] Sat Jan 12 21:26:13 2008 : Connection terminated. Sat Jan 12 21:26:13 2008 : PPTP disconnecting... Sat Jan 12 21:26:13 2008 : PPTP disconnected
Points of interest:
  • My account name is Sören (with the umlaut), so that might be throwing it off. The verbose logging says it's escaping this as "S\37777777703\37777777666ren", which may very well be completely wrong (but how am I to know?).
  • Authentication is supposed to be MS-CHAPv2. In the log, this does appear:
    Code:
    Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2>
    However, pppd then tries MS-CHAP (v1?):
    Code:
    Sat Jan 12 21:26:08 2008 : MS-CHAP authentication failed: E=691 Authentication failure
  • Some info on the Web claims Leopard enforces MPPE encryption. The server may not support this properly.

I cannot force MS-CHAPv2 because I cannot edit pppd's options: Leopard passes those directly using launchd with some weird undocumented trick.

Now, it would be nice if I got this to work on Leopard, but not prudent. It does work in Windows. But! Windows's VPN client doesn't appear to have an on-demand feature. I don't mind connecting to the VPN once a day, but I do mind having to reconnect every now and then because it lost its connection, and I certainly get aggravated when Outlook and Visual SourceSafe and IDontCareWhatElse tell me they can't connect. As I understand it, OS X's VPN client has an on-demand feature where you define a domain (say, applenova.com) and then whenever a connection attempt is made by any app to something.applenova.com, the VPN connection gets opened automatically.

So, does anyone know a third-party app that accomplishes just that in Windows, so I can have some peace & quiet?
  quote