‽
|
10.5, PPTP (not L2TP/IPSec).
I have verbose logging on, so here's the log of a session that supposedly fails at authentication: Code:
Sat Jan 12 21:26:06 2008 : PPTP connecting to server [..]
Sat Jan 12 21:26:07 2008 : PPTP connection established.
Sat Jan 12 21:26:07 2008 : using link 0
Sat Jan 12 21:26:07 2008 : Using interface ppp0
Sat Jan 12 21:26:07 2008 : Connect: ppp0 <--> socket[34:17]
Sat Jan 12 21:26:07 2008 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x353d85fb> <pcomp> <accomp>]
Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0x61122bde> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint 13 17 01 ae d9 02 c1 91 94 4d 63 a8 0c e0 be f5 69 5c 55 00 00 00 00> < 17 04 00 0e>]
Sat Jan 12 21:26:07 2008 : lcp_reqci: rcvd unknown option 13
Sat Jan 12 21:26:07 2008 : lcp_reqci: rcvd unknown option 23
Sat Jan 12 21:26:07 2008 : lcp_reqci: returning CONFREJ.
Sat Jan 12 21:26:07 2008 : sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614> < 17 04 00 0e>]
Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x353d85fb> <pcomp> <accomp>]
Sat Jan 12 21:26:07 2008 : rcvd [LCP ConfReq id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x61122bde> <pcomp> <accomp> <endpoint 13 17 01 ae d9 02 c1 91 94 4d 63 a8 0c e0 be f5 69 5c 55 00 00 00 00>]
Sat Jan 12 21:26:07 2008 : lcp_reqci: returning CONFACK.
Sat Jan 12 21:26:07 2008 : sent [LCP ConfAck id=0x1 <mru 1400> <auth chap MS-v2> <magic 0x61122bde> <pcomp> <accomp> <endpoint 13 17 01 ae d9 02 c1 91 94 4d 63 a8 0c e0 be f5 69 5c 55 00 00 00 00>]
Sat Jan 12 21:26:07 2008 : sent [LCP EchoReq id=0x0 magic=0x353d85fb]
Sat Jan 12 21:26:07 2008 : rcvd [CHAP Challenge id=0x0 <805ffcb88a699a213f7b918b3511a2e5>, name = "FIREWALL"]
Sat Jan 12 21:26:07 2008 : sent [CHAP Response id=0x0 <f90b7cf154829c41faa860bf81325bcf0000000000000000fd64a5581250f44846b8310709f4634c22d91ffec8e3642500>, name = "S\37777777703\37777777666ren"]
Sat Jan 12 21:26:07 2008 : rcvd [LCP EchoRep id=0x0 magic=0x61122bde]
Sat Jan 12 21:26:08 2008 : rcvd [CHAP Failure id=0x0 "E=691 R=1 C=EFBEDD81C41AC69CBC390B36E2342534 V=3"]
Sat Jan 12 21:26:08 2008 : MS-CHAP authentication failed: E=691 Authentication failure
Sat Jan 12 21:26:09 2008 : rcvd [CHAP Failure id=0x0 "E=691 R=1 C=EFBEDD81C41AC69CBC390B36E2342534 V=3"]
Sat Jan 12 21:26:09 2008 : MS-CHAP authentication failed: E=691 Authentication failure
Sat Jan 12 21:26:11 2008 : rcvd [CHAP Failure id=0x0 "E=691 R=1 C=EFBEDD81C41AC69CBC390B36E2342534 V=3"]
Sat Jan 12 21:26:11 2008 : MS-CHAP authentication failed: E=691 Authentication failure
Sat Jan 12 21:26:12 2008 : sent [CHAP Response id=0x1 <15583d346d73fedac7c1473afb2feab80000000000000000644a8c1097688284a6ef02ff66f673c3d6c82e62397508dc00>, name = "S\37777777703\37777777666ren"]
Sat Jan 12 21:26:12 2008 : rcvd [CHAP Failure id=0x1 "E=691 R=1 C=E1B89E3BC154B8FB4F401356DFECC0BD V=3"]
Sat Jan 12 21:26:12 2008 : MS-CHAP authentication failed: E=691 Authentication failure
Sat Jan 12 21:26:13 2008 : sent [LCP TermReq id=0x2 "User cancelled authentication"]
Sat Jan 12 21:26:13 2008 : rcvd [LCP TermAck id=0x2 "User cancelled authentication"]
Sat Jan 12 21:26:13 2008 : Connection terminated.
Sat Jan 12 21:26:13 2008 : PPTP disconnecting...
Sat Jan 12 21:26:13 2008 : PPTP disconnected Points of interest:
I cannot force MS-CHAPv2 because I cannot edit pppd's options: Leopard passes those directly using launchd with some weird undocumented trick. Now, it would be nice if I got this to work on Leopard, but not prudent. It does work in Windows. But! Windows's VPN client doesn't appear to have an on-demand feature. I don't mind connecting to the VPN once a day, but I do mind having to reconnect every now and then because it lost its connection, and I certainly get aggravated when Outlook and Visual SourceSafe and IDontCareWhatElse tell me they can't connect. As I understand it, OS X's VPN client has an on-demand feature where you define a domain (say, applenova.com) and then whenever a connection attempt is made by any app to something.applenova.com, the VPN connection gets opened automatically. So, does anyone know a third-party app that accomplishes just that in Windows, so I can have some peace & quiet? |
quote |
http://ga.rgoyle.com
Join Date: May 2004
Location: In your dock hiding behind your finder icon!
|
I connect to a windows VPN fine! Have you checked the settings on your sever I think there is an encrypted password option somewhere....
Hang on, I'll see if I can dig it out... Quote:
OK, I have given up keeping this sig up to date. Lets just say I'm the guy that installs every latest version as soon as its available! |
|
quote |
Member
Join Date: Feb 2005
Location: Devonshire - nearly twinned with Narnia
|
Quote:
If you have access to a Windows Server version on the remote side of the VPN, then just install RRAS and setup a static route to the IP range you need. Last edited by mattf : 2008-01-13 at 06:20. Reason: Edited for clarity |
|
quote |
‽
|
I'd rather leave the server-side settings alone so I don't break things for the coworkers. As far as I'm concerned, this is an OS X problem, and it's OS X's job to fix it, since it works fine in Windows.
|
quote |
‽
|
Quote:
|
|
quote |
Member
Join Date: Feb 2005
Location: Devonshire - nearly twinned with Narnia
|
Ah, yes, that is a pain in the arse. Feasibly, you could run their vpndial.bat as a standalone executable, rather than installing it as a service - only employing it when you're at home?
|
quote |
‽
|
|
quote |
http://ga.rgoyle.com
Join Date: May 2004
Location: In your dock hiding behind your finder icon!
|
Quote:
It's a setting that is incompatible with the VPN client in OS X. Indeed, future versions of the VPN client might support digitally signed connections but what difference does it make? the link is still encrypted. I have made the change on our server and it has had no side effects. OK, I have given up keeping this sig up to date. Lets just say I'm the guy that installs every latest version as soon as its available! |
|
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Direct X now for Macintosh | bazzler | Third-Party Products | 27 | 2006-10-29 14:29 |
How do you say "OS X"? | intlplby | General Discussion | 145 | 2006-07-28 21:27 |
Windows Activation Hell | pmazer | General Discussion | 7 | 2006-05-16 11:29 |
Sharing internet from Windows to Mac | Dorian Gray | Genius Bar | 6 | 2005-11-08 16:14 |
Windows File Sharing works...a little too well | ar1550 | Apple Products | 23 | 2005-02-18 17:05 |