Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4275
  • Last Modified:

Connect to Linksys RV082 VPN from MAC OS X Lion 10.7.2

Hi,

We have 2 offices that are tunneled together with 2 Linksys RV082 VPN routers using Gateway-to-Gateway and we need to allow MAC users to VPN when out of the office. One of the RV082 has a PPTP server enabled and Windows users can VPN just fine using the built in VPN in Windows. However MAC users can not establish VPN using the built in PPTP VPN. The error that they get is "A connection could not be established to the PPP server".
I tried enabling RRAS on Windows 2003 server, disable PPTP server on the Linksys RV082 VPN router and forward PPTP/LT2P traffic to the server. Again Windows users can VPN  just fine with their AD credentials but MAC users are still not able to.
I also tried using VPN tracker 6.3 and configure it with the manual in the link below without any luck.

http://www.equinux.com/cms_components/us/products/vpntracker/media/files/HowTo_Linksys_RV042.pdf

For testing purposes, I did set up a similar VPN router to the RV082, Linksys RV042 and configure it from scratch on a seperate network and different Public IP and tried using the methods I mentioned above but still couldn't get the VPN to connect for MAC users. I also configured the RV042 as the VPNTracker manual suggest. I have attached screenshots from the VPNTracker configuration.  
Please advice. Any help will be greatly appreciated. Thanks.



LinksysRV042.jpg
VPNTracker.jpg
VPNTracker-log.txt
0
smccurnin
Asked:
smccurnin
  • 6
  • 4
  • 2
  • +1
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
The first picture (RV042) is for an IPsec Setup (not PPTP). The second picture only shows the basics and none of the comparable settings in picture 1. I also do not see the external IP. Generally, the settings you showed should work (given an internet with static IP's in the middle). I never use PFS and uncheck that setting.

So you need to match the IPsec settings you should in the MAC application. .... Thinkpads_User
0
 
Rob WilliamsCommented:
On the RV042/82, assuming you have fairly recent firmware (last 2 years), under the VPN section there is another tab PPTP VPN which disaplays a completly different set of options and has a very simple configuration. Basicaly you enable and create a username and password. It is however limited to 5 simultneous connections. The page you are displaying as thinkpads_user said is not for PPTP VPN configuration.
0
 
donciakasCommented:
For windows, both linksys rv042 and rv082 routers have quickVPN utilities, however for Mac OS there is no such application. The best way to connect to VPN to one of this type of routers is to use PPTP VPN configuration on You RV082, and a dial-up PPTP connection on  MacOS.
To configure PPTP server on RV042 or RV082 on Menu go to VPN, select PPTP Server

Check the box to enable PPTP VPN server.  Fill out the IP range You want to give to connected clients and of course add up to 5 users which could connect through this connection.

P.S. RobWill: the firmware version depends on hardware version. Also the newest version for RV082 or RV042 is not the best choice, while there are many bugs left.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
smccurninAuthor Commented:
Hi all,

Thanks for all your replies. If you see my second sentence says thay i
I have enabled PPTP server on the RV082, created users and test but mac users were still not able to stablish VPN connection. The error that i get is "A connection could not be established to the PPP server". However from Windows PC i can establish VPN without any problems.
Then I decides to try different solution using the Vpntracker app and the first picture that i have attached is for the the IPsec settings required by the app.
I will see if there is a newer firware version and let you know.
0
 
John HurstBusiness Consultant (Owner)Commented:
Good. However, as I noted, we cannot see here that you have matched the MAC settings with the RV042. Make sure you have matched the phases, and make sure you have static IP's at both ends of the connection. I think these must be external.

Once you have matched everything, turn on logging to see if you can determine what is stopping the connection.

... Thinkpads_User
0
 
smccurninAuthor Commented:

Thinkpads,

Can you be more specific on what MAC settings to match with the RV042? Do you mean the VPN tracker app settings or the built in PPTP settings on the MAC? And yes, I am using static external IP's on both ends of the connection. Both IPs are Public provided by ISP.
VPN verbose logging is enabled too but I can't locate the ppp.log file on the mac.
0
 
smccurninAuthor Commented:
I have located the ppp.log file and attached it. Please advice. Thanks
ppp.log
0
 
Rob WilliamsCommented:
Looks to me like your MAC client is trying to connect using MS Chap v2 and the Linksys does not support that. Does the VPN client have the option to lower to MS Chap, or even Chap?


@ donciakas Early versions of the RV042 for example did not have the PPTP option. Later firmware added it. Newer units come with it.
0
 
John HurstBusiness Consultant (Owner)Commented:
Yes to the above.

Now if you want to try IPsec then (a) in general it works really well and I use it, (b) I do not if the MAC client supports it.

If you want to try, I write down all the parameters (there are a lot and it takes about a page) and then make a column for the RV042 and one for the MAC and match them off. I do this in Word and keep the documents for reference on my Thinkpad. ..... Thinkpads_User
0
 
smccurninAuthor Commented:

Hi Rob,

Unfortunately, I don't see an option to lower to MS Chap or CHap on the PPTP VPN client on the MAC. To bypass the Linksys I enabled Routing and Remote Access on Windows server which supports all 3 MS Chap versions and attempted to establish VPN connection from the MAC. This is the log from it:

Wed Oct 19 12:25:19 2011 : PPTP connecting to server '98.140.60.9' (98.140.60.9)...
Wed Oct 19 12:26:09 2011 : PPTP error when reading header for start_control_connection_reply : Connection reset by peer
Wed Oct 19 12:27:08 2011 : PPTP connecting to server '98.140.60.9' (98.140.60.9)...
Wed Oct 19 12:27:30 2011 : PPTP error when reading header for start_control_connection_reply : Connection reset by peer
Wed Oct 19 12:31:07 2011 : PPTP connecting to server '98.140.60.9' (98.140.60.9)...
Wed Oct 19 12:31:43 2011 : PPTP error when reading header for start_control_connection_reply : Connection reset by peer
Wed Oct 19 12:34:18 2011 : PPTP connecting to server '98.140.60.9' (98.140.60.9)...
Wed Oct 19 14:08:15 2011 : PPTP connecting to server '98.140.60.9' (98.140.60.9)...
Wed Oct 19 14:31:53 2011 : PPTP connecting to server '98.140.60.9' (98.140.60.9)...
Wed Oct 19 14:32:53 2011 : PPTP didn't get outgoing_call_reply (got message : 1280)
Wed Oct 19 14:43:47 2011 : PPTP connecting to server '98.140.60.9' (98.140.60.9)...
Wed Oct 19 14:44:30 2011 : PPTP error when reading header for start_control_connection_reply : Connection reset by peer
Wed Oct 19 15:04:37 2011 : PPTP connecting to server '98.140.60.9' (98.140.60.9)...
Wed Oct 19 15:05:06 2011 : PPTP error when reading header for start_control_connection_reply : Connection reset by peer
Wed Oct 19 16:17:59 2011 : PPTP connecting to server '98.140.60.9' (98.140.60.9)...
Wed Oct 19 16:18:36 2011 : PPTP error when reading header for start_control_connection_reply : Connection reset by peer
Wed Oct 19 16:18:44 2011 : PPTP connecting to server '74.94.213.189' (74.94.213.189)...
Wed Oct 19 16:18:44 2011 : PPTP connection established.
Wed Oct 19 16:18:44 2011 : PPTP set port-mapping for en0, interface: 4, protocol: 0, privatePort: 0
Wed Oct 19 16:18:44 2011 : using link 0
Wed Oct 19 16:18:44 2011 : Using interface ppp0
Wed Oct 19 16:18:44 2011 : Connect: ppp0 <--> socket[34:17]
Wed Oct 19 16:18:44 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3c29e3e8> <pcomp> <accomp>]
Wed Oct 19 16:18:44 2011 : PPTP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 628c3c26, Public Port: 0, TTL: 0.
Wed Oct 19 16:18:44 2011 : PPTP port-mapping update for en0 indicates no NAT. Public Address: 628c3c26, Protocol: None, Private Port: 0, Public Port: 0
Wed Oct 19 16:18:44 2011 : PPTP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
Wed Oct 19 16:18:44 2011 : PPTP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 628c3c26
Wed Oct 19 16:18:44 2011 : PPTP port-mapping for en0 fully initialized. Flagging up
Wed Oct 19 16:18:47 2011 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x3336861d> <pcomp> <accomp>]
Wed Oct 19 16:18:47 2011 : lcp_reqci: returning CONFACK.
Wed Oct 19 16:18:47 2011 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x3336861d> <pcomp> <accomp>]
Wed Oct 19 16:18:47 2011 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x3c29e3e8> <pcomp> <accomp>]
Wed Oct 19 16:18:47 2011 : sent [LCP EchoReq id=0x0 magic=0x3c29e3e8]
Wed Oct 19 16:18:47 2011 : rcvd [LCP EchoReq id=0x0 magic=0x3336861d]
Wed Oct 19 16:18:47 2011 : sent [LCP EchoRep id=0x0 magic=0x3c29e3e8]
Wed Oct 19 16:18:47 2011 : rcvd [CHAP Challenge id=0xdc <2e5d4566e9f768e175460811b199bee0>, name = "pptpd"]
Wed Oct 19 16:18:47 2011 : sent [CHAP Response id=0xdc <ec9438c9a525aff4f3fe9d03b8da7de60000000000000000bde9c656757f5826e16bafd1b0e8eca3bb64625cb9564d2b00>, name = "PAT"]
Wed Oct 19 16:18:47 2011 : rcvd [LCP EchoRep id=0x0 magic=0x3336861d]
Wed Oct 19 16:18:47 2011 : rcvd [CHAP Failure id=0xdc "E=691 R=1 C=2e5d4566e9f768e175460811b199bee0 V=0 M=Access denied"]
Wed Oct 19 16:18:47 2011 : MS-CHAP authentication failed: Access denied
Wed Oct 19 16:18:47 2011 : rcvd [LCP TermReq id=0x2 "Authentication failed"]
Wed Oct 19 16:18:47 2011 : LCP terminated by peer (Authentication failed)
Wed Oct 19 16:18:47 2011 : sent [LCP TermAck id=0x2]
Wed Oct 19 16:18:47 2011 : rcvd [LCP ConfReq id=0x3 <asyncmap 0x0> <auth chap MS-v2> <magic 0x9d03d526> <pcomp> <accomp>]
Wed Oct 19 16:18:50 2011 : Connection terminated.
0
 
smccurninAuthor Commented:
Thinkpads,

I did follow your directions and matched all parameters for the RV042 and the MAC VPntracker app and I got it to work. I changed a parameter in the advanced setting on the VPN tracker. In the Phase 1 I had to change the Diffie Hellman key exchange group from group 2(1024bit) to group 1 (768bit). See the screenshot. Thank you so much for your help.  We have like more than 5 MAC users so now we have to decide if we really want to spend over a hundred $ for this app for each license or go with a higher end Firewall device from Cisco that we know it works for sure MAC built in Cisco VPN.  
0
 
smccurninAuthor Commented:

Sorry, forgot to attach the screenshot

VPN-tracker-phase1.jpg
0
 
John HurstBusiness Consultant (Owner)Commented:
I use Juniper Netscreen and I do have to spend about $100 per client for a bomb-proof client (NCP Secure Entry). If your Cisco Vendor can assure that their MAC client will work, upgrading to Cisco may be a good idea. You can also look at Juniper to see what they have as an included client. NCP Secure Entry is available for Windows and MAC, but it is pricey.

I am pleased you got it working. Thank you. ... Thinkpads_User
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 6
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now